Trying to run CoreOS rkt container in the CircleCI build environment

Hi folks, so Im trying to run a few services in the CircleCI build environment (Im using the updated Ubuntu 14.04 image) using rkt containers and Im hitting a small snag. The problem looks to be when the container tries to make a “shared, slave mount”[1] of /, but cant because /proc and /sys are not owned by root (theyre owned by nobody:nogroup).

root@box1396:/# ls -al
total 4
drwxr-xr-x    1 root   root     188 Mar  3 17:05 .
drwxr-xr-x    1 root   root     188 Mar  3 17:05 ..
drwxr-xr-x    1 root   root    2024 Feb 29 04:30 bin
drwxr-xr-x    1 root   root       8 Dec 11 20:58 boot
drwxr-xr-x    1 root   root       4 Feb 29 03:44 data
drwxr-xr-x    6 root   root     520 Mar  3 17:09 dev
drwxr-xr-x    1 root   root    3876 Mar  3 17:37 etc
drwxr-xr-x    1 root   root      12 Dec 13 04:04 home
drwxr-xr-x    1 root   root     734 Feb 29 04:53 lib
drwxr-xr-x    1 root   root    1304 Feb 29 03:56 lib32
drwxr-xr-x    1 root   root      40 Feb 29 03:42 lib64
drwx------    1 root   root       0 Dec 11 20:53 lost+found
drwxr-xr-x    1 root   root       0 Dec 11 20:48 media
drwxr-xr-x    1 root   root       0 Apr 10  2014 mnt
drwxr-xr-x    1 root   root      80 Feb 29 03:55 opt
dr-xr-xr-x 1145 nobody nogroup    0 Mar  3 17:05 proc
drwx------    1 root   root     132 Mar  3 17:05 root
drwxr-xr-x   19 root   root     700 Mar  3 17:41 run
drwxr-xr-x    1 root   root    3644 Feb 29 04:54 sbin
drwxr-xr-x    1 root   root       0 Dec 11 20:48 srv
dr-xr-xr-x   13 nobody nogroup    0 Mar  3 17:05 sys
drwxrwxrwt    1 root   root     502 Mar  3 17:42 tmp
drwxr-xr-x    1 root   root      80 Feb 29 03:56 usr
drwxr-xr-x    1 root   root     106 Feb 29 04:22 var

My question here is, is there a reason that /sys and /proc are not owned by root (Im guessing the CircleCI build environment is a container of sorts, so that could explain it)? Is there a way to make it owned by root so that my particular use-case could work?

The reason for this, is that the rkt container runtime uses systemd to execute containers. It can do this in one of two ways:

1. Use systemd as provided by the host
2. Use a copy of systemd as provided by a custom stage1[2]

The version of systemd that comes on Ubuntu 14.04 is too old (as systemd-nspawn is a requirement),leaving me with providing an up-to-date version via option #2.

Hopefully this all makes sense. Im interested to know if theres any way of potentially accomplishing this. Alternatively, providing an up-to-date version of Ubuntu or Fedora (or any distro that uses systemd as its init system) would also work

[1] www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt
[2] github.com/coreos/rkt/blob/master/Documentation/devel/stage1-implementors-guide.md