C
Coder.com3w ago
Greenman999

Docker in Docker does not work with docker devcontainer template

Hi, i want to run docker in docker in a devcontainer but docker does not work. When using envbuilder standalone it works: 
docker run -it --rm \
    --privileged \
    -v /tmp/envbuilder:/workspaces \
    -e ENVBUILDER_GIT_URL=https://github.com/coder/envbuilder \
    -e ENVBUILDER_DEVCONTAINER_DIR=/workspaces/envbuilder/examples/docker/02_dind \
    -e ENVBUILDER_INIT_SCRIPT=bash \
    ghcr.io/coder/envbuilder:latest
docker run -it --rm \
    --privileged \
    -v /tmp/envbuilder:/workspaces \
    -e ENVBUILDER_GIT_URL=https://github.com/coder/envbuilder \
    -e ENVBUILDER_DEVCONTAINER_DIR=/workspaces/envbuilder/examples/docker/02_dind \
    -e ENVBUILDER_INIT_SCRIPT=bash \
    ghcr.io/coder/envbuilder:latest
but with the docker in docker devcontainer feature set in devcontainer.json the docker daemon cant start: 
                  
INFO[2025-02-03T21:57:44.782873617Z] unable to detect if iptables supports xlock: 'iptables --wait -L -n': `iptables v1.8.9 (legacy): can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.`  error="exit status 3"
INFO[2025-02-03T21:57:44.799766527Z] stopping event stream following graceful shutdown  error="<nil>" module=libcontainerd namespace=moby
INFO[2025-02-03T21:57:44.800161120Z] stopping healthcheck following graceful shutdown  module=libcontainerd
INFO[2025-02-03T21:57:44.800215382Z] stopping event stream following graceful shutdown  error="context canceled" module=libcontainerd namespace=plugins.moby
failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to register "bridge" driver: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.8.9 (legacy): can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
 (exit status 3)
                  
INFO[2025-02-03T21:57:44.782873617Z] unable to detect if iptables supports xlock: 'iptables --wait -L -n': `iptables v1.8.9 (legacy): can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.`  error="exit status 3"
INFO[2025-02-03T21:57:44.799766527Z] stopping event stream following graceful shutdown  error="<nil>" module=libcontainerd namespace=moby
INFO[2025-02-03T21:57:44.800161120Z] stopping healthcheck following graceful shutdown  module=libcontainerd
INFO[2025-02-03T21:57:44.800215382Z] stopping event stream following graceful shutdown  error="context canceled" module=libcontainerd namespace=plugins.moby
failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to register "bridge" driver: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.8.9 (legacy): can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
 (exit status 3)
can someone help me with this?
5 Replies
Phorcys
Phorcys3w ago
hello @Greenman999 could you send over your template? just to make sure, you're running a regular Coder workspace, and inside that workspace you're starting a devcontainer from VSCode?
Greenman999
Greenman999OP3w ago
no my template is originally the docker envbuilder devcontainer one

main.tf

Phorcys
Phorcys3w ago
i get it now, this makes sense you need to set up Docker in Workspaces for this to work
Greenman999
Greenman999OP3w ago
ah thanks, will try this as soon as i can
Phorcys
Phorcys3w ago
in your case you'd need to install the Sysbox runtime and set runtime = "sysbox-ce" (IIRC) in your docker_container resource

Did you find this page helpful?