Over the weekend I did an update of my Debian LXC container running docker and none of my dockers where starting due to a patch https://securityvulnerability.io/vulnerability/CVE-2025-52881
Every time I tried to start an docker container it comes up with the below error
Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: open sysctl net.ipv4.ip_unprivileged_port_start file: reopen fd 8: permission denied: unknown.
I have found a fix for it https://github.com/opencontainers/runc/issues/4968
You instead need to add the following configuration to /etc/pve/lxc/$ctr.conf:
lxc.apparmor.profile: unconfined
lxc.mount.entry: /dev/null sys/module/apparmor/parameters/enabled none bind 0 0
And restart the container.
Every time I tried to start an docker container it comes up with the below error
Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: open sysctl net.ipv4.ip_unprivileged_port_start file: reopen fd 8: permission denied: unknown.
I have found a fix for it https://github.com/opencontainers/runc/issues/4968
You instead need to add the following configuration to /etc/pve/lxc/$ctr.conf:
lxc.apparmor.profile: unconfined
lxc.mount.entry: /dev/null sys/module/apparmor/parameters/enabled none bind 0 0
And restart the container.
Last edited:
