Libvirt lxc-enter-namespace with mapped uid/gid

Question

I'm trying to implement LXC with mapped uid/gid (user namespace) under Libvirt on CentOS 7 with full separate root mounted. Libvirt config snippet

  <idmap>
    <uid start='0' target='100000' count='65535'/>
    <gid start='0' target='100000' count='65535'/>
  </idmap>
  <filesystem type='mount' accessmode='passthrough'>
    <source dir='/var/lib/libvirt/lxc/test2'/>
    <target dir='/'/>
  </filesystem>

I changed ownership of files / directories inside /var/lib/libvirt/lxc/test2 and the container itself works fine (just a test container with bash script as /init running Apache and catching SIGTERM to stop Apache gracefully). If I do ps aux I see that container apps are running under user ID 100000

100000    7392  0.0  0.0  12476  2212 pts/0    Ss+  Feb17   0:20 /bin/sh /init
100000    7409  0.0  0.0 230408  3684 ?        Ss   Feb17   0:15 /usr/sbin/httpd
100048    7411  0.0  0.0 230544  3796 ?        S    Feb17   0:00 /usr/sbin/httpd
100048    7412  0.0  0.0 230544  3800 ?        S    Feb17   0:00 /usr/sbin/httpd

and I can see default Apache pages, so it's all good.

Now when I try to do virsh lxc-enter-namespace test2 /bin/bash I'm getting bash running under unknown uid/gid inside the container

bash-4.2$ id
uid=65534 gid=65534 groups=65534

I see it as running as real root (uid/gid 0/0) in host system. /proc/$PID/uid_map is the same as for httpd processes running in container.

[root@lxctest ~]# cat /proc/21219/uid_map <- bash
         0     100000      65535
[root@lxctest ~]# cat /proc/7413/uid_map <- apache
         0     100000      65535

So mapping seems to be working, but libvirt (virsh) starts the process as incorrect user. User 100000 does not exist in host system of course.

So does anyone know how to attach (enter namespace) as user 100000 (container root)? Am I missing anything?