I tried adding "lxc.include = /usr/share/lxc/config/nesting.conf" as I didn't know this existed. However, it didn't help.
As you say, I can create unprivileged containers as user ubuntu, I just can't start them. Are you able to start unprivileged containers as user ubuntu? If so, how are you starting them? I need to start them from the host's shell, so I'm doing something like this: $ sudo lxc-attach -n test-libertine -- sudo -u ubuntu -H lxc-start -n test where test-libertine is the privileged container and test is the unprivileged container. Also, here is the privileged container's configuration file: # Template used to create this container: /usr/share/lxc/templates/lxc-download # Parameters passed to the template: -a amd64 -d ubuntu -r xenial # For additional config options, please look at lxc.container.conf(5) # Distribution configuration lxc.include = /usr/share/lxc/config/ubuntu.common.conf lxc.arch = x86_64 # Container specific configuration lxc.rootfs = /var/lib/lxc/test-libertine/rootfs lxc.utsname = test-libertine # Network configuration lxc.network.type = veth lxc.network.link = lxcbr0 lxc.network.flags = up lxc.network.hwaddr = 00:16:3e:da:08:f7 lxc.aa_profile = lxc-container-default-with-nesting lxc.include = /usr/share/lxc/config/nesting.conf Here is the output of /proc/self/cgroup while in a shell inside the privileged container: # cat /proc/self/cgroup 11:devices:/ 10:freezer:/ 9:pids:/ 8:memory:/ 7:cpuset:/ 6:hugetlb:/ 5:blkio:/ 4:net_cls,net_prio:/ 3:perf_event:/ 2:cpu,cpuacct:/ 1:name=systemd:/ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1543697 Title: Unprivileged nested Xenial container will not start inside a privileged Xenial container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1543697/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
