Import instance into ubuntu host, docker service failed with "overlay2 failed: driver not supported"

arch host: kernel 6.9.6, with incus 6.2 from arch repo
ubuntu host: 5.15.0-40, with incus 6.2 from zabbly
incus storage: dir
incus instance distro: Rocky Linux 9

the incus instance works well on arch host with df result like this:

╭─root@rk9-joplin ~
╰─# df -h
Filesystem             Size  Used Avail Use% Mounted on
/dev/mapper/arch-home  368G   55G  294G  16% /
none                   492K  4.0K  488K   1% /dev
dev                    7.7G     0  7.7G   0% /dev/tty
efivarfs               268K  147K  117K  56% /sys/firmware/efi/efivars
tmpfs                  100K     0  100K   0% /dev/incus
tmpfs                  100K     0  100K   0% /dev/.incus-mounts
tmpfs                  7.7G  1.1M  7.7G   1% /dev/shm
tmpfs                  3.1G  8.3M  3.1G   1% /run
overlay                368G   55G  294G  16% /var/lib/docker/overlay2/6f19dc074b13a77d4cb15bc74a32421e9aaddaaea80ffa46075f427cc9e8d7fd/merged
tmpfs                  1.6G     0  1.6G   0% /run/user/0

And lsmod on arch host shows:

$ lsmod | grep overlay
overlay               233472  1

But on unbuntu host (with same instance exported from Arch host and imported into this), the /var/log/message of Rocky Linux shows:

Jun 27 01:59:03 rk9-joplin dockerd[478]: time="2024-06-27T09:59:03.176629803+08:00" level=info msg="Starting up"
Jun 27 01:59:03 rk9-joplin dockerd[478]: time="2024-06-27T09:59:03.195385127+08:00" level=error msg="failed to mount overlay: invalid argument" storage-driver=overlay2
Jun 27 01:59:03 rk9-joplin dockerd[478]: time="2024-06-27T09:59:03.195414397+08:00" level=error msg="[graphdriver] prior storage driver overlay2 failed: driver not supported"
Jun 27 01:59:03 rk9-joplin dockerd[478]: failed to start daemon: error initializing graphdriver: driver not supported

lsmod shows (on ubuntu host):

$ lsmod | grep overlay
overlay               147456  0

So, is there anything I can do to make the same incus instance work on Ubuntu host?
Thanks in advance.

and switching docker to fuse-overlayfs doesn’t help much either, docker service can work ok, but it will prevent the joplin docker instance from running with some other permission denied like on /proc or something.

With some searching and experiment, the following 2 problems can be resolved:
Error log #1:

prior storage driver overlay2 failed: driver not supported

Solution: rename (backup) the /var/lib/docker and restart the docker.service. If it’s done, then the backup can be removed.

Error log #2:

during container init: error mounting "proc" to rootfs at "/proc"

Solution:

incus config set <container-name> security.nesting true

Hope these above help u somehow.

LXC, Incus, Docker, all use Linux kernel security features to implement containers in software. Those features are namespaces and cgroups.

By default, these security features do not support nesting. That is, if you are using LXC and then in a LXC container you setup Docker, then Docker (the inner) is not able to use those security features because LXC (the outer) has not enabled nesting.

Therefore, when you want to make a setup that has Linux Containers within Linux Containers, you need to enable nesting on the outer implementation of Linux Containers.

thanks for letting me know that.
But how to understand that the docker container works out-of-the-box on Arch host on my laptop, but the nesting has to be manually enabled on Ubuntu host on a cloud based vm? With the same incus version.

In Incus you can get nesting with unprivileged containers. You enable security.nesting=true and then your unprivileged container can be an outer container.

Whereas in Docker the outer Docker container is privileged.

Got that.
I think the only difference between the two set is -

#1 physical host --> lxc container (incus 6.2) --> docker container (no nesting=true needed)
#2 cloud vm host --> lxc container (incus 6.2) --> docker container (nesting=true needed)

I don’t think there is any other difference than vmx ok between the 2 hosts.
I mean, in case #1, I can still got vmx from cpuinfo even in incus instance, but for #2, vmx is NOT there even in vm host.

