On IRC, Stéphane suggested making the container "even more privileged" as a cleaner workaround, by adding the following to raw.lxc:
lxc.mount.auto= lxc.mount.auto=proc:rw sys:rw
(I also had to fiddle with my restrictive policy-rc.d script to allow udev to start.)
Perhaps documenting that somewhere reasonably findable would be good enough?
On IRC, Stéphane suggested making the container "even more privileged" as a cleaner workaround, by adding the following to raw.lxc:
lxc.mount.auto= auto=proc: rw sys:rw
lxc.mount.
(I also had to fiddle with my restrictive policy-rc.d script to allow udev to start.)
Perhaps documenting that somewhere reasonably findable would be good enough?