Hello, I have a container with root fs: <filesystem type='file' accessmode='passthrough'> <driver type='loop' format='raw'/> <source file='/opt/stack/data/nova/instances/x/disk'/> <target dir='/'/> </filesystem> And it seems libvirt tries to mount this FS from a user namespace, which is not possible: [root@localhost ~]# virsh -c lxc:/// start instance-0000000aXX error: Failed to start domain instance-0000000aXX error: internal error: guest failed to start: Failed to mount device /dev/loop3 to /var/run/libvirt/lxc/instance-0000000aXX.root: Operation not permitted Do you have any ideas, how it's supposed to work? Here is domain config: <domain type='lxc'> <name>instance-0000000aXX</name> <uuid>c68df696-1499-4cb3-b1fa-e2a370c11382</uuid> <memory unit='KiB'>524288</memory> <currentMemory unit='KiB'>524288</currentMemory> <vcpu placement='static'>1</vcpu> <cputune> <shares>1024</shares> </cputune> <resource> <partition>/machine</partition> </resource> <os> <type arch='x86_64'>exe</type> <init>/sbin/init</init> <cmdline>console=tty0 console=ttyS0</cmdline> </os> <idmap> <uid start='0' target='10000' count='1000'/> <gid start='0' target='10000' count='1000'/> </idmap> <clock offset='utc'/> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> <on_crash>destroy</on_crash> <devices> <emulator>/usr/libexec/libvirt_lxc</emulator> <filesystem type='file' accessmode='passthrough'> <driver type='loop' format='raw'/> <source file='/opt/stack/data/nova/instances/x/disk'/> <target dir='/'/> </filesystem> <console type='pty'> <target type='lxc' port='0'/> </console> </devices> </domain> -- Dmitry Guryanov