starred/ProxmoxVE
1
0
Fork 0
mirror of https://github.com/community-scripts/ProxmoxVE.git synced 2026-04-25 09:15:59 +03:00
Code Issues 12 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #8987] Docker not working after updating to version 28.5.2 #1965

New issue
Closed
opened 2026-02-26 12:50:49 +03:00 by kerem · 2 comments
kerem commented 2026-02-26 12:50:49 +03:00
Owner
Copy link

Originally created by @andioz on GitHub (Nov 8, 2025).
Original GitHub issue: https://github.com/community-scripts/ProxmoxVE/issues/8987

Have you read and understood the above guidelines?

yes

📜 What is the name of the script you are using?

docker

📂 What was the exact command used to execute the script?

bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/docker.sh)"

⚙️ What settings are you using?

  • Default Settings
  • Advanced Settings

🖥️ Which Linux distribution are you using?

Debian 12

📈 Which Proxmox version are you on?

pve-manager/8.4.14/b502d23c55afcba1 (running kernel: 6.8.12-15-pve)

📝 Provide a clear and concise description of the issue.

Today I ran apt update -y && apt upgrade -y inside my docker LXC, and afterwards docker could not run containers anymore.

After some experiments with different settings (for example set unprivileged=0) I could not find a solution. The only thing I can currently do is to freeze the docker version.

The new docker version is 28.5.2.

After restoring a backup, I checked the working versions:

dpkg -l | grep -E 'docker|containerd'

Output:

ii  containerd.io                 1.7.28-1~debian.12~bookworm    amd64        An open and reliable container runtime
ii  docker-buildx-plugin          0.29.1-1~debian.12~bookworm    amd64        Docker Buildx plugin extends build capabilities with BuildKit.
ii  docker-ce                     5:28.5.1-1~debian.12~bookworm  amd64        Docker: the open-source application container engine
ii  docker-ce-cli                 5:28.5.1-1~debian.12~bookworm  amd64        Docker CLI: the open-source application container engine
ii  docker-ce-rootless-extras     5:28.5.1-1~debian.12~bookworm  amd64        Rootless support for Docker.
ii  docker-compose-plugin         2.40.2-1~debian.12~bookworm    amd64        Docker Compose (V2) plugin for the Docker CLI.
ii  docker-model-plugin           0.1.44-1~debian.12~bookworm    amd64        Docker Model Runner plugin for the Docker CLI.

Then I ran this command:

apt-mark hold \
    containerd.io \
    docker-buildx-plugin \
    docker-ce \
    docker-ce-cli \
    docker-ce-rootless-extras \
    docker-compose-plugin \
    docker-model-plugin

Now apt doesn't touch the docker components. This is of course only a workaround for now to keep my system up and running. It looks like that docker changed something significant in the last update, but I'm not an expert in this...

🔄 Steps to reproduce the issue.

I tried to create a fresh LXC instance, and it didn't work out of the box, because version 28.5.2 was installed.

Paste the full error output (if available).

Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: open sysctl net.ipv4.ip_unprivileged_port_start file: reopen fd 8: permission denied: unknown

🖼️ Additional context (optional).

