starred/ProxmoxVE
1
0
Fork 0
mirror of https://github.com/community-scripts/ProxmoxVE.git synced 2026-02-05 00:29:55 +03:00
Code Issues 14 Packages Projects Releases 10 Wiki Activity

Docker LXC Alpine update breaks docker #2392

New Issue
Closed
opened 2026-02-05 04:41:30 +03:00 by OVERLORD · 1 comment
OVERLORD commented 2026-02-05 04:41:30 +03:00
Owner
Copy Link

Originally created by @radry on GitHub (Jan 25, 2026).

Have you read and understood the above guidelines?

yes

🔎 Did you run the script with verbose mode enabled?

Yes, verbose mode was enabled and the output is included below

📜 What is the name of the script you are using?

Docker LXC

📂 What was the exact command used to execute the script?

bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/alpine-docker.sh)"

⚙️ What settings are you using?

  • Default Settings
  • Advanced Settings

🖥️ Which Linux distribution are you using?

Alpine

📈 Which Proxmox version are you on?

pve-manager/8.4.14/b502d23c55afcba1 (running kernel: 6.8.12-15-pve)

📝 Provide a clear and concise description of the issue.

After updating the Docker LXC (Alpine) through "update" command, docker can no longer start new or existing containers.

🔄 Steps to reproduce the issue.

Update Docker LXC (Docker Version 28.3.3) via "update" in the LXCs shell.
Try to (re)start a docker container.
Oberserve Error.

Paste the full error output (if available).

Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: open sysctl net.ipv4.ip_unprivileged_port_start file: reopen fd 8: permission denied

🖼️ Additional context (optional).

uname -r
6.8.12-15-pve

Docker Version before update:

Client:
 Version:           28.3.3
 API version:       1.51
 Go version:        go1.24.7
 Git commit:        980b85681696fbd95927fd8ded8f6d91bdca95b0
 Built:             Sat Sep  6 14:42:47 2025
 OS/Arch:           linux/amd64
 Context:           default

Server:
 Engine:
  Version:          28.3.3
  API version:      1.51 (minimum version 1.24)
  Go version:       go1.24.7
  Git commit:       bea959c7b793b32a893820b97c4eadc7c87fabb0
  Built:            Sat Sep  6 14:42:47 2025
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v2.1.3
  GitCommit:        c787fb98911740dd3ff2d0e45ce88cdf01410486
 runc:
  Version:          1.3.0
  GitCommit:        4ca628d1d4c974f92d24daccb901aa078aad748e
 docker-init:
  Version:          0.19.0
  GitCommit:

Output from Verbose "update":

