I tried adding "lxc.include = /usr/share/lxc/config/nesting.conf" as I didn't know this existed. However, it didn't help.
As you say, I can create unprivileged containers as user ubuntu, I just can't start them. Are you able to start unprivileged containers as user ubuntu? If so, how are you starting them? I need to start them from the host's shell, so I'm doing something like this: $ sudo lxc-attach -n test-libertine -- sudo -u ubuntu -H lxc-start -n test where test-libertine is the privileged container and test is the unprivileged container. Also, here is the privileged container's configuration file: # Template used to create this container: /usr/share/lxc/templates/lxc-download # Parameters passed to the template: -a amd64 -d ubuntu -r xenial # For additional config options, please look at lxc.container.conf(5) # Distribution configuration lxc.include = /usr/share/lxc/config/ubuntu.common.conf lxc.arch = x86_64 # Container specific configuration lxc.rootfs = /var/lib/lxc/test-libertine/rootfs lxc.utsname = test-libertine # Network configuration lxc.network.type = veth lxc.network.link = lxcbr0 lxc.network.flags = up lxc.network.hwaddr = 00:16:3e:da:08:f7 lxc.aa_profile = lxc-container-default-with-nesting lxc.include = /usr/share/lxc/config/nesting.conf Here is the output of /proc/self/cgroup while in a shell inside the privileged container: # cat /proc/self/cgroup 11:devices:/ 10:freezer:/ 9:pids:/ 8:memory:/ 7:cpuset:/ 6:hugetlb:/ 5:blkio:/ 4:net_cls,net_prio:/ 3:perf_event:/ 2:cpu,cpuacct:/ 1:name=systemd:/ -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1543697 Title: Unprivileged nested Xenial container will not start inside a privileged Xenial container Status in lxc package in Ubuntu: Fix Released Bug description: I have a host where I create a privileged Xenial container. Inside that privileged container, I create an unprivileged Xenial container using the ubuntu user in the privileged container. When I try starting the unprivileged container, I get the following error: lxc-start 20160209133200.970 INFO lxc_cgroup - cgroup.c:cgroup_init:65 - cgroup driver cgroupfs initing for test-lxc lxc-start 20160209133200.971 ERROR lxc_cgfs - cgfs.c:cgfs_init:2248 - cgroupfs failed to detect cgroup metadata lxc-start 20160209133200.971 ERROR lxc_start - start.c:lxc_spawn:1023 - failed initializing cgroup support lxc-start 20160209133200.971 ERROR lxc_start - start.c:__lxc_start:1273 - failed to spawn 'test-lxc' I've tried both Trusty host w/ ppa:ubuntu-lxc/lxc-stable installed and a Xenial host with the same results. I've also tried using ppa :ubuntu-lxc/daily in the privileged Xenial LXC. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1543697/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp