Some applications cannot work in containers because of apparmor permissions, namespaces or functionality unsupported by the kernel on the host system. Below is an example of a mariadb service error:

mariadb.service: Failed to set up mount namespacing: Permission denied

This error occurred when running the container in privileged mode. To solve it, you can update your lxc configuration as below:

lxc config set my-container raw.lxc "lxc.aa_profile=unconfined"

or after version 3:

lxc config set my-container raw.lxc "lxc.apparmor.profile=unconfined"