No response

Originally created by @andioz on GitHub (Nov 8, 2025). Original GitHub issue: https://github.com/community-scripts/ProxmoxVE/issues/8987 ### ✅ Have you read and understood the above guidelines? yes ### 📜 What is the name of the script you are using? docker ### 📂 What was the exact command used to execute the script? bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/docker.sh)" ### ⚙️ What settings are you using? - [ ] Default Settings - [x] Advanced Settings ### 🖥️ Which Linux distribution are you using? Debian 12 ### 📈 Which Proxmox version are you on? pve-manager/8.4.14/b502d23c55afcba1 (running kernel: 6.8.12-15-pve) ### 📝 Provide a clear and concise description of the issue. Today I ran `apt update -y && apt upgrade -y` inside my docker LXC, and afterwards docker could not run containers anymore. After some experiments with different settings (for example set unprivileged=0) I could not find a solution. The only thing I can currently do is to freeze the docker version. The new docker version is 28.5.2. After restoring a backup, I checked the working versions: ```sh dpkg -l | grep -E 'docker|containerd' ``` Output: ``` ii containerd.io 1.7.28-1~debian.12~bookworm amd64 An open and reliable container runtime ii docker-buildx-plugin 0.29.1-1~debian.12~bookworm amd64 Docker Buildx plugin extends build capabilities with BuildKit. ii docker-ce 5:28.5.1-1~debian.12~bookworm amd64 Docker: the open-source application container engine ii docker-ce-cli 5:28.5.1-1~debian.12~bookworm amd64 Docker CLI: the open-source application container engine ii docker-ce-rootless-extras 5:28.5.1-1~debian.12~bookworm amd64 Rootless support for Docker. ii docker-compose-plugin 2.40.2-1~debian.12~bookworm amd64 Docker Compose (V2) plugin for the Docker CLI. ii docker-model-plugin 0.1.44-1~debian.12~bookworm amd64 Docker Model Runner plugin for the Docker CLI. ``` Then I ran this command: ```sh apt-mark hold \ containerd.io \ docker-buildx-plugin \ docker-ce \ docker-ce-cli \ docker-ce-rootless-extras \ docker-compose-plugin \ docker-model-plugin ``` Now apt doesn't touch the docker components. This is of course only a workaround for now to keep my system up and running. It looks like that docker changed something significant in the last update, but I'm not an expert in this... ### 🔄 Steps to reproduce the issue. I tried to create a fresh LXC instance, and it didn't work out of the box, because version 28.5.2 was installed. ### ❌ Paste the full error output (if available). ``` Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: open sysctl net.ipv4.ip_unprivileged_port_start file: reopen fd 8: permission denied: unknown ``` ### 🖼️ Additional context (optional). _No response_
kerem 2026-02-26 12:50:49 +03:00
  • closed this issue
  • added the
    bug
         label
kerem commented 2026-02-26 12:50:50 +03:00
Author
Owner
Copy link

@MickLesk commented on GitHub (Nov 8, 2025):

Duplicate of #8890

<!-- gh-comment-id:3506804697 --> @MickLesk commented on GitHub (Nov 8, 2025): Duplicate of #8890
kerem commented 2026-02-26 12:50:50 +03:00
Author
Owner
Copy link

@andioz commented on GitHub (Nov 8, 2025):

For those who are willing to give the LXC container more priviledges, this could work (I asked chatgpt and tried it quickly on the fresh dummy container): add this settings to the container config in /etc/pve/lxc/100.conf

