Quoting Jean-Philippe Menil (jean-philippe.menil(a)univ-nantes.fr):
10:41:10.076: error : lxcContainerStart:858 : Failed to run clone
container: Operation not permitted
I would guess that the libvirt process creating the container has dropped some
of the needed capabilities (CAP_SYS_ADMIN and a few others). Is libvirtd
running as root? What does /proc/$$/status for that process show?