I think the problem is the same as mentionned here : How to add CAP_IPC_LOCK capabilities to container? - #4 by stgraber