LXCのOpenVPN：デバイスの設定に失敗しました。許可

OpenVPNをUbuntu 16.04のLXD管理のLXCコンテナーで動作させようとしています。 tunデバイスをlxc config edit container経由でコンテナ構成に追加しましたが、正しく作成されています。私は走った

lxc config set mycontainer raw.lxc 'lxc.cgroup.devices.allow = c 10:200 rwm'

コンテナの設定に表示されますが、実行すると

systemctl start [email protected]

私は私のエラーログでこれを取得します：

Jul 13 09:52:56 lb systemd[1]: Failed to reset devices.list on /system.slice/system-openvpn.slice/[email protected]: Operation not permitted
Jul 13 09:52:56 lb systemd[1]: Failed to set devices.allow on /system.slice/system-openvpn.slice/[email protected]: Operation not permitted
Jul 13 09:52:56 lb systemd[1]: Failed to set devices.allow on /system.slice/system-openvpn.slice/[email protected]: Operation not permitted
Jul 13 09:52:56 lb systemd[1]: Failed to set devices.allow on /system.slice/system-openvpn.slice/[email protected]: Operation not permitted
Jul 13 09:52:56 lb systemd[1]: Failed to set devices.allow on /system.slice/system-openvpn.slice/[email protected]: Operation not permitted
Jul 13 09:52:56 lb systemd[1]: Failed to set devices.allow on /system.slice/system-openvpn.slice/[email protected]: Operation not permitted
Jul 13 09:52:56 lb systemd[1]: Failed to set devices.allow on /system.slice/system-openvpn.slice/[email protected]: Operation not permitted
Jul 13 09:52:56 lb systemd[1]: Failed to set devices.allow on /system.slice/system-openvpn.slice/[email protected]: Operation not permitted
Jul 13 09:52:56 lb systemd[1]: Failed to set devices.allow on /system.slice/system-openvpn.slice/[email protected]: Operation not permitted
Jul 13 09:52:56 lb systemd[1]: Failed to set devices.allow on /system.slice/system-openvpn.slice/[email protected]: Operation not permitted
Jul 13 09:52:56 lb systemd[1]: Failed to set devices.allow on /system.slice/system-openvpn.slice/[email protected]: Operation not permitted
Jul 13 09:52:56 lb systemd[1]: Starting OpenVPN connection to server...
-- Subject: Unit [email protected] has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit [email protected] has begun starting up.
Jul 13 09:52:56 lb systemd[1]: Failed to reset devices.list on /system.slice/ondemand.service: Operation not permitted

これが私のコンテナ設定です：

$ lxc config show --expanded lb
name: lb
profiles:
- default
config:
  raw.lxc: lxc.cgroup.devices.allow = c 10:200 rwm
  volatile.base_image: f452cda3bccb2903e56d53e402b9d35334b4276783d098a879be5d74b04e62e2
  volatile.eth0.hwaddr: xx:xx:xx:xx:xx:xx
  volatile.eth1.name: eth1
  volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":231072,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":165536,"Nsid":0,"Maprange":65536}]'
devices:
  eth0:
    name: eth0
    nictype: bridged
    parent: lxdbr0
    type: nic
  eth1:
    hwaddr: xx:xx:xx:xx:xx:xx
    nictype: bridged
    parent: lxdbr1
    type: nic
  root:
    path: /
    type: disk
  tun:
    path: /dev/net/tun
    type: unix-char
ephemeral: false

そして/ dev/net内のファイル：

$ ll /dev/net
total 0
drwxr-xr-x 2 root root      60 Jul 13 09:36 ./
drwxr-xr-x 9 root root     480 Jul 13 09:36 ../
crw-rw-rw- 1 root root 10, 200 Jul 13 09:36 tun