Nested containers not constrained by cpu limits of the parent container

Setting limits.cpu constraint on an Incus container works fine and the offline cpus can be easily verified with lscpu.

However, when running a nested Docker container, the nested containers are not bound by the limits.cpu constraint and are able to use the entire cpus on the host, also verifiable with lscpu within the nested container.

Any idea if this is by design?

Thanks.

The limit is absolutely enforced.

The problem is about visibiltiy within the nested container. Docker doesn’t use LXCFS so things like /proc/cpuinfo and /sys/bus/cpu will still show all CPUs despite the limit being applied.