On 31.01.2021 0:57, Gordon Messmer wrote:
systemd-nspawn is defaulting to a private user namespace, but no private network namespace, and that combination is not supported.
This is not true. By default systemd-nspawn creates private user namespace and private network namespace.
See /usr/lib/systemd/system/systemd-nspawn@.service on the CentOS 8 / CentOS Stream 8 and the man page for more details: https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html
If you configure a private network namespace, does that nspawn container start properly?
This is not systemd-nspawn issue, because all works fine with CentOS 8.3 kernel. And broken with CentOS Stream 8 kernel. This is CentOS Stream 8 kernel regression.
System journal fragment:
Jan 21 15:55:12 centos-stream systemd-nspawn[1235]: Failed to mount sysfs on /sys/full (MS_RDONLY|MS_NOSUID|MS_NODEV|MS_NOEXEC ""): Operation not permitted