"mount: /root/sysfs: cannot mount sysfs read-only." with LXD `5.21.2-22f93f4` from snap

This is essentially the same issue as the proc one but with sysfs instead. I apologize for not testing this sooner:

root@new-lxd:~# mount -tsysfs sysfs ~/sysfs
mount: /root/sysfs: cannot mount sysfs read-only.

dmesg:

[106935.993143] audit: type=1400 audit(1724863999.970:1277): apparmor="DENIED" operation="mount" class="mount" info="failed perms check" error=-13 profile="lxd-new-lxd_</var/snap/lxd/common/lxd>" name="/root/sysfs/" pid=151081 comm="mount" fstype="sysfs" srcname="sysfs"
[106935.993160] audit: type=1400 audit(1724863999.970:1278): apparmor="DENIED" operation="mount" class="mount" info="failed perms check" error=-13 profile="lxd-new-lxd_</var/snap/lxd/common/lxd>" name="/root/sysfs/" pid=151081 comm="mount" fstype="sysfs" srcname="sysfs" flags="ro"

… the context here for these issues is that we mount those filesystems for the overlays feature in Rockcraft; I can confirm that the other necessary mounts are still working.

1 Like

I’ve asked @amikhalitsyn to look at this too. Thanks

1 Like

Hey @tigarmo

do you need overlayfs too?

As a temporary workaround you can do lxc config set myct security.nesting=true.

1 Like

do you need overlayfs too?

No, we use fuse-overlayfs and that mount is still working. Thanks for the workaround!

the fix for this is in latest/edge now and we will backport to 5.21/stable and latest/stable

1 Like

Thanks! I can confirm that with latest/edge my mounting issues are gone.

1 Like

Fix for this is now in 5.21/candidate and latest/candidate.

1 Like

This is now progressively rolling out to latest/stable and 5.21/stable see