I searched for
failed with output: apparmor_parser: Unable to replace "docker-default"
on Google and found this:
I never used Proxmox, but I tried LXC to run Docker containers even in unpriveled LXC container, but that was long ago. Now I always add --vm
to the lxc launch
to have a virtual machine.
AppArmor is a kernel (extension as the kernel docs mentions) module so even in privileged containers I don’t know how it would work exactly. Maybe you could try (just for testing) add “--security-opt apparmor=unconfined
” to docker run.
You could learn a little more about AppArmor and Docker in the Docker docs
But I recommend using a virtual machine instead of container or using unprivileged LXC container. I don’t know what post I read when I played with unprivileged LXC and Docker, but I am pretty sure I used the same solution as mentioned in the following article:
The most important part of it is this line in the LXC settings
features: keyctl=1,nesting=1
nesting
allows you to use nested containers (container in container) and keyctl allows a required system call.
You can read about this too from the Proxmox wiki
https://pve.proxmox.com/wiki/Linux_Container
It also mentions:
nesting= (default = 0)
Allow nesting. Best used with unprivileged containers with additional id mapping. Note that this will expose procfs and sysfs contents of the host to the guest.