create_container: workaround privileged container + newer systemd

Images with newer Systemd (e.g. Ubuntu Noble) doesn't work as a privileged container unless nesting is also enabled, so we have to enable it. This weakens the security, but since this is a development setup anyway, I reckon it's fine. See canonical/lxd#12967
ubports · Oct 31, 2024 · e31ca2f · e31ca2f
1 parent f6fff59
commit e31ca2f
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/crossbuilder b/crossbuilder
@@ -486,6 +486,11 @@ create_container () {
     lxc init $LXD_IMAGE $LXD_CONTAINER $EPHEMERAL_FLAG
     if [ -n "$ENCRYPTED_HOME" ] || [ -n "$FORCE_PRIVILEGED" ] ; then
         lxc config set $LXD_CONTAINER security.privileged true
+        # Workaround an issue with security.privileged + newer Systemd.
+        # This weakens the security, but since this is a development setup, it's
+        # probably fine.
+        # https://github.com/canonical/lxd/issues/12967
+        lxc config set $LXD_CONTAINER security.nesting true
     else
         if [ "$(lxc --version | cut -f1 -d. )" -ge "3" ]; then
             IDMAP="lxc.idmap"