fetch http://dl-cdn.alpinelinux.org/alpine/latest-stable/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/latest-stable/community/x86_64/APKINDEX.tar.gz
Upgrading critical system libraries and apk-tools:
(1/3) Purging libapk2 (2.14.9-r3)
(2/3) Installing libapk (3.0.3-r1)
(3/3) Upgrading apk-tools (2.14.9-r3 -> 3.0.3-r1)
Executing busybox-1.37.0-r19.trigger
Continuing the upgrade transaction with new apk-tools:
( 1/74) Upgrading alpine-baselayout-data (3.7.0-r0 -> 3.7.1-r8)
  Installing file to etc/group.apk-new
  Installing file to etc/hostname.apk-new
  Installing file to etc/hosts.apk-new
  Installing file to etc/inittab.apk-new
  Installing file to etc/passwd.apk-new
  Installing file to etc/shadow.apk-new
  Installing file to etc/shells.apk-new
( 2/74) Upgrading musl (1.2.5-r10 -> 1.2.5-r21)
( 3/74) Upgrading busybox (1.37.0-r19 -> 1.37.0-r30)
  Executing busybox-1.37.0-r30.post-upgrade
( 4/74) Upgrading busybox-binsh (1.37.0-r19 -> 1.37.0-r30)
( 5/74) Upgrading alpine-baselayout (3.7.0-r0 -> 3.7.1-r8)
  Executing alpine-baselayout-3.7.1-r8.pre-upgrade
  Installing file to etc/motd.apk-new
  Executing alpine-baselayout-3.7.1-r8.post-upgrade
( 6/74) Upgrading openrc-user (0.62.6-r0 -> 0.63-r1)
( 7/74) Upgrading libcap2 (2.76-r0 -> 2.77-r0)
( 8/74) Upgrading openrc (0.62.6-r0 -> 0.63-r1)
  Installing file to etc/rc.conf.apk-new
  Installing file to etc/init.d/localmount.apk-new
  Executing openrc-0.63-r1.post-upgrade
( 9/74) Upgrading mdev-conf (4.8-r0 -> 4.9-r0)
(10/74) Upgrading busybox-mdev-openrc (1.37.0-r19 -> 1.37.0-r30)
(11/74) Upgrading alpine-conf (3.20.0-r0 -> 3.21.0-r0)
(12/74) Upgrading alpine-keys (2.5-r0 -> 2.6-r0)
(13/74) Upgrading alpine-release (3.22.1-r0 -> 3.23.2-r0)
(14/74) Upgrading libcrypto3 (3.5.2-r0 -> 3.5.4-r0)
(15/74) Upgrading libssl3 (3.5.2-r0 -> 3.5.4-r0)
(16/74) Upgrading ssl_client (1.37.0-r19 -> 1.37.0-r30)
(17/74) Upgrading ca-certificates-bundle (20250619-r0 -> 20251003-r0)
(18/74) Upgrading busybox-openrc (1.37.0-r19 -> 1.37.0-r30)
(19/74) Upgrading busybox-suid (1.37.0-r19 -> 1.37.0-r30)
(20/74) Upgrading scanelf (1.3.8-r1 -> 1.3.8-r2)
(21/74) Upgrading musl-utils (1.2.5-r10 -> 1.2.5-r21)
(22/74) Upgrading alpine-base (3.22.1-r0 -> 3.23.2-r0)
(23/74) Upgrading ncurses-terminfo-base (6.5_p20250503-r0 -> 6.5_p20251123-r0)
(24/74) Upgrading libncursesw (6.5_p20250503-r0 -> 6.5_p20251123-r0)
(25/74) Upgrading readline (8.2.13-r1 -> 8.3.1-r0)
(26/74) Upgrading bash (5.2.37-r0 -> 5.3.3-r1)
  Executing bash-5.3.3-r1.post-upgrade
(27/74) Upgrading brotli-libs (1.1.0-r2 -> 1.2.0-r0)
(28/74) Upgrading c-ares (1.34.5-r0 -> 1.34.6-r0)
(29/74) Upgrading libunistring (1.3-r0 -> 1.4.1-r0)
(30/74) Upgrading libidn2 (2.3.7-r0 -> 2.3.8-r0)
(31/74) Upgrading nghttp2-libs (1.65.0-r0 -> 1.68.0-r0)
(32/74) Installing nghttp3 (1.13.1-r0)
(33/74) Upgrading zstd-libs (1.5.7-r0 -> 1.5.7-r2)
(34/74) Upgrading libcurl (8.14.1-r1 -> 8.17.0-r1)
(35/74) Upgrading curl (8.14.1-r1 -> 8.17.0-r1)
(36/74) Upgrading ca-certificates (20250619-r0 -> 20251003-r0)
(37/74) Upgrading libseccomp (2.6.0-r0 -> 2.6.0-r1)
(38/74) Upgrading runc (1.3.0-r3 -> 1.4.0-r2)
(39/74) Upgrading containerd (2.1.3-r2 -> 2.2.0-r4)
(40/74) Upgrading libffi (3.4.8-r0 -> 3.5.2-r0)
(41/74) Upgrading libintl (0.24.1-r0 -> 0.24.1-r1)
(42/74) Upgrading libeconf (0.6.3-r0 -> 0.8.3-r0)
(43/74) Upgrading libblkid (2.41-r9 -> 2.41.2-r0)
(44/74) Upgrading libmount (2.41-r9 -> 2.41.2-r0)
