Hi everybody,
I am trying to install OpenStack into a Docker container.

The problem happens at almost the end of the installation, at line 1352: service_check.
Devstack checks services and the problem is that nova-api doesn't start!
Why? Because the command

sudo nova-rootwrap /etc/nova/rootwrap.conf iptables-save -c

gives

iptables-save v1.4.21: Cannot initialize: Permission denied (you must be root)

I know that there is a known problem with Docker and iptables... But I couldn't find a solution except from running commands with --privileged=true.
Unfortunately, I do want my image to be built automatically from Dockerfile, and it is __not possible__ to RUN commands as privileged from file.
Actually, running with --privileged=true, gives this error on mysql service start:

/usr/sbin/mysqld: error while loading shared libraries: libaio.so.1: cannot open shared object file: Permission denied

And mysql has to be up during OpenStack installation (obviously).

Can you please help me?
Do you have any idea on how should I make iptables-save -c run?

Thank you in advance