AppArmor issue with Docker in LXD


I know that this usually is supposed to work, but I’m having a bad time running Docker inside of LXD.

Running containers works fine, but any network connection just results in an apparmor error like this:

34954.470560] audit: type=1400 audit(1638871533.634:255559786): apparmor="DENIED" operation="create" namespace="root//lxd-loyal-bengal_<var-lib-lxd>" profile="docker-default" pid=2476443 comm="http" family="unix" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create" addr=none

I’ve set security.nesting and the LXD container itself is not privileged.
Running a “privileged” docker container works fine (I guess then just the apparmor profile already applied by the host gets used).

I’ve already tried setting the LXD container to privileged and even setting the profile to unconfined, but I just can’t get this working.

I’m running a custom build of LXD on top of Debian Bullseye, so I have somewhat of a weird setup and might just have an issue in there, but I guess it doesn’t hurt to ask…

Any ideas where to even start looking? :confused:

1 Like

Same issue on Ubuntu 20.04.4 with the latest snap of LXD.