I have a nested container running in debian lxc which I am trying to mount /var/run/docker.sock but the container cannot access it. Is this not possible in incus? I did verify my docker-default app armor profile mentions incus.
I created the lxc container with:
incus launch images:debian/12 docker \
-c security.nesting=true \
-c security.syscalls.intercept.mknod=true \
-c security.syscalls.intercept.setxattr=true
In my docker compose inside of the lxc container:
services:
...
volumes:
- '/var/run/docker.sock:/var/run/docker.sock:ro'
The container gets the following error:
ERR Cannot create Docker client error=“permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.47/version": dial unix /var/run/docker.sock: socket: permission denied” provider=docker
and I see this in dmesg on the host:
[19145.517335] audit: type=1400 audit(1742618687.992:826): apparmor=“DENIED” operation=“create” class=“net” info=“failed type and protocol match” error=-13 namespace=“root//incus-docker_” profile=“docker-default” pid=55630 comm=“node” family=“unix” sock_type=“stream” protocol=0 requested=“create” denied=“create” addr=none
Host is Ubuntu 24.04.2