Thanks for verifying. What is happening is actually vaguely explained in the mountcgroup hook itself, and is an unfortunate side effect of a somewhat recent kernel change:
cd /sys/fs/cgroup/devices sudo mkdir a echo a | sudo tee -a a/devices.deny # succeeds sudo mkdir -p b/c echo a | sudo tee -a b/devices.deny # fails If a devices cgroup has any child cgroups, then you can no longer make certain changes to it. Marking this confirmed and changing the title to reflect that the comments in /usr/share/lxc/config/ubuntu.common.conf need to be changed. ** Changed in: lxc Status: Incomplete => Triaged ** Also affects: lxc (Ubuntu) Importance: Undecided Status: New ** Also affects: lxc (Ubuntu Trusty) Importance: Undecided Status: New ** Changed in: lxc (Ubuntu) Status: New => Triaged ** Changed in: lxc (Ubuntu Trusty) Status: New => Triaged ** Changed in: lxc (Ubuntu Trusty) Importance: Undecided => High ** Changed in: lxc (Ubuntu) Importance: Undecided => High ** Summary changed: - Error setting cgroup devices.deny limit with nested lxc container + comments in common.conf must be updated ** Changed in: lxc Assignee: (unassigned) => Serge Hallyn (serge-hallyn) ** Changed in: lxc Status: Triaged => In Progress -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1342960 Title: comments in common.conf must be updated To manage notifications about this bug go to: https://bugs.launchpad.net/lxc/+bug/1342960/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs