Hi,
I try to get Syncthing running in LXC on Debian Buster, but get a “Failed to set up mount namespacing: Permission denied” error.
On the LXC container (Debian 10 (Buster)):
$ dpkg -l ‘syncthing’ | grep ^ii
ii syncthing 1.3.1 amd64 Open Source Continuous File Synchronization
# journalctl -u syncthing@xxx.service
... Nov 15 19:28:57 xxx systemd[1]: Started Syncthing - Open Source Continuous File Synchronization for xxx. Nov 15 19:28:57 xxx systemd[336]: syncthing@xxx.service: Failed to set up mount namespacing: Permission denied Nov 15 19:28:57 xxx systemd[336]: syncthing@xxx.service: Failed at step NAMESPACE spawning /usr/bin/syncthing: Permission denied Nov 15 19:28:57 xxx systemd[1]: syncthing@xxx.service: Main process exited, code=exited, status=226/NAMESPACE Nov 15 19:28:57 xxx systemd[1]: syncthing@xxx.service: Failed with result 'exit-code'. Nov 15 19:28:58 xxx systemd[1]: syncthing@xxx.service: Service RestartSec=100ms expired, scheduling restart. Nov 15 19:28:58 xxx systemd[1]: syncthing@xxx.service: Scheduled restart job, restart counter is at 1. Nov 15 19:28:58 xxx systemd[1]: Stopped Syncthing - Open Source Continuous File Synchronization for xxx. ...
On the host (Debian 10 (Buster)):
$ dpkg -l ‘lxc’ | grep ^ii
ii lxc 1:3.1.0+really3.0.3-8 amd64 Linux Containers userspace tools
# dmesg
... [4519490.489894] audit: type=1400 audit(1573841522.996:785): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default-cgns" name="/" pid=4016 comm="(yncthing)" flags="rw, rslave" ...
Any idea how to fix this? Or did i do something else wrong?
Regards, Ferdinand