"lxc.cgroup.devices" is meaningless for unprivileged containers as those can never create those devices anyway, so they'll only ever have access to whatever devices lxc provides and nothing more. All our own default configs specifically do not set that cgroup controller for unprivileged containers.
The error you're getting specifically suggests that the cgroups that are delegated to your unprivileged users do not include the devices controller which does match what I'm seeing in /proc/self/cgroup on my system here. If you wanted to be able to write to the devices cgroup, you would need your user session to have the devices cgroup in /proc/self/cgroup point to a path that your user can write to. At which point the config should work, though still effectively be meaningless. ** Changed in: lxc (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1843490 Title: lxc.cgroup.devices.allow prevents unprivileged container from starting To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1843490/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs