Error while installing wine in a docker container (snap) inside LXD

I am trying to install the docker container https://github.com/jaikumarm/docker-iqfeed inside LXD.
When installing wine inside the docker container, I get the following error:

Step 14/24 : RUN dpkg --add-architecture i386 && apt-get update && apt-get upgrade -yq && apt-get install -yq --no-install-recommends software-properties-common apt-utils supervisor xvfb wget tar gpg-agent bbe netcat-openbsd net-tools && wget -O - https://dl.winehq.org/wine-builds/winehq.key | apt-key add - && echo ‘deb https://dl.winehq.org/wine-builds/ubuntu/ focal main’ |tee /etc/apt/sources.list.d/winehq.list && apt-get update && apt-get install -yq --no-install-recommends winehq-stable winbind winetricks cabextract && mkdir /opt/wine-stable/share/wine/mono && wget -O - https://dl.winehq.org/wine/wine-mono/4.9.4/wine-mono-bin-4.9.4.tar.gz |tar -xzv -C /opt/wine-stable/share/wine/mono && mkdir /opt/wine-stable/share/wine/gecko && wget -O /opt/wine-stable/share/wine/gecko/wine-gecko-2.47.1-x86.msi https://dl.winehq.org/wine/wine-gecko/2.47.1/wine-gecko-2.47.1-x86.msi && wget -O /opt/wine-stable/share/wine/gecko/wine-gecko-2.47.1-x86_64.msi https://dl.winehq.org/wine/wine-gecko/2.47.1/wine-gecko-2.47.1-x86_64.msi && apt-get install -yq --no-install-recommends git python3 python3-setuptools python3-numpy python3-pip python3-tz python3-psycopg2 python3-dateutil python3-sqlalchemy python3-pandas && apt-get autoremove -y --purge && apt-get clean -y && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
—> Running in 35395dfd3095
OCI runtime create failed: container_linux.go:349: starting container process caused “process_linux.go:449: container init caused “rootfs_linux.go:58: mounting \“proc\” to rootfs \”/var/snap/docker/common/var-lib-docker/overlay2/47cff7ae2ce809720ff63ceaf7d8ab69a898fcd6cd23ae25bc7ca906d186d8c4/merged\” at \"/proc\" caused \“permission denied\”"": unknown

Does anyone see a fix for this? (outside LXD it all works fine)

Do you have security.nesting set to true?

No, this is the config (all default):

architecture: x86_64
config:
image.architecture: amd64
image.description: ubuntu 20.04 LTS amd64 (minimal release) (20210416)
image.label: minimal release
image.os: ubuntu
image.release: focal
image.serial: “20210416”
image.type: squashfs
image.version: “20.04”
volatile.base_image: 33f6cf0f91ceeb7e71fc12afcf19e2bbfc4bfbdc7ae25e6848d9254a167c3307
volatile.eth0.host_name: vetha3efd23f
volatile.eth0.hwaddr: 00:16:3e:38:ce:33
volatile.idmap.base: “0”
volatile.idmap.current: ‘[{“Isuid”:true,“Isgid”:false,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000},{“Isuid”:false,“Isgid”:true,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000}]’
volatile.idmap.next: ‘[{“Isuid”:true,“Isgid”:false,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000},{“Isuid”:false,“Isgid”:true,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000}]’
volatile.last_state.idmap: ‘[{“Isuid”:true,“Isgid”:false,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000},{“Isuid”:false,“Isgid”:true,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000}]’
volatile.last_state.power: RUNNING
volatile.uuid: 4e89246b-f84f-463d-8779-4ac5abb85ca4
devices: {}
ephemeral: false
profiles:

  • default
    stateful: false
    description: “”

You’re going to need security.nesting to run a nested container.

Perfect! Worked :slight_smile:
Thanks a lot!