Can not run docker in ubuntu22.04 container

libinkai · November 27, 2025, 2:08am

Hi, it seem that can not run docker inside ubuntu22.04 container, got error docker: Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: open sysctl net.ipv4.ip_unprivileged_port_start file: reopen fd 8: permission denied: unknown

lxc launch ubuntu:22.04 jammy-instance

lxc config set jammy-instance security.nesting true

lxc shell jammy-instance

apt update

apt install docker.io

docker run --rm docker.io/oamdev/hello-world:latest

I found this issue Unable to initialize Docker on INCUS - #15 by stgraber, but I don’t know how to solve it in lxd ubuntu container.

stgraber · November 27, 2025, 2:10am

That’s because of a security fix in runc. Incus has been patched (at least in the Zabbly packages) to handle the new behavior.

Though as you’re using LXD, we can’t really help you, you’d have to reach out to Canonical for that.

libinkai · November 27, 2025, 2:37am

Hi, stgraber, long time no see.
Are you no longer in the lxd team? Will lxd still be maintained in the future?

stgraber · November 27, 2025, 2:42am

I’ve left the LXD team more than 2 years ago.

There are quite a few posts on the internet about what happened, but in short, I left Canonical in mid 2023 with the intention of remaining active in the LXD project and under the assumption that LXD would remain a part of the Linux Containers project.

That didn’t happen. Canonical took LXD, rebranded it “Canonical LXD”, kicked out all of the non-employees from the project and a few months later changed the LXD license and added the requirement to assign one’s copyright to Canonical in order to contribute.

From that mess came Incus, a community fork of LXD which has then been growing ever since. I’m one of the maintainers of Incus, in fact all the original creators of LXD are Incus maintainers as none of us work at Canonical anymore.

libinkai · November 27, 2025, 2:52am

Oh, I remember this matter now.
There are currently two forums available: Linux Container Forum and Canonical Forum.
Anyway, thank you for your great contribution for lxd.

libinkai · November 27, 2025, 3:53am

degrade runc can solve this problem
apt install runc=1.1.0-0ubuntu1

stgraber · November 27, 2025, 4:27am

Yeah but it also re-introduces the security issues fixed in the newer version, so not exactly advisable.

system · December 27, 2025, 4:27am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.