I’ve read many times here in the forums recommendations about setting security.nesting=true in order to run docker inside nested LXD containers.
lxc config set npm security.syscalls.intercept.mknod=true lxc config set npm security.syscalls.intercept.setxattr=true
Are these two other options also necessary for running docker in containers? Or only in certain situations?
I’ve read about these settings at Linux Containers - LXD - Has been moved to Canonical but am still not quite sure about them. With @stgraber mentioning that they could be abused, I’d rather only set them if necessary.
The Ubuntu tutorial at https://ubuntu.com/tutorials/how-to-run-docker-inside-lxd-containers#2-create-lxd-container also recommends these settings on page 2. In that tutorial, are these two additional settings used only in relation to enabling the host OS storage pool (detailed higher up on that same tutorial page) for use with docker inside the container?