ALI_GOUHAR
November 7, 2025, 12:11pm
1
we are facing an issue where we are unable to run docker inside incus containers. In LXD, we achieved this by adding the security.nesting: “true” string under config inside the container associated profile.
config:
limits.cpu: "6"
limits.memory: 8GiB
security.nesting: "true"
description: memory=8GiB, cpus=6, storage=32GB, pool=SAN, bridge=br301
devices:
eth0:
nictype: bridged
parent: br301
type: nic
root:
path: /
pool: SAN
size: 32GB
type: disk
However, when we do this for incus, and restart the container, docker still refuses to run citing the following error:
docker run hello-world
docker: Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: open sysctl net.ipv4.ip_unprivileged_port_start file: reopen fd 8: permission denied: unknown
stgraber
November 7, 2025, 1:09pm
2
If you’re using the Zabbly packages, please apply your package updates.
If not using the Zabbly packages, please have your Linux distribution look at including this change: incusd/apparmor/lxc: Don't bother with sys/proc protections when nest… by stgraber · Pull Request #2624 · lxc/incus · GitHub
Basically the latest runc security update is using logic that triggers an AppArmor bug.
NinoBYSA
November 7, 2025, 6:42pm
3
I’m using Zabbly packages and I still have the issue after an update.
I’m on a outdated version of Ubuntu (24.10, I need to migrate it but it’s a pain because of a ubuntu bug with zfs) but I do use Zabbly repository for noble.
Are they the only one lacking the update or it’s because the other ones got the update a bit later?
Hi! I registered to let you know.
Your error is unrelated to the product. It will pop all around the community as this is literally docker.io vs AppArmor.
SOLUTION:
opened 02:51AM - 06 Nov 25 UTC
kind/bug
# TL; DR
This is caused by a design flaw in AppArmor when running runc (or Dock… er/Podman/containerd) inside a nested container that has an AppArmor profile applied. We currently cannot work around this issue within runc, so you will need to reconfigure LXC until LXC updates its configurations to avoid this problem.
**PLEASE DO NOT LEAVE COMMENTS IF THESE SOLUTIONS WORKED FOR YOU**
## LXC Users ##
This section applies to *direct* users of LXC.
You need to relax the `/sys` restrictions of the AppArmor profile used for LXC containers. The simplest way is to comment out all of the `deny /sys` lines in `/etc/apparmor.d/abstractions/container-base`:
```
% sudo sed -i.old '/deny \/sys/ s/^/#/g' /etc/apparmor.d/abstractions/lxc/container-base
% sudo apparmor_parser -r /etc/apparmor.d/lxc-containers
% # This should've worked, but you may need to restart your LXC containers.
```
This will disable the problematic `/sys` rules. You can also be more strategic by only changing the `deny /sys/[^fdc]*{,/**} wklx` rule to `deny /sys/[^fdcn]*{,/**} wklx` (to permit the `net.ipv4.ip_unprivileged_port_start` sysctl to be written to) but this requires a bit more care.
If you use `lxc.apparmor.profile = generated` then unfortunately you will need to disable AppArmor (using `lxc.apparmor.profile = unconfined`) and wait for an LXC patch that fixes their internal hardcoded AppArmor profile. (This is the same boat Proxmox users find themselves in --see that section for some additional information.)
## Incus Users ##
Incus generates its own AppArmor rules which you cannot directly modify. However, Incus has already been patched (in https://github.com/lxc/incus/pull/2624) so if you switch to the daily builds then the problem should already be resolved for you. Unfortunately there is no `raw.lxc.*` workaround possible.
## Proxmox Users ##
Proxmox makes use of `lxc.apparmor.profile = generated`, which means that the above mitigations do not work (modifying the profiles in `/etc/apparmor.d` doesn't do anything because a new profile is generated automatically based on hard-coded strings in LXC). You instead need to add the following configuration to `/etc/pve/lxc/$ctr.conf`:
```
lxc.apparmor.profile: unconfined
lxc.mount.entry: /dev/null sys/module/apparmor/parameters/enabled none bind 0 0
```
And restart the container.
The `/dev/null` bind-mount is needed in order to trick Docker into thinking that AppArmor is disabled on the system. If you do not include this line, you may see the error `Error response from daemon: Could not check if docker-default AppArmor profile was loaded: open /sys/kernel/security/apparmor/profiles: permission denied`. This is caused by a non-configurable security policy within AppArmor related to namespace nesting -- the only real solution for this is for the generated profile by LXC be fixed.
> [!NOTE]
> The `/dev/null` bind mount may be unnecessary for some guests (some users have reported that Debian guests just work with `lxc.apparmor.profile = unconfined`).
> [!NOTE]
> In principle you could configure a different AppArmor profile based on `lxc-container-default-with-nesting` and use that instead, but based on my testing the default profile doesn't permit `overlayfs` mounts -- fixing that is left as an exercise for the reader.
## Regarding Downgrades ##
A lot of people have commented that they will just downgrade runc. If you are going to do this (instead of the far less drastic workarounds we've outlined above), please do not go overboard. runc **1.2.7** and **1.3.2** are the latest releases that *do not* contain the security patches which caused these errors. Downgrading to earlier versions than that (especially something as old as runc 1.1.0) is overkill and is needlessly opening yourself up to 4-year-old vulnerabilities.