lxc.privileged: 1
features: nesting=1
lxc.apparmor.profile: unconfined
lxc.cap.drop =
<!-- gh-comment-id:3506804880 --> @andioz commented on GitHub (Nov 8, 2025): For those who are willing to give the LXC container more priviledges, this could work (I asked chatgpt and tried it quickly on the fresh dummy container): add this settings to the container config in `/etc/pve/lxc/100.conf` ``` lxc.privileged: 1 features: nesting=1 lxc.apparmor.profile: unconfined lxc.cap.drop = ```
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
github-action-update-changelog
pr-update-app-files
add-script-fireshare-1777034879
refactor_ghostfolio
add-script-jitsi-meet-1776754982
add-script-apprise-api-1776844606
add-script-transmute-1776844620
fix/update-motd-profile-terminal-500
revert-13797-phs-verbose
revert-13951-hotfix_core_motd
fix/node-options-auto-heap-termix
fix/twingate-connector-real-update
fix/mealie-startsh-missing-after-failed-update
fix/setup-nodejs-upgrade-minor-patch
hotfix_core_motd
fix/uv-venv-clear-update-scripts
add-script-ownfoil-1776758482
add-script-mini-qr-1776757900
add-script-dashy-1776446840
add-script-erpnext-1776807942
add-script-minthcm-1776758021
add-script-anchor-1776753635
add-script-foldergram-1776755549
add-script-gogs-1776754912
copilot/fix-homelable-installation-error
add-script-whodb-1776695185
fix/lxc-stack-upgrade-and-storage-validation
fix/node-version-drift
fix/pangolin-migration-user-roles
fix/pmg-post-install-detection
fix/pangolin-safe-migration
fix/wanderer-pocketbase-wrapper
fix/slskd-config-migration
fix-actualbudget-warnings
add-script-nametag-1776613576
github-action-archive-changelog
fix/litellm-prisma-generate
fix/clean-orphaned-lvm-cluster-aware
fix/babybuddy-django-settings-module
fix/yamtrack-nginx-update-config
add-script-dagu-1776530655
fix/intel-igc-version-pinning
fix/build-func-pct-create-audit
add-script-igotify-1776263238
add-script-step-ca-1776263572
cleanup_docs_and_co
add-script-github-runner-1776088530
revert-13570-remove_unused_scripts
fix/lyrion-service-name
fix/mealie-v3.15-nuxt4
fix/reitti-v4-refactor
copilot/fix-mealie-version-update
copilot/fix-git-command-not-found
fix/slskd-soularr-lockfile
fix/build-func-tmpdir-leak
refactor/bytestash-data-backup
copilot/fix-bambuddy-update-issue
MickLesk-patch-2
fix/ironclaw-keychain
fix/alpine-wakapi-busybox-df
fix/bentopdf-wasm-coep-headers
fix/crafty-controller-creds-wait
feat/elementsynapse-element-call
fix/metube-pnpm-builds
fix/romm-dynamic-base-path
fix/immich-env-newline
copilot/fix-homarr-update-script
fix/github-token-attempt-zero-crash
fix/filebrowser-quantum-host-warning
fix/homarr-redis-bind-localhost
CrazyWolf13-patch-3
fix/dynamic-os-detection
fix/checkmk-release-security-suffix
fix/bambuddy-ffmpeg-updateable
fix/immich-helmet-csp
core_add_scriptsite_donation_url
add-script-ironclaw-1775649518
fix/proxmox-error-resilience
remove_unused_scripts
CrazyWolf13-patch-1
fix/papra-env-backup-fallback
CrazyWolf13-patch-2
add-script-homelable-1775421958
add-script-openthread-br-1775416012
fix/silent-return-instead-of-exit
fix/nvidia-glx-fallback
fix/npm-ensure-nginx-dirs
fix/motioneye-run-as-root
fix/grist-remove-ee
fix/openwrt-vm-shutdown
fix/core-func-profiled-sourcing