I get an error when I try that.

$ incus launch images:debian/12/cloud outer
Launching outer
$ incus debian outer
debian@outer:~$ sudo apt install curl
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  libbrotli1 libcurl4 libnghttp2-14 libpsl5 librtmp1 libssh2-1 publicsuffix
The following NEW packages will be installed:
  curl libbrotli1 libcurl4 libnghttp2-14 libpsl5 librtmp1 libssh2-1
  publicsuffix
0 upgraded, 8 newly installed, 0 to remove and 0 not upgraded.
Need to get 1477 kB of archives.
After this operation, 3351 kB of additional disk space will be used.
Do you want to continue? [Y/n] 
Get:1 http://deb.debian.org/debian bookworm/main amd64 libbrotli1 amd64 1.0.9-2+b6 [275 kB]
Get:2 http://deb.debian.org/debian bookworm/main amd64 libnghttp2-14 amd64 1.52.0-1+deb12u1 [72.4 kB]
Get:3 http://deb.debian.org/debian bookworm/main amd64 libpsl5 amd64 0.21.2-1 [58.7 kB]
Get:4 http://deb.debian.org/debian bookworm/main amd64 librtmp1 amd64 2.4+20151223.gitfa8646d.1-2+b2 [60.8 kB]
Get:5 http://deb.debian.org/debian bookworm/main amd64 libssh2-1 amd64 1.10.0-3+b1 [179 kB]
Get:6 http://deb.debian.org/debian bookworm/main amd64 libcurl4 amd64 7.88.1-10+deb12u5 [390 kB]
Get:7 http://deb.debian.org/debian bookworm/main amd64 curl amd64 7.88.1-10+deb12u5 [315 kB]
Get:8 http://deb.debian.org/debian bookworm/main amd64 publicsuffix all 20230209.2326-1 [126 kB]
Fetched 1477 kB in 0s (4133 kB/s)    
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package libbrotli1:amd64.
(Reading database ... 15591 files and directories currently installed.)
Preparing to unpack .../0-libbrotli1_1.0.9-2+b6_amd64.deb ...
Unpacking libbrotli1:amd64 (1.0.9-2+b6) ...
Selecting previously unselected package libnghttp2-14:amd64.
Preparing to unpack .../1-libnghttp2-14_1.52.0-1+deb12u1_amd64.deb ...
Unpacking libnghttp2-14:amd64 (1.52.0-1+deb12u1) ...
Selecting previously unselected package libpsl5:amd64.
Preparing to unpack .../2-libpsl5_0.21.2-1_amd64.deb ...
Unpacking libpsl5:amd64 (0.21.2-1) ...
Selecting previously unselected package librtmp1:amd64.
Preparing to unpack .../3-librtmp1_2.4+20151223.gitfa8646d.1-2+b2_amd64.deb ...
Unpacking librtmp1:amd64 (2.4+20151223.gitfa8646d.1-2+b2) ...
Selecting previously unselected package libssh2-1:amd64.
Preparing to unpack .../4-libssh2-1_1.10.0-3+b1_amd64.deb ...
Unpacking libssh2-1:amd64 (1.10.0-3+b1) ...
Selecting previously unselected package libcurl4:amd64.
Preparing to unpack .../5-libcurl4_7.88.1-10+deb12u5_amd64.deb ...
Unpacking libcurl4:amd64 (7.88.1-10+deb12u5) ...
Selecting previously unselected package curl.
Preparing to unpack .../6-curl_7.88.1-10+deb12u5_amd64.deb ...
Unpacking curl (7.88.1-10+deb12u5) ...
Selecting previously unselected package publicsuffix.
Preparing to unpack .../7-publicsuffix_20230209.2326-1_all.deb ...
Unpacking publicsuffix (20230209.2326-1) ...
Setting up libpsl5:amd64 (0.21.2-1) ...
Setting up libbrotli1:amd64 (1.0.9-2+b6) ...
Setting up libnghttp2-14:amd64 (1.52.0-1+deb12u1) ...
Setting up librtmp1:amd64 (2.4+20151223.gitfa8646d.1-2+b2) ...
Setting up libssh2-1:amd64 (1.10.0-3+b1) ...
Setting up publicsuffix (20230209.2326-1) ...
Setting up libcurl4:amd64 (7.88.1-10+deb12u5) ...
Setting up curl (7.88.1-10+deb12u5) ...
Processing triggers for libc-bin (2.36-9+deb12u7) ...
debian@outer:~$ # Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
Hit:1 http://deb.debian.org/debian bookworm InRelease
