As discussed/resolved in https://github.com/lxc/lxc/issues/1370 it appears that Debian would require some kernel patch to enable overlayfs for unprivileged containers. A very simple test, isolating this to overlayfs, is given in the fourth comment: https://github.com/lxc/lxc/issues/1370#issuecomment-269845311 Apperently, there are security implications associated with such a patch; see remarks there.
This bug needs to be re-assigned to the overlayfs subsystem, from lxc