fix/crafty-controller-java25
fix/lxc-updater-apt-pager
fix/npm-openresty-user-config
add-script-netboot-xyz-1775157692
copilot/fix-zigbee2mqtt-update-error
feat/apt-proxy-url-support
fix/cron-updater-path
fix/grist-backup-empty-docs
fix/filebrowser-noauth
feat/core-hardening-proxmoxve
add-script-drawdb-1775060927
fix/build-func-empty-gateway
fix/graylog-max-map-count
fix/koillection-envlocal-newline
add-script-bambuddy-1774853250
MickLesk-patch-1
fix/immich-maintenance-mode-redis-error
fix/npm-unmask-openresty-on-migration
fix/ollama-intel-gpg-error-handling
add-script-yourls-1774732133
add-script-matter-server-1774638379
fix/dispatcharr-pg-port
cron_update_lxc
chore/immich-v2.6.3
add-script-geopulse-1774548387
cdn_improvements
add-script-birdnet-1774535320
fix/tools-func-exit-codes
fix/immich-update-db-hostname
update/frigate-0.17.1
fix/use-absolute-path-for-install
fix/pin-npm-version
shell_safe_fixes
remove_booklore
chore/update-url-community-scripts
komodov2
refactor/turnkey-modernize
add-script-nextexplorer-1774344421
add-script-homebrew-1774342032
fix/shell-security-hardening-v2
improve/build-func-performance-cleanup
fix/build-dns-prefix
fix/anytype-mongodb-wait
fix/frigate-cpu-model-path
copilot/fix-installation-failure-isponsorblocktv
fix/reactive-resume-add-git
copilot/scanopy-fix-apt-configuration-error
add-script-isponsorblocktv-1774009652
add-script-alpine-wakapi-1774008954
fix/coder-code-server-existing-config-and-reachability
add-script-teleport-1773928044
CrazyWolf13-patch-wealthfolio-1
refactor/tools-func-qol
fix/stirling-pdf-jdk-reinstall
fix/pinned-version-wording
MickLesk-patch-10
fix/reactive-resume-v5013
fix/tracearr-update-version-oom
copilot/fix-hdd-space-for-owncast
tremor021-patch-6
pocketbase_bot
disp_fix
fix/tdarr-binary-check-curl-retry
MickLesk-patch-9
refactor/podman-quadlets
alpine-ntfy
refactor/jellyfin
CrazyWolf13-patch-11
feature/autousermod_hwaccell
add-script-split-pro-1773677692
fix/frigate-openvino-fallback
fix/paperless-ngx-default-ram
fix/plex-restart-after-update
fix/gluetun-openvpn-env
MickLesk-patch-8
termix_add_guacd
MickLesk-patch-7
fix/tududi-nodejs-in-update
fix/sparkyfitness-npm-peer-deps
docs/website-metadata-workflow
fix-pbs_microcode
remove_jsons
michelroegl-brunner-patch-4
add-script-test-1773325265
cleanup_workflows
feat/remove-frontend
automated/update-github-versions
feat/mode-generated
fix/n8n-build-essential
fix/sparkyfitness-shared-deps
fix/rocm-path-escaping
fix/storage-validation-cross-node
fix/frigate-nvidia-version-regex
arm64-build-support
readme
michelroegl-brunner-patch-3
fix/coder-code-server-backup
copilot/fix-immich-update-dependency-issue
rust
fix/linkwarden-update-playwright
fix/powerdns-sqlite-permissions
fix/duplicate-nameserver-searchdomain
CrazyWolf13-patch-7
feat/ollama-rocm-support
fix/seerr-migration-update-script
preflight_tests
adgu_fix
2026-04-24
2026-04-23
2026-04-22
2026-04-21
2026-04-20
2026-04-19
2026-04-18
2026-04-17
2026-04-16
2026-04-15
2026-04-14
2026-04-13
2026-04-12
2026-04-11
2026-04-10
2026-04-09
2026-04-08
2026-04-07
2026-04-06
2026-04-05
2026-04-04
2026-04-03
2026-04-02
2026-04-01
2026-03-31
2026-03-30
2026-03-29
2026-03-28
2026-03-27
2026-03-26
2026-03-25
