How run docker on VDS (lxd/containers)

Question

I have VDS like lxd/container (I see it df -h). Os is installed debian 7.11. Kernel:

uname -r
4.13.0-19-generic

I want to run mysql in docker which installed into VDS. I pull mysql:

docker images
mysql/mysql-server   5.5      5eb4590ee5eb     8 days ago      180MB

but when I tried to run from root I excepted error

# docker run --privileged --name=mysql2 -d mysql/mysql-server:5.5
a2f7cd827f0d7f2993bcb3c877fd53ae14727d7bf840d768bb2f0b5fc2e0df97
docker: Error response from daemon: OCI runtime create failed: container_linux.go:296: starting container process caused "process_linux.go:398: container init caused \"rootfs_linux.go:58: mounting \\\"proc\\\" to rootfs \\\"/var/lib/docker/vfs/dir/52c9680a80799cb05d6d423b329cd15486882b7e196dcbd435084287f0d823bf\\\" at \\\"/proc\\\" caused \\\"permission denied\\\"\"": unknown.

When I installed docker I excepted warning mount: permission denied, but docker installed. When I run docker, I receive warning

service docker start
mount: permission denied
mount: permission denied
mount: permission denied
mount: permission denied
[....] Starting Docker: docker

but service running

service docker status
[ ok ] Docker is running.

I didn't see syslog, my directory /var/log is

-rw-r--r-- 1 root  root      12438 Jan 24 08:19 alternatives.log
drwxr-xr-x 2 root  root          4 Jan 20 00:47 apt
-rw-r--r-- 1 root  root     244986 Jan 20 00:47 bootstrap.log
-rw-rw---- 1 root  utmp          0 Jan 20 00:46 btmp
-rw-r----- 1 root  adm           0 Jan 24 09:12 dmesg
-rw-r----- 1 root  adm           0 Jan 23 11:52 dmesg.0
-rw-r----- 1 root  adm          28 Jan 22 12:02 dmesg.1.gz
-rw-r--r-- 1 root  docker    24714 Jan 24 10:36 docker.log
-rw-r--r-- 1 root  root     330467 Jan 24 08:56 dpkg.log
-rw-r--r-- 1 root  root       3296 Jan 21 21:47 faillog
drwxr-xr-x 2 root  root          4 Jan 20 00:47 fsck
-rw-rw-r-- 1 root  utmp      30076 Jan 24 09:20 lastlog
drwxr-s--- 2 mysql adm           2 Jan 21 21:47 mysql
drwxr-xr-x 2 root  root          3 Jan 24 09:11 unattended-upgrades
-rw-rw-r-- 1 root  utmp   27376128 Jan 24 10:53 wtmp

In docker.log

time="2018-01-24T11:00:19.694045397+02:00" level=info msg="ignoring event" module=libcontainerd namespace=moby topic=/containers/create type="*events.ContainerCreate"
time="2018-01-24T11:00:19+02:00" level=info msg="shim docker-containerd-shim started" address="/containerd-shim/moby/1be5433094ef58b7124ffcf9b5ee5e86b474a9129bf3f747a5bfc7e07767ac5a/shim.sock" debug=false module="containerd/tasks" pid=3027 
time="2018-01-24T11:00:19+02:00" level=info msg="shim reaped" id=1be5433094ef58b7124ffcf9b5ee5e86b474a9129bf3f747a5bfc7e07767ac5a module="containerd/tasks" 
time="2018-01-24T11:00:19.939970415+02:00" level=error msg="stream copy error: reading from a closed fifo"
time="2018-01-24T11:00:19.940053674+02:00" level=error msg="stream copy error: reading from a closed fifo"
time="2018-01-24T11:00:19.942454319+02:00" level=info msg="ignoring event" module=libcontainerd namespace=moby topic=/containers/delete type="*events.ContainerDelete"
time="2018-01-24T11:00:20.120509909+02:00" level=error msg="1be5433094ef58b7124ffcf9b5ee5e86b474a9129bf3f747a5bfc7e07767ac5a cleanup: failed to delete container from containerd: no such container"

Can you help me please?

Answer 1

In order to run Docker inside a LXD container, you need to enable container nesting. Nesting means that there can be a container (docker) inside a container (from LXD).

Launch the container like this,

lxc launch ubuntu:x mydockers -c security.nesting=true

If the LXD container has already been created, then add the flag with

lxc config set mydockers security.nesting true
lxc restart mydockers