I also want to re-iterate that while AppArmor can in principle protect against some attacks, by downgrading you are **intentionally** opening yourself up to actual attacks that we know exist (**AND CAN BYPASS APPARMOR** in the case of CVE-2025-52881).
<details>
<summary>Analysis</summary>
There is an issue that has been reported when running runc inside LXC where the AppArmor profile for LXC causes permission errors when we try to re-open fds for procfs operations.
This was reported in https://github.com/containerd/containerd/issues/12484, https://github.com/moby/moby/issues/51405, and https://github.com/lxc/incus/issues/2623. Here is my breakdown of the cause:
> Okay, I've figured it out. This is really dumb. tl;dr: This is really an AppArmor bug (or even a design flaw if you prefer).
>
> For context, the file we are trying to write to is `/proc/sys/net/ipv4/ip_unprivileged_port_start`. @stgraber figured out that the problematic AppArmor rules are the rules they have which block writing to most **`/sys`** files. How is it possible that one affects the other?
>
> Well, the problem is that runc now uses a detached mount of `procfs` to operate on (this avoids mount race attacks). Because detached mounts have not been attached to the filesystem, `d_name` (the kernel's facility for generating names for dentries) just generates a name that looks like `/foo` if you try to open a file `foo` inside the detached `procfs` mount. AFAICS this is what AppArmor uses to determine what file you are trying to write to (because AppArmor is path-based, and `d_name` is the only way to get pathnames from dentries).
>
> This means that when we try to write to `/proc/sys/net/ipv4/ip_unprivileged_port_start`, AppArmor sees this as us trying to write to `/sys/net/ipv4/ip_unprivileged_port_start` which is forbidden by the `/sys` denial rules. I have attached a program that can show this behaviour using a detached `tmpfs` mount, it's very trivial to trigger:
>
> ```
> % ./aa-bug &
> c1:~ # ./aa-bug &
> fd: /proc/2061/fd/5
> [1] 2061
> c1:~ # mkdir /proc/2061/fd/5/sys
> c1:~ # mkdir /proc/2061/fd/5/sys/foo
> mkdir: cannot create directory ‘/proc/2061/fd/5/sys/foo’: Permission denied
> ```
>
> [aa-bug.go.txt](https://github.com/user-attachments/files/23379918/aa-bug.go.txt)
>
> There is a trivial workaround for this particular sysctl:
>
> ```
> - deny /sys/[^fdck]*{,/**} wklx,
> + deny /sys/[^fdckn]*{,/**} wklx,
> ```
>
> (In `/etc/apparmor.d/abstractions/lxc/container-base`.)
>
> But this doesn't help in the general case for all sysctls. @stgraber has just submitted https://github.com/lxc/incus/pull/2624 which just removes these rules entirely. I think AppArmor should not do this, because it's incredibly broken (literally any detached mount could match against a rule by accident), but this is unfortunately how AppArmor's design works.
>
> From runc's side, we could in theory use this to our advantage -- if we created a `tmpfs` with a subpath like `.go-away-apparmor` and then attached our procfs mount to that path, we might be able to subvert AppArmor. However, this has a risk of causing lifetime issues that would require a rework of how we do lookups -- the `tmpfs` must not be closed after we attach to it because it will lazy-unmount the procfs...
_Originally posted by @cyphar in [#12484](https://github.com/containerd/containerd/issues/12484#issuecomment-3494405793)_
</details>
stgraber
November 7, 2025, 7:41pm
5
Hmm, odd, I’m looking into that one now, 8 hours is a very big time difference, so chances are something went wrong during publishing.
