Voir :
The nscd Apparmor profile is not prepared for that and needs some additional capabilities added.
Necessary changes are:
server-user nobody
capability setgid,
capability setuid,
After adding these lines, restart Apparmor and subsequently nscd
source : https://www.suse.com/fr-fr/support/kb/doc/?id=000017971
cat <<EOF | sudo tee "/etc/apparmor.d/usr.local.bin.k3s" abi <abi/4.0>, include <tunables/global> /usr/local/bin/k3s flags=(unconfined) { userns, include if exists <local/usr.local.bin.k3s> } EOF sudo systemctl restart apparmor.service
Source : https://docs.k3s.io/advanced