I'm quite certain this is not an apparmor issue, since leaving everything unconfined does not help.
It could be something we're doing wrong in lxc, but I'm not sure what. It could be something inherent in mounting onto an open fd. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1543367 Title: nested unprileged container fails to start at mounting /proc Status in linux package in Ubuntu: New Status in lxc package in Ubuntu: Triaged Bug description: Create a trusty or xenial host. Probably use ubuntu-lxc/daily ppa to work around other bugs. Create a privileged container (again either trusty or xenial will do), and install ubuntu-lxc/daily ppa there. Create an unprivileged container in that container. It will fail at mounting proc using safe_mount. At this point it is mounting proc onto /proc/self/fd/14 flags 14. lxc-start 20160208234209.189 ERROR lxc_utils - utils.c:safe_mount:1695 - Operation not permitted - Failed to mount proc onto /usr/lib/x86_64-linux-gnu/lxc/proc To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1543367/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
