Hello! Thank you for your reply!
You were correct where the container I am currently attemping to run Twingate on is unprivileged!
I’ve just deployed an identical test LXC container that is priviledged, but I got a different error this time:
docker: Error response from daemon: AppArmor enabled on system but the docker-default profile could not be loaded: running `/usr/sbin/apparmor_parser apparmor_parser -Kr /var/lib/docker/tmp/docker-default3726602040` failed with output: apparmor_parser: Unable to replace "docker-default". Permission denied; attempted to load a profile while confined?
failed with output: apparmor_parser: Unable to replace "docker-default"
on Google and found this:
I never used Proxmox, but I tried LXC to run Docker containers even in unpriveled LXC container, but that was long ago. Now I always add --vm to the lxc launch to have a virtual machine.
AppArmor is a kernel (extension as the kernel docs mentions) module so even in privileged containers I don’t know how it would work exactly. Maybe you could try (just for testing) add “--security-opt apparmor=unconfined” to docker run.
You could learn a little more about AppArmor and Docker in the Docker docs
But I recommend using a virtual machine instead of container or using unprivileged LXC container. I don’t know what post I read when I played with unprivileged LXC and Docker, but I am pretty sure I used the same solution as mentioned in the following article:
The most important part of it is this line in the LXC settings
nesting allows you to use nested containers (container in container) and keyctl allows a required system call.