LXD and Archlinux containers broken

systemd-resolved.service: Failed to set up mount namespacing: /run/systemd/unit-root/proc: Permission denied
systemd-logind.service: Failed to set up mount namespacing: /run/systemd/unit-root/proc: Permission denied


I run some containers with Archlinux and when I update them in a monthly manner, they broke most of the time, because everything related to systemd has always some new security features that LXD and AppArmor cannot handle well.

After lots of dirty hacks, turn out Canonical patched this by adding a systemd-generator that add all the required drop-in unit files.

If you launch a new container it will benefit from this patch, because the base image is updated. But what if you run an old container? Either you launch a new container and you migrate your old container to the new... Or, you add this file to your container, reboot, and voilĂ !

mkdir /etc/systemd/system-generators
wget https://raw.githubusercontent.com/lxc/distrobuilder/master/distrobuilder/main.go -O /tmp/main.go
awk -v RS='^$' -v FS='`' '{
                  n = split($0, extracted)
                  print extracted[14]
              }' /tmp/main.go > /etc/systemd/system-generators/lxc
chmod +x /etc/systemd/system-generators/lxc

Note: That command may not work anymore if they change the main.go file.

Also, why the hell do they embed the sh script in the go source code?!