Required information

Distribution: Ubuntu
Distribution version: 20.04

The output of "lxc info" or if that fails:

:~# lxc info
config: {}
api_extensions:
- storage_zfs_remove_snapshots
- container_host_shutdown_timeout
- container_stop_priority
- container_syscall_filtering
- auth_pki
- container_last_used_at
- etag
- patch
- usb_devices
- https_allowed_credentials
- image_compression_algorithm
- directory_manipulation
- container_cpu_time
- storage_zfs_use_refquota
- storage_lvm_mount_options
- network
- profile_usedby
- container_push
- container_exec_recording
- certificate_update
- container_exec_signal_handling
- gpu_devices
- container_image_properties
- migration_progress
- id_map
- network_firewall_filtering
- network_routes
- storage
- file_delete
- file_append
- network_dhcp_expiry
- storage_lvm_vg_rename
- storage_lvm_thinpool_rename
- network_vlan
- image_create_aliases
- container_stateless_copy
- container_only_migration
- storage_zfs_clone_copy
- unix_device_rename
- storage_lvm_use_thinpool
- storage_rsync_bwlimit
- network_vxlan_interface
- storage_btrfs_mount_options
- entity_description
- image_force_refresh
- storage_lvm_lv_resizing
- id_map_base
- file_symlinks
- container_push_target
- network_vlan_physical
- storage_images_delete
- container_edit_metadata
- container_snapshot_stateful_migration
- storage_driver_ceph
- storage_ceph_user_name
- resource_limits
- storage_volatile_initial_source
- storage_ceph_force_osd_reuse
- storage_block_filesystem_btrfs
- resources
- kernel_limits
- storage_api_volume_rename
- macaroon_authentication
- network_sriov
- console
- restrict_devlxd
- migration_pre_copy
- infiniband
- maas_network
- devlxd_events
- proxy
- network_dhcp_gateway
- file_get_symlink
- network_leases
- unix_device_hotplug
- storage_api_local_volume_handling
- operation_description
- clustering
- event_lifecycle
- storage_api_remote_volume_handling
- nvidia_runtime
- container_mount_propagation
- container_backup
- devlxd_images
- container_local_cross_pool_handling
- proxy_unix
- proxy_udp
- clustering_join
- proxy_tcp_udp_multi_port_handling
- network_state
- proxy_unix_dac_properties
- container_protection_delete
- unix_priv_drop
- pprof_http
- proxy_haproxy_protocol
- network_hwaddr
- proxy_nat
- network_nat_order
- container_full
- candid_authentication
- backup_compression
- candid_config
- nvidia_runtime_config
- storage_api_volume_snapshots
- storage_unmapped
- projects
- candid_config_key
- network_vxlan_ttl
- container_incremental_copy
- usb_optional_vendorid
- snapshot_scheduling
- snapshot_schedule_aliases
- container_copy_project
- clustering_server_address
- clustering_image_replication
- container_protection_shift
- snapshot_expiry
- container_backup_override_pool
- snapshot_expiry_creation
- network_leases_location
- resources_cpu_socket
- resources_gpu
- resources_numa
- kernel_features
- id_map_current
- event_location
- storage_api_remote_volume_snapshots
- network_nat_address
- container_nic_routes
- rbac
- cluster_internal_copy
- seccomp_notify
- lxc_features
- container_nic_ipvlan
- network_vlan_sriov
- storage_cephfs
- container_nic_ipfilter
- resources_v2
- container_exec_user_group_cwd
- container_syscall_intercept
- container_disk_shift
- storage_shifted
- resources_infiniband
- daemon_storage
- instances
- image_types
- resources_disk_sata
- clustering_roles
- images_expiry
- resources_network_firmware
- backup_compression_algorithm
- ceph_data_pool_name
- container_syscall_intercept_mount
- compression_squashfs
- container_raw_mount
- container_nic_routed
- container_syscall_intercept_mount_fuse
- container_disk_ceph
- virtual-machines
- image_profiles
- clustering_architecture
- resources_disk_id
- storage_lvm_stripes
- vm_boot_priority
- unix_hotplug_devices
- api_filtering
- instance_nic_network
- clustering_sizing
- firewall_driver
- projects_limits
- container_syscall_intercept_hugetlbfs
- limits_hugepages
- container_nic_routed_gateway
- projects_restrictions
- custom_volume_snapshot_expiry
- volume_snapshot_scheduling
- trust_ca_certificates
- snapshot_disk_usage
- clustering_edit_roles
- container_nic_routed_host_address
- container_nic_ipvlan_gateway
- resources_usb_pci
- resources_cpu_threads_numa
- resources_cpu_core_die
- api_os
- resources_system
- usedby_consistency
- resources_gpu_mdev
- console_vga_type
- projects_limits_disk
- storage_rsync_compression
- gpu_mdev
- resources_pci_iommu
- resources_network_usb
- resources_disk_address
- network_state_vlan
- gpu_sriov
- migration_stateful
- disk_state_quota
- storage_ceph_features
- gpu_mig
- clustering_join_token
- clustering_description
- server_trusted_proxy
- clustering_update_cert
- storage_api_project
- server_instance_driver_operational
- server_supported_storage_drivers
- event_lifecycle_requestor_address
- resources_gpu_usb
- network_counters_errors_dropped
- image_source_project
- database_leader
- instance_all_projects
- ceph_rbd_du
- qemu_metrics
- gpu_mig_uuid
- event_project
- instance_allow_inconsistent_copy
- image_restrictions
api_status: stable
api_version: "1.0"
auth: trusted
public: false
auth_methods:
- tls
environment:
addresses: []
architectures:
- x86_64
- i686
certificate: |
-----BEGIN CERTIFICATE-----
MIICGzCCAaKgAwIBAgIRAKz9w+7WJYSXUIvVmQRiWtUwCgYIKoZIzj0EAwMwPDEc
MBoGA1UEChMTbGludXhjb250YWluZXJzLm9yZzEcMBoGA1UEAwwTcm9vdEBocHBy
b2Rlc2s0MDBnMTAeFw0yMjAyMTUyMjExMjJaFw0zMjAyMTMyMjExMjJaMDwxHDAa
BgNVBAoTE2xpbnV4Y29udGFpbmVycy5vcmcxHDAaBgNVBAMME3Jvb3RAaHBwcm9k
ZXNrNDAwZzEwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATDlWGt2mprMK75V0J85KhT
gyLg4jUQeJU1Q7qYgD7mebPdtnn6mvwoxmfkA5j5EpzGWvLyNYqlXKaHfXMaHAfa
MGJFR4w+c48qqC1QnL47by59XSKmCjqU4j2KPuD1YAijaDBmMA4GA1UdDwEB/wQE
AwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMDEGA1UdEQQq
MCiCDmhwcHJvZGVzazQwMGcxhwR/AAABhxAAAAAAAAAAAAAAAAAAAAABMAoGCCqG
SM49BAMDA2cAMGQCMHFfTjG7gGOQs2DjnhMzXGxlgjO55wZAT6NfpnfHpvfm/uPS
dEKOWqNuZ3FGAQnvVAIwf08ETDA3L2K42VcWHds+MDRq/QCRRcWZhMQnUXqwElRE
6SJ82m0HOiHHUuoMArJQ
-----END CERTIFICATE-----
certificate_fingerprint: 293cb85bcee2cefbbfdc50081c7e9c83629053e2f8592631253859a3ae5a6a25
driver: lxc | qemu
driver_version: 4.0.12 | 6.1.1
firewall: nftables
kernel: Linux
kernel_architecture: x86_64
kernel_features:
netnsid_getifaddrs: "true"
seccomp_listener: "true"
seccomp_listener_continue: "true"
shiftfs: "false"
uevent_injection: "true"
unpriv_fscaps: "true"
kernel_version: 5.4.0-100-generic
lxc_features:
cgroup2: "true"
core_scheduling: "true"
devpts_fd: "true"
idmapped_mounts_v2: "true"
mount_injection_file: "true"
network_gateway_device_route: "true"
network_ipvlan: "true"
network_l2proxy: "true"
network_phys_macvlan_mtu: "true"
network_veth_router: "true"
pidfd: "true"
seccomp_allow_deny_syntax: "true"
seccomp_notify: "true"
seccomp_proxy_send_notify_fd: "true"
os_name: Ubuntu
os_version: "20.04"
project: default
server: lxd
server_clustered: false
server_name: hpprodesk400g1
server_pid: 1472
server_version: 4.0.9
storage: dir
storage_version: "1"
storage_supported_drivers:
- name: dir
version: "1"
remote: false
- name: lvm
version: 2.03.07(2) (2019-11-30) / 1.02.167 (2019-11-30) / 4.41.0
remote: false
- name: zfs
version: 0.8.3-1ubuntu12.13
remote: false
- name: ceph
version: 15.2.14
remote: true
- name: btrfs
version: 5.4.1
remote: false
- name: cephfs
version: 15.2.14
remote: true

