On dev enabling these settings works fine. On prod I can’t start the container anymore because of Common start logic: System doesn't support syscall interception.
I span up a few more dev VPSs to play around on to see if I can lock it down.
First I replicated my prod environment ensuring lxd and lxc were build from the 4.0 tarballs and making sure the kernel was the same. On this VPS docker would also not pull (certain) images.
I upgraded to LXD 4.1 and LXC 4.0.2 from source but Docker images would still not work.
Next I installed LXD using Snap which I had done in my working dev environment. With this version Docker started working just fine in the container.
Could you have any idea what I am doing wrong with my source builds that prevents this from working?
I want to ask something. Is there a way to use kubernetes to orchestrate linux containers ?
From a quick search, i found that you can install kubernetes inside linux containers , but you can’t manage linux containers with kubernetes. Am i wrong ?
Since everything seems up-to-date except libseccomp I think that’s the culprit.
I tried my best to compile lxc against libseccomp from master but it keeps using the server wide version. Does anybody have any tips how to use the specific libseccomp I need?
Perhaps I’m approaching this the wrong way. The main issue I’m trying to solve is that I need a newer Ceph than is bundled in the Snap. Can I use a Ceph outside of the Snap somehow?