Well, the thing is that with the CVE patch applied, all kinds of things won't work running Docker in an unprivileged container. So even if we worked around the getPipeFds() issue, we'd still fail e.g. at setting oom-score adjust because it also tries to access files under /proc/<pid>. I think we will have to discuss an alternate approach with upstream. Until such time, a workaround is to set
lxc config set <container_name> security.privileged true
Well, the thing is that with the CVE patch applied, all kinds of things won't work running Docker in an unprivileged container. So even if we worked around the getPipeFds() issue, we'd still fail e.g. at setting oom-score adjust because it also tries to access files under /proc/<pid>. I think we will have to discuss an alternate approach with upstream. Until such time, a workaround is to set
lxc config set <container_name> security.privileged true
Would that be acceptable?