I’m trying to run docker with qemu-user-static in an lxd container. My build environment (google coral board, mendel linux) requests qemu-user-static with Docker for some cross-compilation tasks.
Docker complains that it can’t access /proc/sys/fs/binfmt_misc.
$ docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
find: /proc/sys/fs/binfmt_misc: Permission denied
I’ve found that an apparmor policy is in place for my container (called ‘mendel’)
sudo vi /var/snap/lxd/common/lxd/security/apparmor/profiles/lxd-mendel
(...)
# Handle binfmt
mount fstype=binfmt_misc -> /proc/sys/fs/binfmt_misc/,
deny /proc/sys/fs/binfmt_misc/{,**} rwklx,
(...)
Note: ‘mendel’ is configured to run nesting and privileged.
security.nesting: "true"
security.privileged: "true"
Also, I tried the workaround here but it didn’t work.
I can of course run docker in a virtualized environment instead, such LXD with VM support, but in this case the price I pay would be the compilation speed, I’d rather prefer a container solution for my build environment.
Any suggestions/recommendations?