Get:2 http://deb.debian.org/debian bookworm-updates InRelease [55.4 kB]
Get:3 http://deb.debian.org/debian-security bookworm-security InRelease [48.0 kB]
Fetched 103 kB in 0s (258 kB/s)   
Reading package lists... Done
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
ca-certificates is already the newest version (20230311).
ca-certificates set to manually installed.
curl is already the newest version (7.88.1-10+deb12u5).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Hit:1 http://deb.debian.org/debian bookworm InRelease
Hit:2 http://deb.debian.org/debian bookworm-updates InRelease
Get:3 https://download.docker.com/linux/debian bookworm InRelease [43.3 kB]
Hit:4 http://deb.debian.org/debian-security bookworm-security InRelease
Get:5 https://download.docker.com/linux/debian bookworm/stable amd64 Packages [25.7 kB]
Fetched 69.0 kB in 1s (123 kB/s)    
Reading package lists... Done
debian@outer:~$ sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  apparmor docker-ce-rootless-extras git git-man iptables less libcurl3-gnutls
  liberror-perl libgdbm-compat4 libgdbm6 libglib2.0-0 libglib2.0-data libicu72
  libip6tc2 libjansson4 libltdl7 libnetfilter-conntrack3 libnfnetlink0
  libnftables1 libnftnl11 libperl5.36 libslirp0 libxml2 nftables patch perl
  perl-modules-5.36 pigz shared-mime-info slirp4netns xdg-user-dirs xz-utils
Suggested packages:
  apparmor-profiles-extra apparmor-utils aufs-tools cgroupfs-mount
  | cgroup-lite gettext-base git-daemon-run | git-daemon-sysvinit git-doc
  git-email git-gui gitk gitweb git-cvs git-mediawiki git-svn firewalld kmod
  gdbm-l10n low-memory-monitor ed diffutils-doc perl-doc
  libterm-readline-gnu-perl | libterm-readline-perl-perl make
  libtap-harness-archive-perl
The following NEW packages will be installed:
  apparmor containerd.io docker-buildx-plugin docker-ce docker-ce-cli
  docker-ce-rootless-extras docker-compose-plugin git git-man iptables less
  libcurl3-gnutls liberror-perl libgdbm-compat4 libgdbm6 libglib2.0-0
  libglib2.0-data libicu72 libip6tc2 libjansson4 libltdl7
  libnetfilter-conntrack3 libnfnetlink0 libnftables1 libnftnl11 libperl5.36
  libslirp0 libxml2 nftables patch perl perl-modules-5.36 pigz
  shared-mime-info slirp4netns xdg-user-dirs xz-utils
0 upgraded, 37 newly installed, 0 to remove and 0 not upgraded.
Need to get 155 MB of archives.
After this operation, 601 MB of additional disk space will be used.
Do you want to continue? [Y/n] 
Get:1 https://download.docker.com/linux/debian bookworm/stable amd64 containerd.io amd64 1.7.18-1 [30.5 MB]
Get:2 http://deb.debian.org/debian bookworm/main amd64 perl-modules-5.36 all 5.36.0-7+deb12u1 [2815 kB]
Get:3 http://deb.debian.org/debian bookworm/main amd64 libgdbm6 amd64 1.23-3 [72.2 kB]
Get:4 http://deb.debian.org/debian bookworm/main amd64 libgdbm-compat4 amd64 1.23-3 [48.2 kB]
Get:5 http://deb.debian.org/debian bookworm/main amd64 libperl5.36 amd64 5.36.0-7+deb12u1 [4218 kB]
Get:6 http://deb.debian.org/debian bookworm/main amd64 perl amd64 5.36.0-7+deb12u1 [239 kB]
Get:7 http://deb.debian.org/debian bookworm/main amd64 pigz amd64 2.6-1 [64.0 kB]
Get:8 http://deb.debian.org/debian-security bookworm-security/main amd64 less amd64 590-2.1~deb12u2 [132 kB]
Get:9 http://deb.debian.org/debian bookworm/main amd64 libjansson4 amd64 2.14-2 [40.8 kB]
Get:10 http://deb.debian.org/debian bookworm/main amd64 libnftnl11 amd64 1.2.4-2 [61.6 kB]