stgraber
November 7, 2025, 7:48pm
6
I’ve confirmed that the currently available stable package from Zabbly on Ubuntu 24.04 does have the fix and works correctly:
root@u24:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 24.04.3 LTS
Release: 24.04
Codename: noble
root@u24:~# dpkg -l | grep incus
ii incus 1:6.18-ubuntu24.04-202511061936 amd64 Incus - Container and virtualization daemon
ii incus-base 1:6.18-ubuntu24.04-202511061936 amd64 Incus - Container and virtualization daemon (container-only)
ii incus-client 1:6.18-ubuntu24.04-202511061936 amd64 Incus - Command line client
root@u24:~# incus launch images:debian/13 c1 -c security.nesting=true
Launching c1
root@u24:~# incus exec c1 bash
root@c1:~# apt install curl
Installing:
curl
Installing dependencies:
bash-completion libbrotli1 libgnutls30t64 libldap2 libnghttp3-9 libpsl5t64 libsasl2-2 libsasl2-modules-db libtasn1-6 publicsuffix
ca-certificates libcurl4t64 libldap-common libnghttp2-14 libp11-kit0 librtmp1 libsasl2-modules libssh2-1t64 openssl
Suggested packages:
gnutls-bin libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal libsasl2-modules-ldap libsasl2-modules-otp libsasl2-modules-sql
Summary:
Upgrading: 0, Installing: 20, Removing: 0, Not Upgrading: 0
Download size: 6055 kB
Space needed: 15.9 MB / 7861 MB available
Continue? [Y/n]
Get:1 http://deb.debian.org/debian trixie/main amd64 bash-completion all 1:2.16.0-7 [319 kB]
Get:2 http://deb.debian.org/debian-security trixie-security/main amd64 openssl amd64 3.5.1-1+deb13u1 [1494 kB]
Get:3 http://deb.debian.org/debian trixie/main amd64 ca-certificates all 20250419 [162 kB]
Get:4 http://deb.debian.org/debian trixie/main amd64 libbrotli1 amd64 1.1.0-2+b7 [307 kB]
Get:5 http://deb.debian.org/debian trixie/main amd64 libsasl2-modules-db amd64 2.1.28+dfsg1-9 [19.8 kB]
Get:6 http://deb.debian.org/debian trixie/main amd64 libsasl2-2 amd64 2.1.28+dfsg1-9 [57.5 kB]
Get:7 http://deb.debian.org/debian trixie/main amd64 libldap2 amd64 2.6.10+dfsg-1 [194 kB]
Get:8 http://deb.debian.org/debian trixie/main amd64 libnghttp2-14 amd64 1.64.0-1.1 [76.0 kB]
Get:9 http://deb.debian.org/debian trixie/main amd64 libnghttp3-9 amd64 1.8.0-1 [67.7 kB]
Get:10 http://deb.debian.org/debian trixie/main amd64 libpsl5t64 amd64 0.21.2-1.1+b1 [57.2 kB]
Get:11 http://deb.debian.org/debian trixie/main amd64 libp11-kit0 amd64 0.25.5-3 [425 kB]
Get:12 http://deb.debian.org/debian trixie/main amd64 libtasn1-6 amd64 4.20.0-2 [49.9 kB]
Get:13 http://deb.debian.org/debian trixie/main amd64 libgnutls30t64 amd64 3.8.9-3 [1465 kB]
Get:14 http://deb.debian.org/debian trixie/main amd64 librtmp1 amd64 2.4+20151223.gitfa8646d.1-2+b5 [58.8 kB]
Get:15 http://deb.debian.org/debian trixie/main amd64 libssh2-1t64 amd64 1.11.1-1 [245 kB]
Get:16 http://deb.debian.org/debian trixie/main amd64 libcurl4t64 amd64 8.14.1-2 [391 kB]
Get:17 http://deb.debian.org/debian trixie/main amd64 curl amd64 8.14.1-2 [269 kB]
Get:18 http://deb.debian.org/debian trixie/main amd64 libldap-common all 2.6.10+dfsg-1 [35.1 kB]
Get:19 http://deb.debian.org/debian trixie/main amd64 libsasl2-modules amd64 2.1.28+dfsg1-9 [66.7 kB]
Get:20 http://deb.debian.org/debian trixie/main amd64 publicsuffix all 20250328.1952-0.1 [296 kB]
Fetched 6055 kB in 1s (5201 kB/s)
Preconfiguring packages ...
Selecting previously unselected package bash-completion.
(Reading database ... 11460 files and directories currently installed.)
Preparing to unpack .../00-bash-completion_1%3a2.16.0-7_all.deb ...
Unpacking bash-completion (1:2.16.0-7) ...
Selecting previously unselected package openssl.
Preparing to unpack .../01-openssl_3.5.1-1+deb13u1_amd64.deb ...
Unpacking openssl (3.5.1-1+deb13u1) ...
Selecting previously unselected package ca-certificates.
Preparing to unpack .../02-ca-certificates_20250419_all.deb ...
Unpacking ca-certificates (20250419) ...
Selecting previously unselected package libbrotli1:amd64.
Preparing to unpack .../03-libbrotli1_1.1.0-2+b7_amd64.deb ...
Unpacking libbrotli1:amd64 (1.1.0-2+b7) ...
Selecting previously unselected package libsasl2-modules-db:amd64.
Preparing to unpack .../04-libsasl2-modules-db_2.1.28+dfsg1-9_amd64.deb ...
Unpacking libsasl2-modules-db:amd64 (2.1.28+dfsg1-9) ...
Selecting previously unselected package libsasl2-2:amd64.
Preparing to unpack .../05-libsasl2-2_2.1.28+dfsg1-9_amd64.deb ...
Unpacking libsasl2-2:amd64 (2.1.28+dfsg1-9) ...
Selecting previously unselected package libldap2:amd64.
Preparing to unpack .../06-libldap2_2.6.10+dfsg-1_amd64.deb ...
Unpacking libldap2:amd64 (2.6.10+dfsg-1) ...
Selecting previously unselected package libnghttp2-14:amd64.
Preparing to unpack .../07-libnghttp2-14_1.64.0-1.1_amd64.deb ...
Unpacking libnghttp2-14:amd64 (1.64.0-1.1) ...
Selecting previously unselected package libnghttp3-9:amd64.
Preparing to unpack .../08-libnghttp3-9_1.8.0-1_amd64.deb ...
Unpacking libnghttp3-9:amd64 (1.8.0-1) ...
