I just hit almost the same issue as #14363 (mine reads "ApplyLayer exit status 1 stdout: stderr: chmod /bin/mount: permission denied") , also under Gentoo. It is related to the use of the kernels built with grsec such as Gentoo's hardened-sources package.

After some digging, I changed the following:

echo 0 >/proc/sys/kernel/grsecurity/chroot_deny_chmod

This appears to fix the problem, but hits another problem more like that shown in #14363, "ApplyLayer exit status 1 stdout: stderr: operation not permitted". So I tried adding the following from #14363, just to test if it works. (Note that disabling this option appears to be a very bad idea from a security standpoint!)

echo 0 >/proc/sys/kernel/grsecurity/chroot_deny_mknod

The result was that it worked.

To save anyone the hassle in future, Docker could check for the existence of /proc/sys/kernel/grsecurity/chroot_deny_chmod and /proc/sys/kernel/grsecurity/chroot_deny_mknod and, if present, ensure the values of both are 0.