(45/74) Upgrading pcre2 (10.43-r1 -> 10.47-r0)
(46/74) Upgrading glib (2.84.4-r0 -> 2.86.3-r0)
(47/74) Upgrading containerd-openrc (2.1.3-r2 -> 2.2.0-r4)
(48/74) Upgrading libnftnl (1.2.9-r0 -> 1.3.0-r0)
(49/74) Installing gmp (6.3.0-r4)
(50/74) Installing jansson (2.14.1-r0)
(51/74) Installing nftables (1.1.5-r2)
(52/74) Installing nftables-openrc (1.1.5-r2)
(53/74) Upgrading docker-engine (28.3.3-r2 -> 29.1.3-r1)
(54/74) Upgrading docker-openrc (28.3.3-r2 -> 29.1.3-r1)
(55/74) Upgrading docker-cli (28.3.3-r2 -> 29.1.3-r1)
(56/74) Upgrading docker-cli-buildx (0.24.0-r2 -> 0.30.1-r2)
(57/74) Upgrading docker (28.3.3-r2 -> 29.1.3-r1)
(58/74) Upgrading logrotate (3.21.0-r1 -> 3.22.0-r0)
  Executing logrotate-3.22.0-r0.post-upgrade
(59/74) Upgrading logrotate-openrc (3.21.0-r1 -> 3.22.0-r0)
(60/74) Upgrading libcom_err (1.47.2-r2 -> 1.47.3-r0)
(61/74) Upgrading e2fsprogs-libs (1.47.2-r2 -> 1.47.3-r0)
(62/74) Upgrading gpm-libs (1.20.7-r5 -> 1.20.7-r6)
(63/74) Upgrading libssh2 (1.11.1-r0 -> 1.11.1-r1)
(64/74) Upgrading nano (8.4-r0 -> 8.7-r0)
(65/74) Upgrading openssh-keygen (10.0_p1-r7 -> 10.2_p1-r0)
(66/74) Upgrading libedit (20250104.3.1-r1 -> 20251016.3.1-r0)
(67/74) Upgrading openssh-client-common (10.0_p1-r7 -> 10.2_p1-r0)
(68/74) Upgrading openssh-client-default (10.0_p1-r7 -> 10.2_p1-r0)
(69/74) Upgrading openssh-sftp-server (10.0_p1-r7 -> 10.2_p1-r0)
(70/74) Upgrading openssh-server-common (10.0_p1-r7 -> 10.2_p1-r0)
(71/74) Upgrading openssh-server-common-openrc (10.0_p1-r7 -> 10.2_p1-r0)
(72/74) Upgrading openssh-server (10.0_p1-r7 -> 10.2_p1-r0)
  Executing openssh-server-10.2_p1-r0.post-upgrade
(73/74) Upgrading openssh (10.0_p1-r7 -> 10.2_p1-r0)
(74/74) Upgrading tzdata (2025b-r0 -> 2025c-r0)
Executing busybox-1.37.0-r30.trigger
Executing ca-certificates-20251003-r0.trigger
Executing glib-2.86.3-r0.trigger
OK: 291.8 MiB in 92 packages
  ✔️   Updated successfully!
Originally created by @radry on GitHub (Jan 25, 2026). ### ✅ Have you read and understood the above guidelines? yes ### 🔎 Did you run the script with verbose mode enabled? Yes, verbose mode was enabled and the output is included below ### 📜 What is the name of the script you are using? Docker LXC ### 📂 What was the exact command used to execute the script? bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/alpine-docker.sh)" ### ⚙️ What settings are you using? - [x] Default Settings - [ ] Advanced Settings ### 🖥️ Which Linux distribution are you using? Alpine ### 📈 Which Proxmox version are you on? pve-manager/8.4.14/b502d23c55afcba1 (running kernel: 6.8.12-15-pve) ### 📝 Provide a clear and concise description of the issue. After updating the Docker LXC (Alpine) through "update" command, docker can no longer start new or existing containers. ### 🔄 Steps to reproduce the issue. Update Docker LXC (Docker Version 28.3.3) via "update" in the LXCs shell. Try to (re)start a docker container. Oberserve Error. ### ❌ Paste the full error output (if available). `Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: open sysctl net.ipv4.ip_unprivileged_port_start file: reopen fd 8: permission denied` ### 🖼️ Additional context (optional). uname -r `6.8.12-15-pve` Docker Version before update: ``` Client: Version: 28.3.3 API version: 1.51 Go version: go1.24.7 Git commit: 980b85681696fbd95927fd8ded8f6d91bdca95b0 Built: Sat Sep 6 14:42:47 2025 OS/Arch: linux/amd64 Context: default Server: Engine: Version: 28.3.3 API version: 1.51 (minimum version 