2026-03-24
2026-03-23
2026-03-22
2026-03-21
2026-03-20
2026-03-19
2026-03-18
2026-03-17
2026-03-16
2026-03-15
2026-03-14
2026-03-13
2026-03-12
2026-03-11
2026-03-10
2026-03-09
2026-03-08
2026-03-07
2026-03-06
2026-03-05
2026-03-04
2026-03-03
2026-03-02
2026-03-01
2026-02-28
2026-02-27
2026-02-26
2026-02-25
2026-02-24
2026-02-23
2026-02-22
2026-02-21
2026-02-20
2026-02-19
2026-02-18
2026-02-17
2026-02-16
2026-02-15
2026-02-14
2026-02-13
2026-02-12
2026-02-11
2026-02-10
2026-02-09
2026-02-08
2026-02-07
2026-02-06
2026-02-05
2026-02-04
2026-02-03
2026-02-02
2026-02-01
2026-01-31
2026-01-30
2026-01-29
2026-01-28
2026-01-27
2026-01-26
2026-01-25
2026-01-24
2026-01-23
2026-01-22
2026-01-21
2026-01-20
2026-01-19
2026-01-18
2026-01-17
2026-01-16
2026-01-15
2026-01-14
2026-01-13
2026-01-12
2026-01-11
2026-01-10
2026-01-09
2026-01-08
2026-01-07
2026-01-06
2026-01-05
2026-01-04
2026-01-03
2026-01-02
2026-01-01
2025-12-31
2025-12-30
2025-12-29
2025-12-28
2025-12-27
2025-12-26
2025-12-25
2025-12-24
2025-12-23
2025-12-22
2025-12-21
2025-12-20
2025-12-19
2025-12-18
2025-12-17
2025-12-16
2025-12-15
2025-12-14
2025-12-13
2025-12-12
2025-12-11
2025-12-10
2025-12-09
2025-12-08
2025-12-07
2025-12-06
2025-12-05
2025-12-04
2025-12-03
2025-12-02
2025-12-01
2025-11-30
2025-11-29
2025-11-28
2025-11-27
2025-11-26
2025-11-25
2025-11-24
2025-11-23
2025-11-22
2025-11-21
2025-11-20
2025-11-19
2025-11-18
2025-11-17
2025-11-16
2025-11-15
2025-11-14
2025-11-13
2025-11-12
2025-11-11
2025-11-10
2025-11-09
2025-11-08
2025-11-07
2025-11-06
2025-11-05
2025-11-04
2025-11-03
2025-11-02
2025-11-01
2025-10-31
2025-10-30
2025-10-29
2025-10-28
2025-10-27
2025-10-26
2025-10-25
2025-10-24
2025-10-23
2025-10-22
2025-10-21
2025-10-20
2025-10-19
2025-10-18
2025-10-17
2025-10-16
2025-10-15
2025-10-14
2025-10-13
2025-10-12
2025-10-11
2025-10-10
2025-10-09
2025-10-08
2025-10-07
2025-10-06
2025-10-05
2025-10-04
2025-10-03
2025-10-02
2025-10-01
2025-09-30
2025-09-29
2025-09-28
2025-09-27
2025-09-26
2025-09-25
2025-09-24
2025-09-23
2025-09-22
2025-09-21
2025-09-20
2025-09-19
2025-09-18
2025-09-17
2025-09-16
2025-09-15
2025-09-14
2025-09-13
2025-09-12
2025-09-11
2025-09-10
2025-09-09
2025-09-08
2025-09-07
2025-09-06
2025-09-05
2025-09-04
2025-09-03
2025-09-02
2025-09-01
2025-08-31
2025-08-30
2025-08-29
2025-08-28
2025-08-27
2025-08-26
2025-08-25
2025-08-24
2025-08-23
2025-08-22
2025-08-21
2025-08-20
2025-08-19
2025-08-18
2025-08-17
2025-08-16
2025-08-15
2025-08-14
2025-08-13
2025-08-12
2025-08-11
2025-08-10
2025-08-09
2025-08-08
2025-08-07
2025-08-06
2025-08-05
2025-08-04
2025-08-03
2025-08-02
2025-08-01
2025-07-31
2025-07-30
2025-07-29
2025-07-28
2025-07-27
2025-07-26
2025-07-25
2025-07-24
2025-07-23
2025-07-22
2025-07-21
2025-07-20
2025-07-19
2025-07-18
2025-07-17
2025-07-16
2025-07-15
2025-07-14
2025-07-11
2025-07-10
2025-07-09
2025-07-08
2025-07-07
2025-07-06
2025-07-05
2025-07-04
2025-07-03
2025-07-02
2025-07-01
2025-06-30
2025-06-29
2025-06-28
2025-06-27
2025-06-26
2025-06-25
2025-06-24
2025-06-23
2025-06-22
2025-06-21
2025-06-20
2025-06-19
2025-06-18
2025-06-17
2025-06-16
2025-06-15
2025-06-14
2025-06-13
2025-06-12
2025-06-11
2025-06-10
2025-06-09
2025-06-08
2025-06-07
2025-06-06
2025-06-05
2025-06-04
2025-06-03
