I recently installed Ubuntu 23.10 on one of my systems and LXD didn’t seem to work.
Checking I learned that Ubuntu 23.10 implements:
Ubuntu 23.10 Restricted Unprivileged User Namespaces
Does this new Restricted Unprivileged Namespace capability impact LXD Containers/VMs?
LXD 5.18 has some workarounds for this, and LXD 5.19 will have additional workarounds (released this week).
LXD 5.0.3 will also have the same workarounds as LXD 5.19, but at this time LXD 5.0.2 doesn’t work without manual intervention on Ubuntu 23.10:
echo "==> Enabling unprivileged containers kernel support"
echo 1 > /proc/sys/kernel/unprivileged_userns_clone
echo "==> Disabling Apparmor unprivileged userns mediation"
echo 0 > /proc/sys/kernel/apparmor_restrict_unprivileged_userns
echo "==> Disabling Apparmor unprivileged unconfined mediation"
echo 0 > /proc/sys/kernel/apparmor_restrict_unprivileged_unconfined
From the LXD snap:
https://github.com/canonical/lxd-pkg-snap/blob/latest-edge/snapcraft/commands/daemon.start#L421-L441
We intend to work with the Canonical AppArmor team to figure out a way to avoid disabling these restrictions system wide when LXD starts in the future.
Tom
Thanks so much for the answer. I know there were other’s seeing the problem also so this info will help.
Brian
What ISO did you use to install the Mantic system?
We’ve been advised by @alexmurray that it is disabled by default in 23.10, so I’d be interested to know what systems you’re observing this enabled by default on.
Thanks
@tomp
I just downloaded the 23.10 iso from the Canonical Download page. Installed it onto a USB thumb drive, and used that to install onto the system?
Is this Desktop or Server ISO? Thanks
Also can you provide more details like which kernel is being used etc? Thanks.