1.24) Go version: go1.24.7 Git commit: bea959c7b793b32a893820b97c4eadc7c87fabb0 Built: Sat Sep 6 14:42:47 2025 OS/Arch: linux/amd64 Experimental: false containerd: Version: v2.1.3 GitCommit: c787fb98911740dd3ff2d0e45ce88cdf01410486 runc: Version: 1.3.0 GitCommit: 4ca628d1d4c974f92d24daccb901aa078aad748e docker-init: Version: 0.19.0 GitCommit: ``` Output from Verbose "update": ``` fetch http://dl-cdn.alpinelinux.org/alpine/latest-stable/main/x86_64/APKINDEX.tar.gz fetch http://dl-cdn.alpinelinux.org/alpine/latest-stable/community/x86_64/APKINDEX.tar.gz Upgrading critical system libraries and apk-tools: (1/3) Purging libapk2 (2.14.9-r3) (2/3) Installing libapk (3.0.3-r1) (3/3) Upgrading apk-tools (2.14.9-r3 -> 3.0.3-r1) Executing busybox-1.37.0-r19.trigger Continuing the upgrade transaction with new apk-tools: ( 1/74) Upgrading alpine-baselayout-data (3.7.0-r0 -> 3.7.1-r8) Installing file to etc/group.apk-new Installing file to etc/hostname.apk-new Installing file to etc/hosts.apk-new Installing file to etc/inittab.apk-new Installing file to etc/passwd.apk-new Installing file to etc/shadow.apk-new Installing file to etc/shells.apk-new ( 2/74) Upgrading musl (1.2.5-r10 -> 1.2.5-r21) ( 3/74) Upgrading busybox (1.37.0-r19 -> 1.37.0-r30) Executing busybox-1.37.0-r30.post-upgrade ( 4/74) Upgrading busybox-binsh (1.37.0-r19 -> 1.37.0-r30) ( 5/74) Upgrading alpine-baselayout (3.7.0-r0 -> 3.7.1-r8) Executing alpine-baselayout-3.7.1-r8.pre-upgrade Installing file to etc/motd.apk-new Executing alpine-baselayout-3.7.1-r8.post-upgrade ( 6/74) Upgrading openrc-user (0.62.6-r0 -> 0.63-r1) ( 7/74) Upgrading libcap2 (2.76-r0 -> 2.77-r0) ( 8/74) Upgrading openrc (0.62.6-r0 -> 0.63-r1) Installing file to etc/rc.conf.apk-new Installing file to etc/init.d/localmount.apk-new Executing openrc-0.63-r1.post-upgrade ( 9/74) Upgrading mdev-conf (4.8-r0 -> 4.9-r0) (10/74) Upgrading busybox-mdev-openrc (1.37.0-r19 -> 1.37.0-r30) (11/74) Upgrading alpine-conf (3.20.0-r0 -> 3.21.0-r0) (12/74) Upgrading alpine-keys (2.5-r0 -> 2.6-r0) (13/74) Upgrading alpine-release (3.22.1-r0 -> 3.23.2-r0) (14/74) Upgrading libcrypto3 (3.5.2-r0 -> 3.5.4-r0) (15/74) Upgrading libssl3 (3.5.2-r0 -> 3.5.4-r0) (16/74) Upgrading ssl_client (1.37.0-r19 -> 1.37.0-r30) (17/74) Upgrading ca-certificates-bundle (20250619-r0 -> 20251003-r0) (18/74) Upgrading busybox-openrc (1.37.0-r19 -> 1.37.0-r30) (19/74) Upgrading busybox-suid (1.37.0-r19 -> 1.37.0-r30) (20/74) Upgrading scanelf (1.3.8-r1 -> 1.3.8-r2) (21/74) Upgrading musl-utils (1.2.5-r10 -> 1.2.5-r21) (22/74) Upgrading alpine-base (3.22.1-r0 -> 3.23.2-r0) (23/74) Upgrading ncurses-terminfo-base (6.5_p20250503-r0 -> 6.5_p20251123-r0) (24/74) Upgrading libncursesw (6.5_p20250503-r0 -> 6.5_p20251123-r0) (25/74) Upgrading readline (8.2.13-r1 -> 8.3.1-r0) (26/74) Upgrading bash (5.2.37-r0 -> 5.3.3-r1) Executing bash-5.3.3-r1.post-upgrade (27/74) Upgrading brotli-libs (1.1.0-r2 -> 1.2.0-r0) (28/74) Upgrading c-ares (1.34.5-r0 -> 1.34.6-r0) (29/74) Upgrading libunistring (1.3-r0 -> 1.4.1-r0) (30/74) Upgrading libidn2 (2.3.7-r0 -> 2.3.8-r0) (31/74) Upgrading nghttp2-libs (1.65.0-r0 -> 1.68.0-r0) (32/74) Installing nghttp3 (1.13.1-r0) (33/74) Upgrading zstd-libs (1.5.7-r0 -> 1.5.7-r2) (34/74) Upgrading libcurl (8.14.1-r1 -> 8.17.0-r1) (35/74) Upgrading curl (8.14.1-r1 -> 8.17.0-r1) (36/74) Upgrading ca-certificates (20250619-r0 -> 20251003-r0) (37/74) Upgrading libseccomp (2.6.0-r0 -> 