В журналах полно ошибок:

[137200.185910] audit: type=1400 audit(1542190140.997:411): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default-cgns" name="/" pid=2774 comm="(ionclean)" flags="rw, rslave"
[137204.038105] audit: type=1400 audit(1542190144.849:412): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default-cgns" name="/" pid=2849 comm="(ionclean)" flags="rw, rslave"
[137206.696135] audit: type=1400 audit(1542190147.505:413): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default-cgns" name="/" pid=2906 comm="(ionclean)" flags="rw, rslave"
[137206.734793] audit: type=1400 audit(1542190147.545:414): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default-cgns" name="/" pid=2919 comm="(ionclean)" flags="rw, rslave"

/etc/apparmor.d/lxc/lxc-default-cgns
mount options=(rw, rslave),

Добавляем в файл /etc/apparmor.d/lxc/lxc-default-cgns строку:

profile lxc-container-default flags=(attach_disconnected,mediate_deleted) {
  ...
    mount options=(rw, nosuid, noexec, remount, relatime, ro, bind, rbind),
  ...

Перезагружаем правила apparmor:

service apparmor reload