Issue description & Steps to reproduce

Cannot set multipass LXD-based instances as privileged containers. I've created two instaces of multipass using LXD as local driver:

sudo snap install multipass
sudo multipass set local.driver=lxd
sudo snap install lxd
snap connect multipass:lxd lxd

multipass launch --network enp3s0 --name master -m 3G
multipass launch --network enp3s0 --name worker -m 3G

:~# lxc list --project multipass
+--------+---------+----------------------------+------------------------------------------------+-----------------+-----------+
|  NAME  |  STATE  |            IPV4            |                      IPV6                      |      TYPE       | SNAPSHOTS |
+--------+---------+----------------------------+------------------------------------------------+-----------------+-----------+
| master | RUNNING | 192.168.1.221 (enp5s0)     | fd42:84eb:c2cd:ff6e:5054:ff:feb9:446b (enp5s0) | VIRTUAL-MACHINE | 0         |
|        |         | 192.168.1.22 (enp6s0)      |                                                |                 |           |
|        |         | 10.71.14.81 (enp5s0)       |                                                |                 |           |
|        |         | 10.1.219.64 (vxlan.calico) |                                                |                 |           |
+--------+---------+----------------------------+------------------------------------------------+-----------------+-----------+
| worker | RUNNING | 192.168.1.23 (enp6s0)      | fd42:84eb:c2cd:ff6e:5054:ff:feb4:b3a3 (enp5s0) | VIRTUAL-MACHINE | 0         |
|        |         | 192.168.1.222 (enp5s0)     |                                                |                 |           |
|        |         | 10.71.14.71 (enp5s0)       |                                                |                 |           |
|        |         | 10.1.171.64 (vxlan.calico) |                                                |                 |           |
+--------+---------+----------------------------+------------------------------------------------+-----------------+-----------+

I would need to make them privileged containers so that NFS server and client can be installed in the master and in the worker respectively, but it fails as follows:

:~# lxc config --project multipass set master security.privileged false
Error: Invalid config: Unknown configuration key: security.privileged

canonical / lxd

Cannot set config key security.privileged=true for multipass LXD-based instaces #10028

Required information

Issue description & Steps to reproduce