Tom Parrott

Thanks @MggMuggins please can you rebase to fix the conflict?

Most likely related to https://github.com/canonical/lxd/issues/13810, we are still in the process of applying the necessary fixes to the LXD snap in order to get sufficient apparmor support. You can try...

> Also worth noting I am using the `security.nesting` workaround, and that I've tried lxc 4.0, 5.21, and 6.1 within the focal VM but all fail. So that would suggest...

But do please try latest/edge if you can and let us know if works.

Please could you see if there are any DENIED errors in journalctl on the host to see if apparmor is blocking something (using `latest/edge`), then we'll know if its the...

@waveform80 ah so no apparmor denials, I wonder if this is due to cgroupv1 in Focal, whereas systemd in Oracular probably requires cgroupv2.

I did some research into this and it works with Focal's HWE kernel and enabling cgroupv2 using: ``` systemd.unified_cgroup_hierarchy=1 ``` So that confirms its related to lack of cgroupv1 support...

I tried `lxc config set c1 raw.lxc="lxc.init.cmd = /sbin/init SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1"` and that didn't work either, although I can see systemd was started with that argument: ``` root@c1:~# ps aux USER...

So from what we know so far we need: * Kernel 5.15.0-117-generic onwards (to get cgroupv2 support) - the Focal HWE kernel from Jammy. * cgroupv2 support enabled via `systemd.unified_cgroup_hierarchy=1`...

Thanks for digging into it. Unless there is a specific request for it I think we can stick with the requirements described here: https://github.com/canonical/lxd/issues/13844#issuecomment-2268632337