<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p><font face="Helvetica, Arial, sans-serif">Excellent, thanks.</font></p>
    <p><font face="Helvetica, Arial, sans-serif"><br>
      </font></p>
    <p><br>
    </p>
    On 2019-02-14 10:51 a.m., Faustin Lammler wrote:<br>
    <blockquote type="cite" cite="mid:20190214155109.GA10084@falared">
      <pre class="moz-quote-pre" wrap="">Control: forwarded -1 <a class="moz-txt-link-freetext" href="https://github.com/lxc/lxc/pull/2758">https://github.com/lxc/lxc/pull/2758</a>

Matthew,
I able to reproduce this and I have the exact same error (mariadb log +
apparmor on host).

Your workaround is working but it seems that removing only these 3 lines
is sufficient:
</pre>
      <blockquote type="cite">
        <pre class="moz-quote-pre" wrap="">ProtectSystem=full
PrivateDevices=true
ProtectHome=true
</pre>
      </blockquote>
      <pre class="moz-quote-pre" wrap="">
You can leave this one:
</pre>
      <blockquote type="cite">
        <pre class="moz-quote-pre" wrap="">ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/run/mysqld
</pre>
      </blockquote>
      <pre class="moz-quote-pre" wrap="">
Another workaround is to disable completely apparmor:
<a class="moz-txt-link-freetext" href="https://wiki.debian.org/AppArmor/HowToUse#Disable_AppArmor">https://wiki.debian.org/AppArmor/HowToUse#Disable_AppArmor</a>

I think we should wait until some progress comes from
<a class="moz-txt-link-freetext" href="https://github.com/lxc/lxc/pull/2758">https://github.com/lxc/lxc/pull/2758</a>.

Faustin
</pre>
    </blockquote>
  </body>
</html>