On 31.01.2021 0:57, Gordon Messmer wrote: >> https://bugzilla.redhat.com/show_bug.cgi?id=1913806 > systemd-nspawn is defaulting to a private user namespace, > but no private network namespace, and that combination is not supported. This is not true. By default systemd-nspawn creates private user namespace and private network namespace. See /usr/lib/systemd/system/systemd-nspawn at .service on the CentOS 8 / CentOS Stream 8 and the man page for more details: https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html > If you configure a private network namespace, > does that nspawn container start properly? This is not systemd-nspawn issue, because all works fine with CentOS 8.3 kernel. And broken with CentOS Stream 8 kernel. This is CentOS Stream 8 kernel regression. System journal fragment: Jan 21 15:55:12 centos-stream systemd-nspawn[1235]: Failed to mount sysfs on /sys/full (MS_RDONLY|MS_NOSUID|MS_NODEV|MS_NOEXEC ""): Operation not permitted -- Best regards, Gena