2025-06-02
2025-06-01
2025-05-31
2025-05-30
2025-05-29
2025-05-28
2025-05-27
2025-05-26
2025-05-25
2025-05-24
2025-05-23
2025-05-22
2025-05-21
2025-05-20
2025-05-19
2025-05-18
2025-05-17
2025-05-16
2025-05-15
2025-05-14
2025-05-13
2025-05-12
2025-05-11
2025-05-10
2025-05-09
2025-05-08
2025-05-07
2025-05-06
2025-05-05
2025-05-04
2025-05-03
2025-05-02
2025-05-01
2025-04-30
2025-04-29
2025-04-28
2025-04-27
2025-04-26
2025-04-25
2025-04-24
2025-04-23
2025-04-22
2025-04-20
2025-04-21
2025-04-19
2025-04-18
2025-04-17
2025-04-15
2025-04-16
2025-04-14
2025-04-13
2025-04-12
2025-04-11
2025-04-10
2025-04-09
2025-04-08
2025-04-07
2025-04-06
2025-04-05
2025-04-04
2025-04-03
2025-04-02
2025-04-01
2025-03-31
2025-03-30
2025-03-29
2025-03-28
2025-03-27
2025-03-26
2025-03-25
2025-03-24
2025-03-23
2025-03-22
2025-03-21
2025-03-20
2025-03-19
2025-03-18
2025-03-17
2025-03-16
2025-03-15
2025-03-14
2025-03-13
2025-03-12
2025-03-11
2025-03-10
2025-03-09
2025-03-08
2025-03-07
2025-03-06
2025-03-05
2025-03-04
2025-03-03
2025-03-02
2025-03-01
2025-02-28
2025-02-27
2025-02-26
2025-02-25
2025-02-24
2025-02-23
2025-02-21
2025-02-20
2025-02-19
2025-02-18
2025-02-17
2025-02-16
2025-02-15
2025-02-14
2025-02-13
2025-02-12
2025-02-11
2025-02-10
2025-02-09
2025-02-08
2025-02-07
2025-02-06
2025-02-05
2025-02-04
2025-02-03
2025-02-02
2025-02-01
2025-01-31
2025-01-30
2025-01-29
2025-01-28
2025-01-27
2025-01-26
2025-01-24
2025-01-23
2025-01-22
2025-01-21
2025-01-20
2025-01-19
2025-01-18
2025-01-17
2025-01-16
2025-01-15
2025-01-14
2025-01-13
2025-01-11
2025-01-10
2025-01-09
2025-01-08
2025-01-07
2025-01-06
2025-01-05
2025-01-04
2025-01-03
2025-01-02
2025-01-01
2024-12-31
2024-12-30
2024-12-29
2024-12-28
2024-12-27
2024-12-26
2024-12-25
2024-12-23
2024-12-21
2024-12-20
2024-12-19
2024-12-18
2024-12-17
2024-12-16
2024-12-13
2024-12-12
2024-12-09
2024-12-08
2024-12-07
2024-12-06
2024-12-05
2024-12-04
2024-12-03
2024-12-02
2024-11-30
2024-11-29
2024-11-28
2024-11-27
2024-11-26
2024-11-25
2024-11-24
2024-11-23
Labels
Clear labels   
Implemented in VED waiting push to Main

   
automated

   
breaking change

   
bug

   
bug

   
bugfix

   
deferred

   
delete script

   
dependencies

   
enhancement

   
external

   
feature

   
github

   
help wanted

   
in project pipeline

   
invalid

   
investigation

   
json

   
maintenance

   
needs triage

   
new script

   
new script

   
nice to have

   
not a script issue

   
not planned

   
organization

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
refactor

   
rename script

   
security

   
telemetry

   
update script

   
website

   
wontdo

   
🛑 Failure to comply with the guidelines
No labels
Implemented in VED waiting push to Main
automated
breaking change
bug
bug
bugfix
deferred
delete script
dependencies
enhancement
external
feature
github
help wanted
in project pipeline
invalid
investigation
json
maintenance
needs triage
new script
new script
nice to have
not a script issue
not planned
organization
pull-request
question
refactor
rename script
security
telemetry
update script
website
wontdo
🛑 Failure to comply with the guidelines
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/ProxmoxVE#1965
No description provided.