Selecting previously unselected package libpsl5t64:amd64.
Preparing to unpack .../09-libpsl5t64_0.21.2-1.1+b1_amd64.deb ...
Unpacking libpsl5t64:amd64 (0.21.2-1.1+b1) ...
Selecting previously unselected package libp11-kit0:amd64.
Preparing to unpack .../10-libp11-kit0_0.25.5-3_amd64.deb ...
Unpacking libp11-kit0:amd64 (0.25.5-3) ...
Selecting previously unselected package libtasn1-6:amd64.
Preparing to unpack .../11-libtasn1-6_4.20.0-2_amd64.deb ...
Unpacking libtasn1-6:amd64 (4.20.0-2) ...
Selecting previously unselected package libgnutls30t64:amd64.
Preparing to unpack .../12-libgnutls30t64_3.8.9-3_amd64.deb ...
Unpacking libgnutls30t64:amd64 (3.8.9-3) ...
Selecting previously unselected package librtmp1:amd64.
Preparing to unpack .../13-librtmp1_2.4+20151223.gitfa8646d.1-2+b5_amd64.deb ...
Unpacking librtmp1:amd64 (2.4+20151223.gitfa8646d.1-2+b5) ...
Selecting previously unselected package libssh2-1t64:amd64.
Preparing to unpack .../14-libssh2-1t64_1.11.1-1_amd64.deb ...
Unpacking libssh2-1t64:amd64 (1.11.1-1) ...
Selecting previously unselected package libcurl4t64:amd64.
Preparing to unpack .../15-libcurl4t64_8.14.1-2_amd64.deb ...
Unpacking libcurl4t64:amd64 (8.14.1-2) ...
Selecting previously unselected package curl.
Preparing to unpack .../16-curl_8.14.1-2_amd64.deb ...
Unpacking curl (8.14.1-2) ...
Selecting previously unselected package libldap-common.
Preparing to unpack .../17-libldap-common_2.6.10+dfsg-1_all.deb ...
Unpacking libldap-common (2.6.10+dfsg-1) ...
Selecting previously unselected package libsasl2-modules:amd64.
Preparing to unpack .../18-libsasl2-modules_2.1.28+dfsg1-9_amd64.deb ...
Unpacking libsasl2-modules:amd64 (2.1.28+dfsg1-9) ...
Selecting previously unselected package publicsuffix.
Preparing to unpack .../19-publicsuffix_20250328.1952-0.1_all.deb ...
Unpacking publicsuffix (20250328.1952-0.1) ...
Setting up libbrotli1:amd64 (1.1.0-2+b7) ...
Setting up libsasl2-modules:amd64 (2.1.28+dfsg1-9) ...
Setting up libpsl5t64:amd64 (0.21.2-1.1+b1) ...
Setting up libnghttp2-14:amd64 (1.64.0-1.1) ...
Setting up libldap-common (2.6.10+dfsg-1) ...
Setting up libsasl2-modules-db:amd64 (2.1.28+dfsg1-9) ...
Setting up bash-completion (1:2.16.0-7) ...
Setting up libp11-kit0:amd64 (0.25.5-3) ...
Setting up libsasl2-2:amd64 (2.1.28+dfsg1-9) ...
Setting up libnghttp3-9:amd64 (1.8.0-1) ...
Setting up libtasn1-6:amd64 (4.20.0-2) ...
Setting up libssh2-1t64:amd64 (1.11.1-1) ...
Setting up openssl (3.5.1-1+deb13u1) ...
Setting up publicsuffix (20250328.1952-0.1) ...
Setting up libldap2:amd64 (2.6.10+dfsg-1) ...
Setting up libgnutls30t64:amd64 (3.8.9-3) ...
Setting up ca-certificates (20250419) ...
Updating certificates in /etc/ssl/certs...
150 added, 0 removed; done.
Setting up librtmp1:amd64 (2.4+20151223.gitfa8646d.1-2+b5) ...
Setting up libcurl4t64:amd64 (8.14.1-2) ...
Setting up curl (8.14.1-2) ...
Processing triggers for libc-bin (2.41-12) ...
Processing triggers for ca-certificates (20250419) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
root@c1:~# install -m 0755 -d /etc/apt/keyrings
root@c1:~# curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
root@c1:~# chmod a+r /etc/apt/keyrings/docker.asc
root@c1:~# echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" > /etc/apt/sources.list.d/docker.list
root@c1:~# apt update
apt install docker-ce docker-ce-cli
Hit:1 http://deb.debian.org/debian trixie InRelease
Get:2 http://deb.debian.org/debian trixie-updates InRelease [47.3 kB]
Get:3 http://deb.debian.org/debian-security trixie-security InRelease [43.4 kB]
Get:4 http://deb.debian.org/debian-security trixie-security/main amd64 Packages [69.3 kB]
Get:5 https://download.docker.com/linux/debian trixie InRelease [32.5 kB]
Get:6 https://download.docker.com/linux/debian trixie/stable amd64 Packages [16.5 kB]
Fetched 209 kB in 0s (727 kB/s)
All packages are up to date.
