Recently I did an apt dist-upgrade on a Debian incus container and on the other side of it Docker was completely broken. I would get errors like this:
Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: open sysctl net.ipv4.ip_unprivileged_port_start file: reopen fd 8: permission denied: unknown
It took awhile to track down, but I ultimately found some similar reports online, and the consensus was to downgrade to the prior release of docker/containerd to get running again, which I did. Later that day, I came across an issue on opencontainers/runc tracking the resolution.
I saw this interesting tidbit amongst the discussion:
Incus generates its own AppArmor rules which you cannot directly modify. However, Incus has already been patched (in lxc/incus#2624) so if you switch to the daily builds then the problem should already be resolved for you. Unfortunately there is no
raw.lxc.*workaround possible.
I downgraded and held the packages for docker/containerd on my machine to keep me running for now, but it would be nice if TrueNAS could pull in this Incus update so that I didn’t have to.
Happy to provide any other info if it helps the devs debug this.
