I have applied a patch in our OBS server, which adjusts the version check so we can build packages with newer LXC versions and sent it upstream: https://github.com/openSUSE/obs-build/pull/1127
Remove the lxc version constraint (which finally allowed upgrading to a newer opensuse version).
Fix errors in lxc-start related to not having securityfs available:
[ 14s] booting lxc... [ 14s] lxc-start: obsbuild:root_6: lsm/apparmor.c: apparmor_prepare: 1132 If you really want to start this container, set [ 14s] lxc-start: obsbuild:root_6: lsm/apparmor.c: apparmor_prepare: 1133 lxc.apparmor.allow_incomplete = 1 [ 14s] lxc-start: obsbuild:root_6: lsm/apparmor.c: apparmor_prepare: 1134 in your container configuration file [ 14s] lxc-start: obsbuild:root_6: start.c: lxc_init: 879 Failed to initialize LSM [ 14s] lxc-start: obsbuild:root_6: start.c: __lxc_start: 2008 Failed to initialize container "obsbuild:root_6" [ 14s] lxc-start: obsbuild:root_6: tools/lxc_start.c: main: 306 The container failed to start [ 14s] lxc-start: obsbuild:root_6: tools/lxc_start.c: main: 312 Additional information can be obtained by setting the --logfile and --logpriority options [ 14s] '/var/cache/obs/worker/root_6/.build/_exitcode' not found or symlink
Usually systemd would mount the securityfs automatically as I understand it, but it doesn't work anymore without this service in our use case where osmocom-obs-worker runs inside an LXC itself. This is probably related to upgrading the opensuse version for the osmocom-obs-worker containers.