Get:11 http://deb.debian.org/debian bookworm/main amd64 libnftables1 amd64 1.0.6-2+deb12u2 [299 kB]
Get:12 http://deb.debian.org/debian bookworm/main amd64 nftables amd64 1.0.6-2+deb12u2 [70.3 kB]
Get:13 http://deb.debian.org/debian bookworm/main amd64 xz-utils amd64 5.4.1-0.2 [471 kB]
Get:14 http://deb.debian.org/debian bookworm/main amd64 apparmor amd64 3.0.8-3 [616 kB]
Get:15 http://deb.debian.org/debian bookworm/main amd64 libip6tc2 amd64 1.8.9-2 [19.4 kB]
Get:16 http://deb.debian.org/debian bookworm/main amd64 libnfnetlink0 amd64 1.0.2-2 [15.1 kB]
Get:17 http://deb.debian.org/debian bookworm/main amd64 libnetfilter-conntrack3 amd64 1.0.9-3 [40.7 kB]
Get:18 http://deb.debian.org/debian bookworm/main amd64 iptables amd64 1.8.9-2 [360 kB]
Get:19 http://deb.debian.org/debian bookworm/main amd64 libcurl3-gnutls amd64 7.88.1-10+deb12u5 [385 kB]
Get:20 http://deb.debian.org/debian bookworm/main amd64 liberror-perl all 0.17029-2 [29.0 kB]
Get:21 http://deb.debian.org/debian bookworm/main amd64 git-man all 1:2.39.2-1.1 [2049 kB]
Get:22 http://deb.debian.org/debian bookworm/main amd64 git amd64 1:2.39.2-1.1 [7171 kB]
Get:23 http://deb.debian.org/debian-security bookworm-security/main amd64 libglib2.0-0 amd64 2.74.6-2+deb12u2 [1399 kB]
Get:24 http://deb.debian.org/debian-security bookworm-security/main amd64 libglib2.0-data all 2.74.6-2+deb12u2 [1209 kB]
Get:25 http://deb.debian.org/debian bookworm/main amd64 libicu72 amd64 72.1-3 [9376 kB]
Get:26 http://deb.debian.org/debian bookworm/main amd64 libltdl7 amd64 2.4.7-5 [393 kB]
Get:27 http://deb.debian.org/debian bookworm/main amd64 libslirp0 amd64 4.7.0-1 [63.0 kB]                                                                                                                         
Get:28 http://deb.debian.org/debian bookworm/main amd64 libxml2 amd64 2.9.14+dfsg-1.3~deb12u1 [687 kB]                                                                                                            
Get:29 http://deb.debian.org/debian bookworm/main amd64 patch amd64 2.7.6-7 [128 kB]                                                                                                                              
Get:30 http://deb.debian.org/debian bookworm/main amd64 shared-mime-info amd64 2.2-1 [729 kB]                                                                                                                     
Get:31 http://deb.debian.org/debian bookworm/main amd64 slirp4netns amd64 1.2.0-1 [37.5 kB]                                                                                                                       
Get:32 http://deb.debian.org/debian bookworm/main amd64 xdg-user-dirs amd64 0.18-1 [54.4 kB]                                                                                                                      
Get:33 https://download.docker.com/linux/debian bookworm/stable amd64 docker-buildx-plugin amd64 0.15.1-1~debian.12~bookworm [29.8 MB]                                                                            
Get:34 https://download.docker.com/linux/debian bookworm/stable amd64 docker-ce-cli amd64 5:27.0.2-1~debian.12~bookworm [14.6 MB]                                                                                 
Get:35 https://download.docker.com/linux/debian bookworm/stable amd64 docker-ce amd64 5:27.0.2-1~debian.12~bookworm [25.2 MB]                                                                                     
