I've been able to re-create this using fresh install of Ubuntu 18.04 without using LXC or LXD, but just using network namespaces.
Setup 2 namespaces with IPVLAN: ip netns add ns1 ip link add name ipv1 link enp0s3 type ipvlan mode l3s ip link set dev ipv1 netns ns1 ip netns exec ns1 ip addr add 10.1.20.252/32 dev ipv1 ip netns exec ns1 ip link set ipv1 up ip netns exec ns1 ip link set lo up ip netns exec ns1 ip -4 r add default dev ipv1 ip netns add ns2 ip link add name ipv2 link enp0s3 type ipvlan mode l3s ip link set dev ipv2 netns ns2 ip netns exec ns2 ip addr add 10.1.20.253/32 dev ipv2 ip netns exec ns2 ip link set ipv2 up ip netns exec ns2 ip link set lo up ip netns exec ns2 ip -4 r add default dev ipv2 Enter namespace 1 and start a ping to other namespace: sudo ip netns exec ns1 ping 10.1.20.253 Then run tcpdump in namespace 2 listening for all packets without DNS resolution: sudo ip netns exec ns2 tcpdump -i any -nn This doesn't output any captured packets. However running tcpdump with -l (Make stdout line buffered) does help: sudo ip netns exec ns2 tcpdump -i any -nn -l -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1641236 Title: Confined processes inside container cannot fully access host pty device passed in by lxc exec To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1641236/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs