Does Ubuntu 23.10 & its new "Restricted Unprivileged Namespace" implemenation impact LXD?

I recently installed Ubuntu 23.10 on one of my systems and LXD didn’t seem to work.

Checking I learned that Ubuntu 23.10 implements:

Ubuntu 23.10 Restricted Unprivileged User Namespaces

Does this new Restricted Unprivileged Namespace capability impact LXD Containers/VMs?

LXD 5.18 has some workarounds for this, and LXD 5.19 will have additional workarounds (released this week).

LXD 5.0.3 will also have the same workarounds as LXD 5.19, but at this time LXD 5.0.2 doesn’t work without manual intervention on Ubuntu 23.10:

echo "==> Enabling unprivileged containers kernel support"
echo 1 > /proc/sys/kernel/unprivileged_userns_clone

echo "==> Disabling Apparmor unprivileged userns mediation"
echo 0 > /proc/sys/kernel/apparmor_restrict_unprivileged_userns

echo "==> Disabling Apparmor unprivileged unconfined mediation"
echo 0 > /proc/sys/kernel/apparmor_restrict_unprivileged_unconfined

From the LXD snap:

We intend to work with the Canonical AppArmor team to figure out a way to avoid disabling these restrictions system wide when LXD starts in the future.

1 Like


Thanks so much for the answer. I know there were other’s seeing the problem also so this info will help.


1 Like

What ISO did you use to install the Mantic system?

We’ve been advised by @alexmurray that it is disabled by default in 23.10, so I’d be interested to know what systems you’re observing this enabled by default on.


I just downloaded the 23.10 iso from the Canonical Download page. Installed it onto a USB thumb drive, and used that to install onto the system?

Is this Desktop or Server ISO? Thanks

1 Like

Also can you provide more details like which kernel is being used etc? Thanks.

1 Like