Package: src:linux Version: 3.16.7-ckt20-1+deb8u1 Severity: important After some troubleshooting with the help of snapshot.debian.org I found that any kernel newer than 3.16.7-ckt11-1+deb8u6 is not able to start unprivileged lxc containers (as root). Downgrading to 3.16.7-ckt11-1+deb8u6 or older makes it work again.
Here is the error that happens on the newer versions: # lxc-start -n db1 lxc-start: Operation not permitted - Mount of 'proc' onto '/usr/lib/x86_64-linux-gnu/lxc/rootfs/proc' failed lxc-start: Operation not permitted - failed to mount 'proc' on '/usr/lib/x86_64-linux-gnu/lxc/rootfs/proc' lxc-start: failed to setup the mount entries for 'db1' lxc-start: failed to setup the container lxc-start: invalid sequence number 1. expected 2 lxc-start: failed to spawn 'db1' lxc-start: The container failed to start. lxc-start: Additional information can be obtained by setting the --logfile and --logpriority options. An strace showed the mount system call simply failed with EPERM as the error says above. A similar issue was also reported with lxd on newer Ubuntu kernels here: https://github.com/lxc/lxd/issues/946 PS. If anyone else is having this issue, download the older kernel from: http://snapshot.debian.org/binary/linux-image-3.16.0-4-amd64/ The older versions of course will be missing the latest security fixes.