Get:36 https://download.docker.com/linux/debian bookworm/stable amd64 docker-ce-rootless-extras amd64 5:27.0.2-1~debian.12~bookworm [9316 kB]                                                                     
Get:37 https://download.docker.com/linux/debian bookworm/stable amd64 docker-compose-plugin amd64 2.28.1-1~debian.12~bookworm [12.5 MB]                                                                           
Fetched 155 MB in 26s (5904 kB/s)                                                                                                                                                                                 
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package perl-modules-5.36.
(Reading database ... 15654 files and directories currently installed.)
Preparing to unpack .../00-perl-modules-5.36_5.36.0-7+deb12u1_all.deb ...
Unpacking perl-modules-5.36 (5.36.0-7+deb12u1) ...
Selecting previously unselected package libgdbm6:amd64.
Preparing to unpack .../01-libgdbm6_1.23-3_amd64.deb ...
Unpacking libgdbm6:amd64 (1.23-3) ...
Selecting previously unselected package libgdbm-compat4:amd64.
Preparing to unpack .../02-libgdbm-compat4_1.23-3_amd64.deb ...
Unpacking libgdbm-compat4:amd64 (1.23-3) ...
Selecting previously unselected package libperl5.36:amd64.
Preparing to unpack .../03-libperl5.36_5.36.0-7+deb12u1_amd64.deb ...
Unpacking libperl5.36:amd64 (5.36.0-7+deb12u1) ...
Selecting previously unselected package perl.
Preparing to unpack .../04-perl_5.36.0-7+deb12u1_amd64.deb ...
Unpacking perl (5.36.0-7+deb12u1) ...
Selecting previously unselected package pigz.
Preparing to unpack .../05-pigz_2.6-1_amd64.deb ...
Unpacking pigz (2.6-1) ...
Selecting previously unselected package less.
Preparing to unpack .../06-less_590-2.1~deb12u2_amd64.deb ...
Unpacking less (590-2.1~deb12u2) ...
Selecting previously unselected package libjansson4:amd64.
Preparing to unpack .../07-libjansson4_2.14-2_amd64.deb ...
Unpacking libjansson4:amd64 (2.14-2) ...
Selecting previously unselected package libnftnl11:amd64.
Preparing to unpack .../08-libnftnl11_1.2.4-2_amd64.deb ...
Unpacking libnftnl11:amd64 (1.2.4-2) ...
Selecting previously unselected package libnftables1:amd64.
Preparing to unpack .../09-libnftables1_1.0.6-2+deb12u2_amd64.deb ...
Unpacking libnftables1:amd64 (1.0.6-2+deb12u2) ...
Selecting previously unselected package nftables.
Preparing to unpack .../10-nftables_1.0.6-2+deb12u2_amd64.deb ...
Unpacking nftables (1.0.6-2+deb12u2) ...
Selecting previously unselected package xz-utils.
Preparing to unpack .../11-xz-utils_5.4.1-0.2_amd64.deb ...
Unpacking xz-utils (5.4.1-0.2) ...
Selecting previously unselected package apparmor.
Preparing to unpack .../12-apparmor_3.0.8-3_amd64.deb ...
Unpacking apparmor (3.0.8-3) ...
Selecting previously unselected package containerd.io.
Preparing to unpack .../13-containerd.io_1.7.18-1_amd64.deb ...
Unpacking containerd.io (1.7.18-1) ...
Selecting previously unselected package docker-buildx-plugin.
Preparing to unpack .../14-docker-buildx-plugin_0.15.1-1~debian.12~bookworm_amd64.deb ...
Unpacking docker-buildx-plugin (0.15.1-1~debian.12~bookworm) ...
Selecting previously unselected package docker-ce-cli.
Preparing to unpack .../15-docker-ce-cli_5%3a27.0.2-1~debian.12~bookworm_amd64.deb ...
Unpacking docker-ce-cli (5:27.0.2-1~debian.12~bookworm) ...
Selecting previously unselected package libip6tc2:amd64.
