Comment 4 for bug 1003888

Thanks. The syslog namespace, which is not yet implemented, would be the one to help prevent this.

Can you try adding

syslog

to the line

lxc.cap.drop = sys_module mac_admin

in the container's configuration file (/var/lib/lxc/<container>/config)? So the line would then read:

lxc.cap.drop = sys_module mac_admin syslog

Does the container then start all right, and leave the host's syslog uncorrupted?