Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
docer on lxd/lxc on gentoo [solved]
View unanswered posts
View posts from last 24 hours

Reply to topic    Gentoo Forums Forum Index Other Things Gentoo
View previous topic :: View next topic  
Author Message

Joined: 07 Aug 2012
Posts: 33
Location: Kraków

PostPosted: Fri Feb 22, 2019 1:03 pm    Post subject: docer on lxd/lxc on gentoo [solved] Reply with quote

I've run LXD on gentoo, it works fine.
I would like to run docker in LXD container on system with with systemd like ubuntu but I have problems with cgroups. Has anyone made this?

inside container (ubuntu)
docker run --privileged  hello-world
docker: Error response from daemon: OCI runtime create failed: container_linux.go:344: starting container process caused "apply caps: operation not permitted": unknown.
ERRO[0000] error waiting for container: context canceled


lxc config edit ubuntu-docker
architecture: x86_64
  image.architecture: amd64 "20190130_07:43"
  image.description: Ubuntu bionic amd64 (20190130_07:43)
  image.distribution: ubuntu ubuntu-bionic-amd64-default-20190130_07:43
  image.os: ubuntu
  image.release: bionic
  image.serial: "20190130_07:43"
  image.variant: default
  raw.lxc: lxc.cgroup.devices.allow = a = proc:rw sys:rw cgroup:rw  lxc.cap.drop=
    lxc.aa_profile = lxc-container-default-with-nesting
  security.nesting: "true"
  security.privileged: "true"
  volatile.base_image: 37e2366ecb691d1d56ef2f422483165213c17480bd910a4c9af2c0e94dfdfa03
  volatile.eth0.hwaddr: 00:16:3e:bc:d3:b1
  volatile.idmap.base: "0" '[]'
  volatile.last_state.idmap: '[]'
  volatile.last_state.power: RUNNING
  volatile.neteth0.hwaddr: 00:16:3e:f6:fa:68 eth1
devices: {}
ephemeral: false
- dmzprofile
stateful: false
description: Ubuntu 18,

lxd ~ # uname -a
Linux lxd 4.18.12 #4 SMP Fri Feb 22 11:13:32 CET 2019 x86_64 Intel(R) Xeon(R) CPU X5670 @ 2.93GHz GenuineIntel GNU/Linux

Last edited by mrhe on Wed May 22, 2019 10:06 am; edited 1 time in total
Back to top
View user's profile Send private message

Joined: 07 Aug 2012
Posts: 33
Location: Kraków

PostPosted: Wed May 22, 2019 10:04 am    Post subject: Reply with quote

After many attempts I came to what I need.

lxc config:

  raw.lxc: = cgroup:rw:force
  security.nesting: "true"
  security.privileged: "true"

add line to /etc/rc.conf


and mount for systemd lxc systems

mkdir -p /sys/fs/cgroup/systemd
mount -t cgroup -o none,name=systemd systemd /sys/fs/cgroup/systemd

lxd_dev ~ # lxc list
|  NAME   |  STATE  |         IPV4         |                     IPV6                     |    TYPE    | SNAPSHOTS |
| docker  | RUNNING | (docker0) | fd42:8f91:2bb:48e5:216:3eff:febc:83ab (eth0) | PERSISTENT |           |
|         |         | (eth0)  |                                              |            |           |
| gdocker | RUNNING | (eth0)  | fd42:8f91:2bb:48e5:216:3eff:fee0:7ec9 (eth0) | PERSISTENT |           |
lxd_dev ~ # lxc exec docker /bin/bash
root@docker:~# docker run hello-world

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:

For more examples and ideas, visit:

Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo All times are GMT
Page 1 of 1

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum