This problem does not happen when I boot the 4.4.0 kernel, but consistently happens with the 4.5.0 kernel.
How to reproduce: 1. start docker daemon 2. start docker container `docker start <id>` 3. switch to shell inside the docker container `docker exec -it <id> bash` 4. create a file `touch a` 5. try to read it `cat a` => this fails with "Operation not permitted". In fact, any file read operation fails "journalcrl -f" on the host shows "EXT4-fs warning (device sdb1): ext4_file_open:387: Inconsistent encryption contexts: 1379030/12058997". I'm using overlayfs for docker on top of ext4. Googling for "Inconsistent encryption contexts" leads to https://lkml.org/lkml/2016/3/10/713, which leads to https://lkml.org/lkml/2016/3/14/274. That patch mentioned there never made it into the kernel, but the patch I referenced seems to be the logical successor (renamed some things, and also fixes nfs).
