Comment 5 for bug 1936312

After reading a bit more about this issue, I can see where the conflict happens:

1/ systemd requires any container manager to mount /sys read-only, according to https://systemd.io/CONTAINER_INTERFACE/ in order to make udevd behave properly.

2/ NetworkManager checks for /sys to be read-only in order to decide if it should not be using udev

3/ lxc has a different understanding (and requirements), so it mounts /sys r/w, leading to confusion in NetworkManager.

=> IMO NetworkManager needs to do an improved check if it is running inside a container (in addition to https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/78dc57d8f4af1a230053473f3eb7c18d1eaf0730) as the /sys read-only check is not enough for the LXC environment.
Maybe NM could be extended to check for something like "systemd-detect-virt --container == 0" and not use udev in this case?