Preparing to unpack .../16-libip6tc2_1.8.9-2_amd64.deb ...
Unpacking libip6tc2:amd64 (1.8.9-2) ...
Selecting previously unselected package libnfnetlink0:amd64.
Preparing to unpack .../17-libnfnetlink0_1.0.2-2_amd64.deb ...
Unpacking libnfnetlink0:amd64 (1.0.2-2) ...
Selecting previously unselected package libnetfilter-conntrack3:amd64.
Preparing to unpack .../18-libnetfilter-conntrack3_1.0.9-3_amd64.deb ...
Unpacking libnetfilter-conntrack3:amd64 (1.0.9-3) ...
Selecting previously unselected package iptables.
Preparing to unpack .../19-iptables_1.8.9-2_amd64.deb ...
Unpacking iptables (1.8.9-2) ...
Selecting previously unselected package docker-ce.
Preparing to unpack .../20-docker-ce_5%3a27.0.2-1~debian.12~bookworm_amd64.deb ...
Unpacking docker-ce (5:27.0.2-1~debian.12~bookworm) ...
Selecting previously unselected package docker-ce-rootless-extras.
Preparing to unpack .../21-docker-ce-rootless-extras_5%3a27.0.2-1~debian.12~bookworm_amd64.deb ...
Unpacking docker-ce-rootless-extras (5:27.0.2-1~debian.12~bookworm) ...
Selecting previously unselected package docker-compose-plugin.
Preparing to unpack .../22-docker-compose-plugin_2.28.1-1~debian.12~bookworm_amd64.deb ...
Unpacking docker-compose-plugin (2.28.1-1~debian.12~bookworm) ...
Selecting previously unselected package libcurl3-gnutls:amd64.
Preparing to unpack .../23-libcurl3-gnutls_7.88.1-10+deb12u5_amd64.deb ...
Unpacking libcurl3-gnutls:amd64 (7.88.1-10+deb12u5) ...
Selecting previously unselected package liberror-perl.
Preparing to unpack .../24-liberror-perl_0.17029-2_all.deb ...
Unpacking liberror-perl (0.17029-2) ...
Selecting previously unselected package git-man.
Preparing to unpack .../25-git-man_1%3a2.39.2-1.1_all.deb ...
Unpacking git-man (1:2.39.2-1.1) ...
Selecting previously unselected package git.
Preparing to unpack .../26-git_1%3a2.39.2-1.1_amd64.deb ...
Unpacking git (1:2.39.2-1.1) ...
Selecting previously unselected package libglib2.0-0:amd64.
Preparing to unpack .../27-libglib2.0-0_2.74.6-2+deb12u2_amd64.deb ...
Unpacking libglib2.0-0:amd64 (2.74.6-2+deb12u2) ...
Selecting previously unselected package libglib2.0-data.
Preparing to unpack .../28-libglib2.0-data_2.74.6-2+deb12u2_all.deb ...
Unpacking libglib2.0-data (2.74.6-2+deb12u2) ...
Selecting previously unselected package libicu72:amd64.
Preparing to unpack .../29-libicu72_72.1-3_amd64.deb ...
Unpacking libicu72:amd64 (72.1-3) ...
Selecting previously unselected package libltdl7:amd64.
Preparing to unpack .../30-libltdl7_2.4.7-5_amd64.deb ...
Unpacking libltdl7:amd64 (2.4.7-5) ...
Selecting previously unselected package libslirp0:amd64.
Preparing to unpack .../31-libslirp0_4.7.0-1_amd64.deb ...
Unpacking libslirp0:amd64 (4.7.0-1) ...
Selecting previously unselected package libxml2:amd64.
Preparing to unpack .../32-libxml2_2.9.14+dfsg-1.3~deb12u1_amd64.deb ...
Unpacking libxml2:amd64 (2.9.14+dfsg-1.3~deb12u1) ...
Selecting previously unselected package patch.
Preparing to unpack .../33-patch_2.7.6-7_amd64.deb ...
Unpacking patch (2.7.6-7) ...
Selecting previously unselected package shared-mime-info.
Preparing to unpack .../34-shared-mime-info_2.2-1_amd64.deb ...
Unpacking shared-mime-info (2.2-1) ...
Selecting previously unselected package slirp4netns.
Preparing to unpack .../35-slirp4netns_1.2.0-1_amd64.deb ...
Unpacking slirp4netns (1.2.0-1) ...
Selecting previously unselected package xdg-user-dirs.
Preparing to unpack .../36-xdg-user-dirs_0.18-1_amd64.deb ...