2.6.0-r1) (38/74) Upgrading runc (1.3.0-r3 -> 1.4.0-r2) (39/74) Upgrading containerd (2.1.3-r2 -> 2.2.0-r4) (40/74) Upgrading libffi (3.4.8-r0 -> 3.5.2-r0) (41/74) Upgrading libintl (0.24.1-r0 -> 0.24.1-r1) (42/74) Upgrading libeconf (0.6.3-r0 -> 0.8.3-r0) (43/74) Upgrading libblkid (2.41-r9 -> 2.41.2-r0) (44/74) Upgrading libmount (2.41-r9 -> 2.41.2-r0) (45/74) Upgrading pcre2 (10.43-r1 -> 10.47-r0) (46/74) Upgrading glib (2.84.4-r0 -> 2.86.3-r0) (47/74) Upgrading containerd-openrc (2.1.3-r2 -> 2.2.0-r4) (48/74) Upgrading libnftnl (1.2.9-r0 -> 1.3.0-r0) (49/74) Installing gmp (6.3.0-r4) (50/74) Installing jansson (2.14.1-r0) (51/74) Installing nftables (1.1.5-r2) (52/74) Installing nftables-openrc (1.1.5-r2) (53/74) Upgrading docker-engine (28.3.3-r2 -> 29.1.3-r1) (54/74) Upgrading docker-openrc (28.3.3-r2 -> 29.1.3-r1) (55/74) Upgrading docker-cli (28.3.3-r2 -> 29.1.3-r1) (56/74) Upgrading docker-cli-buildx (0.24.0-r2 -> 0.30.1-r2) (57/74) Upgrading docker (28.3.3-r2 -> 29.1.3-r1) (58/74) Upgrading logrotate (3.21.0-r1 -> 3.22.0-r0) Executing logrotate-3.22.0-r0.post-upgrade (59/74) Upgrading logrotate-openrc (3.21.0-r1 -> 3.22.0-r0) (60/74) Upgrading libcom_err (1.47.2-r2 -> 1.47.3-r0) (61/74) Upgrading e2fsprogs-libs (1.47.2-r2 -> 1.47.3-r0) (62/74) Upgrading gpm-libs (1.20.7-r5 -> 1.20.7-r6) (63/74) Upgrading libssh2 (1.11.1-r0 -> 1.11.1-r1) (64/74) Upgrading nano (8.4-r0 -> 8.7-r0) (65/74) Upgrading openssh-keygen (10.0_p1-r7 -> 10.2_p1-r0) (66/74) Upgrading libedit (20250104.3.1-r1 -> 20251016.3.1-r0) (67/74) Upgrading openssh-client-common (10.0_p1-r7 -> 10.2_p1-r0) (68/74) Upgrading openssh-client-default (10.0_p1-r7 -> 10.2_p1-r0) (69/74) Upgrading openssh-sftp-server (10.0_p1-r7 -> 10.2_p1-r0) (70/74) Upgrading openssh-server-common (10.0_p1-r7 -> 10.2_p1-r0) (71/74) Upgrading openssh-server-common-openrc (10.0_p1-r7 -> 10.2_p1-r0) (72/74) Upgrading openssh-server (10.0_p1-r7 -> 10.2_p1-r0) Executing openssh-server-10.2_p1-r0.post-upgrade (73/74) Upgrading openssh (10.0_p1-r7 -> 10.2_p1-r0) (74/74) Upgrading tzdata (2025b-r0 -> 2025c-r0) Executing busybox-1.37.0-r30.trigger Executing ca-certificates-20251003-r0.trigger Executing glib-2.86.3-r0.trigger OK: 291.8 MiB in 92 packages ✔️ Updated successfully! ```
OVERLORD added the 🛑 Failure to comply with the guidelines label 2026-02-05 04:41:30 +03:00
OVERLORD commented 2026-02-05 04:41:38 +03:00
Author
Owner
Copy Link

@MickLesk commented on GitHub (Jan 25, 2026):

You need to Update your Proxmox and Check old Issues. Thats an AppArmor feature from docker and fixed in pve since 2 months

@MickLesk commented on GitHub (Jan 25, 2026): You need to Update your Proxmox and Check old Issues. Thats an AppArmor feature from docker and fixed in pve since 2 months
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Implemented in VED waiting push to Main
breaking change
bug
bug
bugfix
deferred
delete script
dependencies
enhancement
external
feature
github
help wanted
in project pipeline
invalid
investigation
json
maintenance
needs triage
new script
new script
nice to have
not a script issue
not planned
organization
pull-request
Mirrored from GitHub Pull Request
 question
refactor
rename script
security
update script
website
wontdo
🛑 Failure to comply with the guidelines
No Label 🛑 Failure to comply with the guidelines
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/ProxmoxVE#2392
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?