What is the workaround for LXD-nested pivileged docker (/dev/.lxc/proc/ error)?

Question

Launching a privileged docker container in an LXD fails with this:

docker: Error response from daemon: linux runtime spec devices: lstat /dev/.lxc/proc/1482/fdinfo/12: no such file or directory.

Steps to reproduce:

lxc launch ubuntu-daily:16.04 docker -p default -p docker
lxc exec docker -- apt install docker.io -y
lxc exec docker bash
sudo curl -L git.io/scope -o /usr/local/bin/scope
sudo chmod a+x /usr/local/bin/scope
scope launch

Original guide: LXD 2.0: Docker in LXD

Bug report: Docker containers failing in /dev/.lxc/proc directory #2825 - GitHub

How to make it work?

dpb · Answer 1 · 2018-04-22T15:13:41.963

Just to clean this up a bit, this is solved quite nicely (as @bmullan points out).

16.04, lxd version 2.21, the following sequence works:

lxc launch ubuntu-daily:xenial xenial
lxc config set xenial security.nesting true
lxc exec xenial snap install docker
lxc exec xenial docker run ubuntu ls

The docker.io package, and the docker snap both work, but are different versions, and have different update policies, etc. The snap version used above is 17.06.2-ce, while the docker.io package in xenial is 1.13.1.

score 2 · Answer 2 · answered Nov 23 '17 at 17:57

2

Per Stephane Graber (LXD lead developer) you don’t need the LXD docker profile any more !

See… https://github.com/lxc/lxd/issues/3299

answered Nov 23 '17 at 17:57

bmullan

784

What is the workaround for LXD-nested pivileged docker (/dev/.lxc/proc/ error)?

2 Answers2

Linked