It seems reasonable to me to add corresponding "lxc.cgroup2.devices.allow" lines to the debian configuration file. That appears to be the common solution that other users of lxc have done when searching for discussions of similar issues.
I'm not going to immediately push the updated config, as I don't want to accidentally break something or weaken an assumed protection that currently exists. However, if I don't hear any objections after a while I'll make the changes later this year. Mathias
signature.asc
Description: This is a digitally signed message part
