Thank you for answering. kernel.unprivileged_userns_clone = 1 on my machine and on the Live DVD. All instructions of the README.Debian.gz were followed.
To rule out machine-specific misconfiguration, this log is from the Live DVD, Debian 11.0 AMD64 Standard: Warning: Permanently added '[localhost]:12346' (ECDSA) to the list of known hosts. user@localhost's password: Linux debian 5.10.0-8-amd64 #1 SMP Debian 5.10.46-4 (2021-08-03) x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. user@debian:~$ sudo su -l root@debian:~# apt-get update ; apt-get install lxc [snip] root@debian:~# sysctl kernel.unprivileged_userns_clone kernel.unprivileged_userns_clone = 1 root@debian:~# grep user /etc/subuid /etc/subgid /etc/subuid:user:100000:65536 /etc/subgid:user:100000:65536 root@debian:~# logout user@debian:~$ mkdir -p .local/share/lxc user@debian:~$ chmod +x . .local .local/share user@debian:~$ user@debian:~$ cat > test_config lxc.idmap = u 0 100000 65536 lxc.idmap = g 0 100000 65536 lxc.mount.auto = proc:mixed sys:ro cgroup:mixed lxc.apparmor.profile = unconfined user@debian:~$ user@debian:~$ systemd-run --scope --quiet --user --property=Delegate=yes lxc-start --logfile /dev/stderr -f test_config -n machine lxc-start machine 20210901150740.103 ERROR utils - utils.c:safe_mount:1204 - Permission denied - Failed to mount "proc" onto "/proc" lxc-start machine 20210901150740.104 ERROR conf - conf.c:lxc_mount_auto_mounts:681 - Permission denied - Failed to mount "proc" on "/proc" with flags 14 lxc-start machine 20210901150740.104 ERROR conf - conf.c:lxc_setup:3330 - Failed to setup first automatic mounts lxc-start machine 20210901150740.105 ERROR start - start.c:do_start:1218 - Failed to setup container "machine" lxc-start machine 20210901150740.106 ERROR sync - sync.c:__sync_wait:36 - An error occurred in another process (expected sequence number 5) lxc-start machine 20210901150740.106 ERROR start - start.c:__lxc_start:1999 - Failed to spawn container "machine" lxc-start machine 20210901150740.107 ERROR lxccontainer - lxccontainer.c:wait_on_daemonized_start:859 - Received container state "ABORTING" instead of "RUNNING" lxc-start: machine: lxccontainer.c: wait_on_daemonized_start: 859 Received container state "ABORTING" instead of "RUNNING" lxc-start machine 20210901150740.108 ERROR lxc_start - tools/lxc_start.c:main:308 - The container failed to start lxc-start: machine: tools/lxc_start.c: main: 308 The container failed to start lxc-start machine 20210901150740.108 ERROR lxc_start - tools/lxc_start.c:main:311 - To get more details, run the container in foreground mode lxc-start: machine: tools/lxc_start.c: main: 311 To get more details, run the container in foreground mode lxc-start machine 20210901150740.108 ERROR lxc_start - tools/lxc_start.c:main:313 - Additional information can be obtained by setting the --logfile and --logpriority options lxc-start: machine: tools/lxc_start.c: main: 313 Additional information can be obtained by setting the --logfile and --logpriority options user@debian:~$ sudo su -l root@debian:~# dmesg | tail [ 294.416862] audit: type=1400 audit(1630508543.972:7): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="lsb_release" pid=2444 comm="apparmor_parser" [ 294.526095] audit: type=1400 audit(1630508544.084:8): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/bin/man" pid=2442 comm="apparmor_parser" [ 294.527098] audit: type=1400 audit(1630508544.084:9): apparmor="STATUS" operation="profile_load" profile="unconfined" name="man_filter" pid=2442 comm="apparmor_parser" [ 294.528359] audit: type=1400 audit(1630508544.084:10): apparmor="STATUS" operation="profile_load" profile="unconfined" name="man_groff" pid=2442 comm="apparmor_parser" [ 297.864908] audit: type=1400 audit(1630508547.412:11): apparmor="STATUS" operation="profile_load" profile="unconfined" name="lxc-container-default" pid=2618 comm="apparmor_parser" [ 297.867516] audit: type=1400 audit(1630508547.416:12): apparmor="STATUS" operation="profile_load" profile="unconfined" name="lxc-container-default-cgns" pid=2618 comm="apparmor_parser" [ 297.869845] audit: type=1400 audit(1630508547.420:13): apparmor="STATUS" operation="profile_load" profile="unconfined" name="lxc-container-default-with-mounting" pid=2618 comm="apparmor_parser" [ 297.872902] audit: type=1400 audit(1630508547.420:14): apparmor="STATUS" operation="profile_load" profile="unconfined" name="lxc-container-default-with-nesting" pid=2618 comm="apparmor_parser" [ 297.933031] audit: type=1400 audit(1630508547.480:15): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/bin/lxc-start" pid=2624 comm="apparmor_parser" [ 610.653177] audit: type=1400 audit(1630508860.099:16): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="/usr/bin/lxc-start" name="/proc/" pid=3594 comm="lxc-start" fstype="proc" srcname="proc" flags="rw, nosuid, nodev, noexec" root@debian:~#