Unpacking xdg-user-dirs (0.18-1) ...
Setting up libicu72:amd64 (72.1-3) ...
Setting up xdg-user-dirs (0.18-1) ...
Setting up libip6tc2:amd64 (1.8.9-2) ...
Setting up libglib2.0-0:amd64 (2.74.6-2+deb12u2) ...
No schema files found: doing nothing.
Setting up less (590-2.1~deb12u2) ...
Setting up libnftnl11:amd64 (1.2.4-2) ...
Setting up libcurl3-gnutls:amd64 (7.88.1-10+deb12u5) ...
Setting up libjansson4:amd64 (2.14-2) ...
Setting up apparmor (3.0.8-3) ...
Created symlink /etc/systemd/system/sysinit.target.wants/apparmor.service → /lib/systemd/system/apparmor.service.
Reloading AppArmor profiles 
Setting up docker-buildx-plugin (0.15.1-1~debian.12~bookworm) ...
Setting up perl-modules-5.36 (5.36.0-7+deb12u1) ...
Setting up libglib2.0-data (2.74.6-2+deb12u2) ...
Setting up xz-utils (5.4.1-0.2) ...
update-alternatives: using /usr/bin/xz to provide /usr/bin/lzma (lzma) in auto mode
Setting up containerd.io (1.7.18-1) ...
Created symlink /etc/systemd/system/multi-user.target.wants/containerd.service → /lib/systemd/system/containerd.service.
Setting up patch (2.7.6-7) ...
Setting up docker-compose-plugin (2.28.1-1~debian.12~bookworm) ...
Setting up libltdl7:amd64 (2.4.7-5) ...
Setting up docker-ce-cli (5:27.0.2-1~debian.12~bookworm) ...
Setting up libslirp0:amd64 (4.7.0-1) ...
Setting up pigz (2.6-1) ...
Setting up libnfnetlink0:amd64 (1.0.2-2) ...
Setting up git-man (1:2.39.2-1.1) ...
Setting up docker-ce-rootless-extras (5:27.0.2-1~debian.12~bookworm) ...
Setting up libxml2:amd64 (2.9.14+dfsg-1.3~deb12u1) ...
Setting up libgdbm6:amd64 (1.23-3) ...
Setting up libnftables1:amd64 (1.0.6-2+deb12u2) ...
Setting up nftables (1.0.6-2+deb12u2) ...
Setting up slirp4netns (1.2.0-1) ...
Setting up shared-mime-info (2.2-1) ...
Setting up libgdbm-compat4:amd64 (1.23-3) ...
Setting up libnetfilter-conntrack3:amd64 (1.0.9-3) ...
Setting up libperl5.36:amd64 (5.36.0-7+deb12u1) ...
Setting up iptables (1.8.9-2) ...
update-alternatives: using /usr/sbin/iptables-legacy to provide /usr/sbin/iptables (iptables) in auto mode
update-alternatives: using /usr/sbin/ip6tables-legacy to provide /usr/sbin/ip6tables (ip6tables) in auto mode
update-alternatives: using /usr/sbin/iptables-nft to provide /usr/sbin/iptables (iptables) in auto mode
update-alternatives: using /usr/sbin/ip6tables-nft to provide /usr/sbin/ip6tables (ip6tables) in auto mode
update-alternatives: using /usr/sbin/arptables-nft to provide /usr/sbin/arptables (arptables) in auto mode
update-alternatives: using /usr/sbin/ebtables-nft to provide /usr/sbin/ebtables (ebtables) in auto mode
Setting up perl (5.36.0-7+deb12u1) ...
Setting up docker-ce (5:27.0.2-1~debian.12~bookworm) ...
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /lib/systemd/system/docker.service.
Created symlink /etc/systemd/system/sockets.target.wants/docker.socket → /lib/systemd/system/docker.socket.
Setting up liberror-perl (0.17029-2) ...
Setting up git (1:2.39.2-1.1) ...
Processing triggers for libc-bin (2.36-9+deb12u7) ...
debian@outer:~$ sudo docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
c1ec31eb5944: Pull complete 
Digest: sha256:94323f3e5e09a8b9515d74337010375a456c909543e1ff1538f5116d38ab3989
Status: Downloaded newer image for hello-world:latest
docker: Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting "proc" to rootfs at "/proc": mount proc:/proc (via /proc/self/fd/6), flags: 0xe: permission denied: unknown.
debian@outer:~$ 

