lxd

  1. Bug #2046486
  2. Comment #2

Comment 2 for bug 2046486

Revision history for this message
Nick Rosbrook (enr0n) wrote : Re: units with SetCredential= fail in LXD containers

It seems that the apparmor_parser in core22 does not understand the nosymfollow mount option:

$ lxc config set systemd-lxc raw.apparmor "mount options=(ro,remount,bind,nosuid,noexec,nodev,nosymfollow) /dev/shm,"
Error: Parse AppArmor profile: Failed to run: apparmor_parser -QWL /var/snap/lxd/common/lxd/security/apparmor/cache /var/snap/lxd/common/lxd/security/apparmor/profiles/lxd-systemd-lxc: exit status 1 (unsupported mount options)

So, patching the generated AppArmor policy might not be feasible until the lxd snap uses core24.