Unable to run dockerd in a Docker instance

Hi,

using this Dockerfile on Docker Desktop for Windows 4.3.1:

FROM fedora:latest
RUN dnf -y install emacs emacs-nox xrdp wget
RUN wget https://get.docker.com -O /tmp/get-docker.sh
RUN sh /tmp/get-docker.sh
RUN rm /tmp/get-docker.sh
RUN dockerd

I get the following error from “docker build”:

failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.8.7 (legacy): can't initialize iptables table `nat': Permission denied (you must be root)

Is anyone able to help?

Thanks,

Jochen

P.S: In case you should be wondering about the idea, to run Docker in a Docker container: I am actually targeting WSL as a Docker host (Because I need to get rid of Docker Desktop as soon as possible.).Using a
Docker container is just a neat, and easy way to reproduce the problem.

The last RUN instruction does not make sense. You can’t run the docker daemon during the build process and I am sure you don’t want to. If you want to make sure the docker daemon starts when you start the container, use the CMD instruction:

FROM fedora:latest
RUN dnf -y install emacs emacs-nox xrdp wget
RUN wget https://get.docker.com -O /tmp/get-docker.sh
RUN sh /tmp/get-docker.sh
RUN rm /tmp/get-docker.sh

CMD ["dockerd"]

When you start the container you will get the same error message unless you add the --privileged flag to docker run. The difference is that now you have the chance to add this flag.

If you read the description of the official Docker in Docker image, you will see the same recommendation.

@rimelek already pointed it out: won’t work without --privileged flag. It is always a good idea to take a look at at the description and dockerfile of official images for what you try to containerize and get a feeling what is required in regards of priviliged argument or additional capabilites.

Just out of curriousity: why would you try to solve something that already exists as official image from docker itself? Just because your host might be Fedora, doesn’t require your containers to base on the same linux distrubution as well…

I do see xrdp in the list of packages to install and wonder, if you realy plan to connect to the container via rdp? Or is it just the next problem after docker is running?

Agree with @meyay. Even if you want to include additional packages in your image you may as well start with the official DinD image in your FROM.

@meyay @goffinf

I almost noted the same as you, then I realized it is just for trying it out in a container before @gonnagle installs a WSL 2 Fedora distribution with all of its features enabled in Windows (if the current version is base on hyperv). So the goal is not using Docker in Docker, it is just a tool. Of course if WSL 2 is already installed on the Windows host, I would try the installation on WSL 2 instead.

Jochen can correct me if I am wrong.

Hmm, so basicly the objective is to build a “docker image” as foundation for a wsl2 distribution?

@gonnagle I have a pet project on github that might be a good starting point for you: https://github.com/meyayl/packer-lxd-wsl2-systemd-xrdp. It is a packer project that leverages lxd to create custom wsl2 distributions.