Appreciate your continuous support, Simos.
And this is mine, without nesting = true, and seems working well - don’t know why though…

# aquifer @ arch-laptop in ~ [21:00:22]
$ cat /etc/os-release
NAME="Arch Linux"
PRETTY_NAME="Arch Linux"
ID=arch
BUILD_ID=rolling
ANSI_COLOR="38;2;23;147;209"
HOME_URL="https://archlinux.org/"
DOCUMENTATION_URL="https://wiki.archlinux.org/"
SUPPORT_URL="https://bbs.archlinux.org/"
BUG_REPORT_URL="https://gitlab.archlinux.org/groups/archlinux/-/issues"
PRIVACY_POLICY_URL="https://terms.archlinux.org/docs/privacy-policy/"
LOGO=archlinux-logo

# aquifer @ arch-laptop in ~ [21:00:26]
$ incus profile show default
config:
  security.secureboot: "false"
description: Default Incus profile
devices:
  eth0:
    name: eth0
    network: br-incus0
    type: nic
  root:
    path: /
    pool: default
    type: disk
name: default
used_by:
- /1.0/instances/arch-proxy
- /1.0/instances/deb12
- /1.0/instances/rk9-vm
- /1.0/instances/rk9-joplin
project: default

# aquifer @ arch-laptop in ~ [21:00:44]
$ incus config show rk9-joplin
architecture: x86_64
config:
  image.architecture: amd64
  image.description: Rockylinux 9 amd64 (20240605_02:06)
  image.os: Rockylinux
  image.release: "9"
  image.requirements.cdrom_agent: "true"
  image.serial: "20240605_02:06"
  image.type: squashfs
  image.variant: cloud
  volatile.base_image: 37c2cd88c3656274550e18e5249bf4f891e969b438aca0e9d70f6a8e6a6be1f7
  volatile.cloud-init.instance-id: 5d085303-1daf-4b55-874c-6a69d176ea0a
  volatile.eth0.host_name: veth886f4d6d
  volatile.eth0.hwaddr: 00:16:3e:ef:1c:5d
  volatile.idmap.base: "0"
  volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.last_state.idmap: '[]'
  volatile.last_state.power: RUNNING
  volatile.last_state.ready: "false"
  volatile.uuid: e82c89a5-93a1-4cfb-84a3-afcfcc514307
  volatile.uuid.generation: e82c89a5-93a1-4cfb-84a3-afcfcc514307
devices: {}
ephemeral: false
profiles:
- default
stateful: false
description: ""

# aquifer @ arch-laptop in ~ [21:00:52]
$ incus exec rk9-joplin -- docker ps
CONTAINER ID   IMAGE                  COMMAND                  CREATED        STATUS        PORTS                                           NAMES
47aa7d6d2285   joplin/server:latest   "tini -- yarn start-…"   13 hours ago   Up 12 hours   0.0.0.0:22300->22300/tcp, :::22300->22300/tcp   romantic_hermann

Perhaps the Arch build incus 6.2 has default nesting = true enabled?
But how this can be examined?

Could be something like that, that is, distro-specific configuration.

That example looks like it is specifically for 24.04 though I do not run that version.

Therefore, at this stage I do not know what’s going on.

muchas gracias, @simos