Some applications cannot work in containers because of apparmor permissions, namespaces or functionality unsupported by the kernel on the host system. Below is an example of a mariadb service error:
mariadb.service: Failed to set up mount namespacing: Permission denied
This error occurred when running the container in privileged mode. To solve it, you can update your lxc configuration as below:
lxc config set my-container raw.lxc "lxc.aa_profile=unconfined"
or after version 3:
lxc config set my-container raw.lxc "lxc.apparmor.profile=unconfined"