Installing:
docker-ce docker-ce-cli
Installing dependencies:
apparmor docker-ce-rootless-extras git-man libcurl3t64-gnutls libgdbm6t64 libjansson4 libnftables1 libngtcp2-crypto-gnutls8 nftables perl-modules-5.40 xz-utils
containerd.io docker-compose-plugin iptables liberror-perl libip4tc2 libnetfilter-conntrack3 libnftnl11 libperl5.40 patch pigz
docker-buildx-plugin git less libgdbm-compat4t64 libip6tc2 libnfnetlink0 libngtcp2-16 libslirp0 perl slirp4netns
Suggested packages:
apparmor-profiles-extra | cgroup-lite gettext-base git-gui git-cvs firewalld ed libterm-readline-gnu-perl libtap-harness-archive-perl
apparmor-utils kmod git-doc gitk git-mediawiki gdbm-l10n diffutils-doc | libterm-readline-perl-perl
cgroupfs-mount docker-model-plugin git-email gitweb git-svn sensible-utils perl-doc make
Summary:
Upgrading: 0, Installing: 33, Removing: 0, Not Upgrading: 0
Download size: 127 MB
Space needed: 552 MB / 7842 MB available
Continue? [Y/n]
Get:1 http://deb.debian.org/debian trixie/main amd64 libip4tc2 amd64 1.8.11-2 [20.0 kB]
Get:2 http://deb.debian.org/debian trixie/main amd64 libip6tc2 amd64 1.8.11-2 [20.3 kB]
Get:3 http://deb.debian.org/debian trixie/main amd64 libnfnetlink0 amd64 1.0.2-3 [14.4 kB]
Get:4 http://deb.debian.org/debian trixie/main amd64 libnetfilter-conntrack3 amd64 1.1.0-1 [42.1 kB]
Get:5 http://deb.debian.org/debian trixie/main amd64 libnftnl11 amd64 1.2.9-1 [65.0 kB]
Get:6 https://download.docker.com/linux/debian trixie/stable amd64 containerd.io amd64 1.7.29-1~debian.13~trixie [31.9 MB]
Get:7 http://deb.debian.org/debian trixie/main amd64 iptables amd64 1.8.11-2 [361 kB]
Get:8 http://deb.debian.org/debian trixie/main amd64 libjansson4 amd64 2.14-2+b3 [39.8 kB]
Get:9 http://deb.debian.org/debian trixie/main amd64 libnftables1 amd64 1.1.3-1 [332 kB]
Get:10 http://deb.debian.org/debian trixie/main amd64 nftables amd64 1.1.3-1 [75.9 kB]
Get:11 http://deb.debian.org/debian trixie/main amd64 pigz amd64 2.8-1 [62.7 kB]
Get:12 http://deb.debian.org/debian trixie/main amd64 less amd64 668-1 [161 kB]
Get:13 http://deb.debian.org/debian trixie/main amd64 perl-modules-5.40 all 5.40.1-6 [3019 kB]
Get:14 http://deb.debian.org/debian trixie/main amd64 libgdbm6t64 amd64 1.24-2 [75.2 kB]
Get:15 http://deb.debian.org/debian trixie/main amd64 libgdbm-compat4t64 amd64 1.24-2 [50.3 kB]
Get:16 http://deb.debian.org/debian trixie/main amd64 libperl5.40 amd64 5.40.1-6 [4341 kB]
Get:17 http://deb.debian.org/debian trixie/main amd64 perl amd64 5.40.1-6 [267 kB]
Get:18 http://deb.debian.org/debian trixie/main amd64 xz-utils amd64 5.8.1-1 [660 kB]
Get:19 http://deb.debian.org/debian trixie/main amd64 apparmor amd64 4.1.0-1 [710 kB]
Get:20 http://deb.debian.org/debian trixie/main amd64 libngtcp2-16 amd64 1.11.0-1 [131 kB]
Get:21 http://deb.debian.org/debian trixie/main amd64 libngtcp2-crypto-gnutls8 amd64 1.11.0-1 [29.3 kB]
Get:22 http://deb.debian.org/debian trixie/main amd64 libcurl3t64-gnutls amd64 8.14.1-2 [384 kB]
Get:23 http://deb.debian.org/debian trixie/main amd64 liberror-perl all 0.17030-1 [26.9 kB]
Get:24 http://deb.debian.org/debian trixie/main amd64 git-man all 1:2.47.3-0+deb13u1 [2205 kB]
Get:25 http://deb.debian.org/debian trixie/main amd64 git amd64 1:2.47.3-0+deb13u1 [8862 kB]
Get:26 https://download.docker.com/linux/debian trixie/stable amd64 docker-ce-cli amd64 5:28.5.2-1~debian.13~trixie [16.0 MB]
Get:27 http://deb.debian.org/debian trixie/main amd64 libslirp0 amd64 4.8.0-1+b1 [66.4 kB]
Get:28 http://deb.debian.org/debian trixie/main amd64 patch amd64 2.8-2 [134 kB]
Get:29 http://deb.debian.org/debian trixie/main amd64 slirp4netns amd64 1.2.1-1.1 [39.3 kB]
Get:30 https://download.docker.com/linux/debian trixie/stable amd64 docker-ce amd64 5:28.5.2-1~debian.13~trixie [19.8 MB]
Get:31 https://download.docker.com/linux/debian trixie/stable amd64 docker-buildx-plugin amd64 0.29.1-1~debian.13~trixie [15.9 MB]
Get:32 https://download.docker.com/linux/debian trixie/stable amd64 docker-ce-rootless-extras amd64 5:28.5.2-1~debian.13~trixie [6381 kB]
Get:33 https://download.docker.com/linux/debian trixie/stable amd64 docker-compose-plugin amd64 2.40.3-1~debian.13~trixie [14.3 MB]
Fetched 127 MB in 4s (34.4 MB/s)
Extracting templates from packages: 100%
Preconfiguring packages ...
