I am trying to run the docker daemon as rootless. I followed the official instructions here: Run the Docker daemon as a non-root user (Rootless mode) | Docker Documentation
I am using 18.04.5 LTS on ARM cpu.
I see the following error
INFO[2021-02-21T20:17:44.789001232Z] Loading containers: start.
WARN[2021-02-21T20:17:44.802960101Z] Running iptables --wait -t nat -L -n failed with message: `iptables v1.6.1: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.`, error: exit status 3
INFO[2021-02-21T20:17:44.926790626Z] stopping event stream following graceful shutdown error="<nil>" module=libcontainerd namespace=moby
INFO[2021-02-21T20:17:44.928535421Z] stopping healthcheck following graceful shutdown module=libcontainerd
INFO[2021-02-21T20:17:44.928604033Z] stopping event stream following graceful shutdown error="context canceled" module=libcontainerd namespace=plugins.moby
failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.6.1: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
(exit status 3)
I am not sure how to fix this. How can rootless docker work if it requires to use iptables?
From what I have seen, iptables requires root user?
Maybe the rootlesskit somehow abstracts that away, but then my question is what do I need to do on my system for this to work?
Following the install process, it fails immediately because “docker.service” does not start.
So then I am invoking the " ./dockerd-rootless.sh" manually.
I have gotten it to work with: ./dockerd-rootless.sh --iptables=false
But something seems to be wrong here. and I would like to know what needs to be fixed to get it to work with iptables.
Any help would be appreciated.
I am on Docker version 20.10.3, build 48d30b5