Docker on LXC/LXD
June 17, 2026
First, ensure your kernel supports the featureset required for Docker:
wget https://raw.githubusercontent.com/moby/moby/master/contrib/check-config.sh
chmod 755 check-config.sh
./check-config.shZFS Storage Setup
One-time setup for the Docker storage pool:
zfs create tank/virt/lxd/docker
mkdir -p /var/lib/dockerPer-container storage setup:
zfs create -s -V 50g tank/virt/lxd/docker/00-golden # sparse volume
mkfs.ext4 -m 0 -L 00-golden /dev/zvol/tank/virt/lxd/docker/00-golden
mkdir -p /var/lib/docker/00-golden
mount /dev/zvol/tank/virt/lxd/docker/00-golden /var/lib/docker/00-golden
rm -rf /var/lib/docker/00-golden/lost*
lxc storage create 00-golden dir source=/var/lib/docker/00-goldenContainer Configuration
Create the container with the custom storage:
lxc init --storage 00-golden images:ubuntu/20.04 docker-00-goldenConfigure cgroup mounting for systemd compatibility:
lxc config set docker-00-golden raw.lxc 'lxc.mount.auto = cgroup'Enable the security settings required for nested Docker:
lxc config set docker-00-golden \
security.nesting=true \
security.syscalls.intercept.setxattr=true \
security.syscalls.intercept.mknod=true \
security.privileged=trueStart the container:
lxc start docker-00-goldenInstall Docker Inside the Container
Inside the container, install Docker:
apt-get remove docker docker-engine docker.io containerd runc
apt-get update
apt-get install \
ca-certificates \
curl \
gnupg \
lsb-release
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update
apt-get install docker-ce docker-ce-cli containerd.io
systemctl enable docker.service
systemctl enable containerd.service