Selecting previously unselected package containerd.io.
(Reading database ... 13271 files and directories currently installed.)
Preparing to unpack .../00-containerd.io_1.7.29-1~debian.13~trixie_amd64.deb ...
Unpacking containerd.io (1.7.29-1~debian.13~trixie) ...
Selecting previously unselected package docker-ce-cli.
Preparing to unpack .../01-docker-ce-cli_5%3a28.5.2-1~debian.13~trixie_amd64.deb ...
Unpacking docker-ce-cli (5:28.5.2-1~debian.13~trixie) ...
Selecting previously unselected package libip4tc2:amd64.
Preparing to unpack .../02-libip4tc2_1.8.11-2_amd64.deb ...
Unpacking libip4tc2:amd64 (1.8.11-2) ...
Selecting previously unselected package libip6tc2:amd64.
Preparing to unpack .../03-libip6tc2_1.8.11-2_amd64.deb ...
Unpacking libip6tc2:amd64 (1.8.11-2) ...
Selecting previously unselected package libnfnetlink0:amd64.
Preparing to unpack .../04-libnfnetlink0_1.0.2-3_amd64.deb ...
Unpacking libnfnetlink0:amd64 (1.0.2-3) ...
Selecting previously unselected package libnetfilter-conntrack3:amd64.
Preparing to unpack .../05-libnetfilter-conntrack3_1.1.0-1_amd64.deb ...
Unpacking libnetfilter-conntrack3:amd64 (1.1.0-1) ...
Selecting previously unselected package libnftnl11:amd64.
Preparing to unpack .../06-libnftnl11_1.2.9-1_amd64.deb ...
Unpacking libnftnl11:amd64 (1.2.9-1) ...
Selecting previously unselected package iptables.
Preparing to unpack .../07-iptables_1.8.11-2_amd64.deb ...
Unpacking iptables (1.8.11-2) ...
Selecting previously unselected package libjansson4:amd64.
Preparing to unpack .../08-libjansson4_2.14-2+b3_amd64.deb ...
Unpacking libjansson4:amd64 (2.14-2+b3) ...
Selecting previously unselected package libnftables1:amd64.
Preparing to unpack .../09-libnftables1_1.1.3-1_amd64.deb ...
Unpacking libnftables1:amd64 (1.1.3-1) ...
Selecting previously unselected package nftables.
Preparing to unpack .../10-nftables_1.1.3-1_amd64.deb ...
Unpacking nftables (1.1.3-1) ...
Selecting previously unselected package docker-ce.
Preparing to unpack .../11-docker-ce_5%3a28.5.2-1~debian.13~trixie_amd64.deb ...
Unpacking docker-ce (5:28.5.2-1~debian.13~trixie) ...
Selecting previously unselected package pigz.
Preparing to unpack .../12-pigz_2.8-1_amd64.deb ...
Unpacking pigz (2.8-1) ...
Selecting previously unselected package less.
Preparing to unpack .../13-less_668-1_amd64.deb ...
Unpacking less (668-1) ...
Selecting previously unselected package perl-modules-5.40.
Preparing to unpack .../14-perl-modules-5.40_5.40.1-6_all.deb ...
Unpacking perl-modules-5.40 (5.40.1-6) ...
Selecting previously unselected package libgdbm6t64:amd64.
Preparing to unpack .../15-libgdbm6t64_1.24-2_amd64.deb ...
Unpacking libgdbm6t64:amd64 (1.24-2) ...
Selecting previously unselected package libgdbm-compat4t64:amd64.
Preparing to unpack .../16-libgdbm-compat4t64_1.24-2_amd64.deb ...
Unpacking libgdbm-compat4t64:amd64 (1.24-2) ...
Selecting previously unselected package libperl5.40:amd64.
Preparing to unpack .../17-libperl5.40_5.40.1-6_amd64.deb ...
Unpacking libperl5.40:amd64 (5.40.1-6) ...
Selecting previously unselected package perl.
Preparing to unpack .../18-perl_5.40.1-6_amd64.deb ...
Unpacking perl (5.40.1-6) ...
Selecting previously unselected package xz-utils.
Preparing to unpack .../19-xz-utils_5.8.1-1_amd64.deb ...
Unpacking xz-utils (5.8.1-1) ...
Selecting previously unselected package apparmor.
Preparing to unpack .../20-apparmor_4.1.0-1_amd64.deb ...
Unpacking apparmor (4.1.0-1) ...
