How to run docker inside an lxc container?

Question

I have unprivileged lxc container on Arch host created like this:

lxc-create -n test_arch11 -t download -- --dist archlinux --release current --arch amd64

And it doesn't run docker. What I did inside a container:

1. Installed docker from Arch repos pacman -S docker
2. Tried to run a hello-world container docker run hello-world
3. Got the next error:

docker: Error response from daemon: OCI runtime create failed: container_linux.go:346: starting container process caused "process_linux.go:297: applying cgroup configuration for process caused \"mkdir /sys/fs/cgroup/cpuset/docker: permission denied\"": unknown.

ERRO[0037] error waiting for container: context canceled

What is wrong and how to make docker work inside a container?

Answer 1

Because lxc and docker are using the same kind of isolation ( aka kernel namespace ) , you can not run docker in a unprivileged lxc .

You lxc container must have privilege .

But you can run docker in regular virtual machine ( kvm , virtualbox , ... )

Answer 2

Fixed for me with adding a flag to the grub config. Here's the source: https://fedoraproject.org/wiki/Changes/CGroupsV2#Upgrade.2Fcompatibility_impact

Follow These Steps:

1- Edit /etc/default/grub

2- Add the following flag in GRUB_CMDLINE_LINUX line: systemd.unified_cgroup_hierarchy=0

3- Then : grub2-mkconfig

4- Restart your PC