Selecting previously unselected package docker-buildx-plugin.
Preparing to unpack .../21-docker-buildx-plugin_0.29.1-1~debian.13~trixie_amd64.deb ...
Unpacking docker-buildx-plugin (0.29.1-1~debian.13~trixie) ...
Selecting previously unselected package docker-ce-rootless-extras.
Preparing to unpack .../22-docker-ce-rootless-extras_5%3a28.5.2-1~debian.13~trixie_amd64.deb ...
Unpacking docker-ce-rootless-extras (5:28.5.2-1~debian.13~trixie) ...
Selecting previously unselected package docker-compose-plugin.
Preparing to unpack .../23-docker-compose-plugin_2.40.3-1~debian.13~trixie_amd64.deb ...
Unpacking docker-compose-plugin (2.40.3-1~debian.13~trixie) ...
Selecting previously unselected package libngtcp2-16:amd64.
Preparing to unpack .../24-libngtcp2-16_1.11.0-1_amd64.deb ...
Unpacking libngtcp2-16:amd64 (1.11.0-1) ...
Selecting previously unselected package libngtcp2-crypto-gnutls8:amd64.
Preparing to unpack .../25-libngtcp2-crypto-gnutls8_1.11.0-1_amd64.deb ...
Unpacking libngtcp2-crypto-gnutls8:amd64 (1.11.0-1) ...
Selecting previously unselected package libcurl3t64-gnutls:amd64.
Preparing to unpack .../26-libcurl3t64-gnutls_8.14.1-2_amd64.deb ...
Unpacking libcurl3t64-gnutls:amd64 (8.14.1-2) ...
Selecting previously unselected package liberror-perl.
Preparing to unpack .../27-liberror-perl_0.17030-1_all.deb ...
Unpacking liberror-perl (0.17030-1) ...
Selecting previously unselected package git-man.
Preparing to unpack .../28-git-man_1%3a2.47.3-0+deb13u1_all.deb ...
Unpacking git-man (1:2.47.3-0+deb13u1) ...
Selecting previously unselected package git.
Preparing to unpack .../29-git_1%3a2.47.3-0+deb13u1_amd64.deb ...
Unpacking git (1:2.47.3-0+deb13u1) ...
Selecting previously unselected package libslirp0:amd64.
Preparing to unpack .../30-libslirp0_4.8.0-1+b1_amd64.deb ...
Unpacking libslirp0:amd64 (4.8.0-1+b1) ...
Selecting previously unselected package patch.
Preparing to unpack .../31-patch_2.8-2_amd64.deb ...
Unpacking patch (2.8-2) ...
Selecting previously unselected package slirp4netns.
Preparing to unpack .../32-slirp4netns_1.2.1-1.1_amd64.deb ...
Unpacking slirp4netns (1.2.1-1.1) ...
Setting up libip4tc2:amd64 (1.8.11-2) ...
Setting up libgdbm6t64:amd64 (1.24-2) ...
Setting up libgdbm-compat4t64:amd64 (1.24-2) ...
Setting up libip6tc2:amd64 (1.8.11-2) ...
Setting up less (668-1) ...
Setting up libnftnl11:amd64 (1.2.9-1) ...
Setting up libjansson4:amd64 (2.14-2+b3) ...
Setting up apparmor (4.1.0-1) ...
Created symlink '/etc/systemd/system/sysinit.target.wants/apparmor.service' → '/usr/lib/systemd/system/apparmor.service'.
Reloading AppArmor profiles
Setting up docker-buildx-plugin (0.29.1-1~debian.13~trixie) ...
Setting up xz-utils (5.8.1-1) ...
update-alternatives: using /usr/bin/xz to provide /usr/bin/lzma (lzma) in auto mode
Setting up containerd.io (1.7.29-1~debian.13~trixie) ...
Created symlink '/etc/systemd/system/multi-user.target.wants/containerd.service' → '/usr/lib/systemd/system/containerd.service'.
Setting up patch (2.8-2) ...
Setting up docker-compose-plugin (2.40.3-1~debian.13~trixie) ...
Setting up docker-ce-cli (5:28.5.2-1~debian.13~trixie) ...
Setting up libslirp0:amd64 (4.8.0-1+b1) ...
Setting up perl-modules-5.40 (5.40.1-6) ...
Setting up pigz (2.8-1) ...
Setting up libnfnetlink0:amd64 (1.0.2-3) ...
Setting up git-man (1:2.47.3-0+deb13u1) ...
Setting up libngtcp2-16:amd64 (1.11.0-1) ...
Setting up docker-ce-rootless-extras (5:28.5.2-1~debian.13~trixie) ...
Setting up libngtcp2-crypto-gnutls8:amd64 (1.11.0-1) ...
Setting up libnftables1:amd64 (1.1.3-1) ...
Setting up nftables (1.1.3-1) ...
Setting up slirp4netns (1.2.1-1.1) ...
Setting up libcurl3t64-gnutls:amd64 (8.14.1-2) ...
Setting up libperl5.40:amd64 (5.40.1-6) ...
Setting up perl (5.40.1-6) ...
Setting up libnetfilter-conntrack3:amd64 (1.1.0-1) ...
Setting up iptables (1.8.11-2) ...
update-alternatives: using /usr/sbin/iptables-legacy to provide /usr/sbin/iptables (iptables) in auto mode
update-alternatives: using /usr/sbin/ip6tables-legacy to provide /usr/sbin/ip6tables (ip6tables) in auto mode
update-alternatives: using /usr/sbin/iptables-nft to provide /usr/sbin/iptables (iptables) in auto mode
update-alternatives: using /usr/sbin/ip6tables-nft to provide /usr/sbin/ip6tables (ip6tables) in auto mode
update-alternatives: using /usr/sbin/arptables-nft to provide /usr/sbin/arptables (arptables) in auto mode
update-alternatives: using /usr/sbin/ebtables-nft to provide /usr/sbin/ebtables (ebtables) in auto mode
Setting up liberror-perl (0.17030-1) ...
Setting up docker-ce (5:28.5.2-1~debian.13~trixie) ...
Created symlink '/etc/systemd/system/multi-user.target.wants/docker.service' → '/usr/lib/systemd/system/docker.service'.
Created symlink '/etc/systemd/system/sockets.target.wants/docker.socket' → '/usr/lib/systemd/system/docker.socket'.
Setting up git (1:2.47.3-0+deb13u1) ...
Processing triggers for libc-bin (2.41-12) ...
root@c1:~# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
17eec7bbc9d7: Pull complete
Digest: sha256:56433a6be3fda188089fb548eae3d91df3ed0d6589f7c2656121b911198df065
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
root@c1:~#
1 Like
NinoBYSA
November 7, 2025, 8:14pm
7
stgraber:
security.nesting=true
Well, that’s why it didn’t worked. I had it on deny.
No idea why it worked before but now I’m all good. Sorry you had to try to reproduce it, but that helped me. Many thanks!
I will close my comment on github. The security nesting thing seems to have fixed it. Just out of curiosity, what is net effect of this setting on our security posture?
stgraber
November 9, 2025, 12:37am
9
So long as you’re not also using security.privileged, not much of a change. It relaxes some of the extra safety nets that we have in place to catch potential kernel bugs but it otherwise doesn’t make things less safe as the primary security mechanism is the user namespace.
If your container is privileged then it’s a whole different story as AppArmor then becomes your only security mechanism and allowing nesting makes an already problematic configuration substantially worse.
ALI_GOUHAR
November 10, 2025, 4:55am
10
Hi Stéphane,
I’m currently using the LTS version of Incus via the Zabbly packages on my production environment. Could you please guide me on the safest way to upgrade without risking downtime or breaking existing containers?
Here’s my current setup:
dpkg -l | grep -i incus
ii incus 1:6.0.5-ubuntu24.04-202508290527 amd64 Incus - Container and virtualization daemon
ii incus-agent 6.0.0-1ubuntu0.3 amd64 Incus guest agent
ii incus-base 1:6.0.5-ubuntu24.04-202508290527 amd64 Incus - Container and virtualization daemon (container-only)
ii incus-client 1:6.0.5-ubuntu24.04-202508290527 amd64 Incus - Command line client
ii incus-ui-canonical 1:6.0.5-ubuntu24.04-202508290527 amd64 Incus - Web interface (canonical)
incus --version
6.0.5
Also, could you please confirm whether a fix for the AppArmor/runc issue is already included in the current LTS 6.0.5 release , or if I should wait for a newer LTS patch from Zabbly?
Our policy is to always stick with LTS.
As per @NinoBYSA ’s comment, would setting security.nesting=false help resolve this issue in the current LTS version of Incus that I’m using?
stgraber
November 10, 2025, 5:23am
11
It’s not available. It will be backported to 6.0.6 which should release in the next month.
stgraber
November 10, 2025, 5:24am
13
Run the upgrade, check the list of packages being removed to make sure that Incus isn’t included in it, After the upgrade, re-add the Incus repository and make sure that your package list still matches what you have today (minus that incus-agent package which shouldn’t be installed in the first place).
ALI_GOUHAR
November 12, 2025, 5:11am
14
stgraber:
security.nesting=true
Hi Stéphane,
Thank You!
I’ve switched to the stable version, and my issue is now resolved — I can successfully run Docker inside the Incus container.
Could you please let me know if enabling security.nesting=true poses any security risks?
dpkg -l | grep -i incus
ii incus 1:6.18-ubuntu24.04-202511101446 amd64 Incus - Container and virtualization daemon
ii incus-base 1:6.18-ubuntu24.04-202511101446 amd64 Incus - Container and virtualization daemon (container-only)
ii incus-client 1:6.18-ubuntu24.04-202511101446 amd64 Incus - Command line client
ii incus-ui-canonical 1:6.18-ubuntu24.04-202511101446 amd64 Incus - Web interface (canonical)
stgraber
November 12, 2025, 12:05pm
15
It’s fine so long as security.privileged isn’t also set to true.
For unprivileged container the setting just loosens an additional AppArmor safety net (primary security mechanism is the user namespace) and it passes clear copies of procfs and sysfs to avoid issues with over mounting.
