Docker containers fail to start on Proxmox 9 / Debian 13 host (worked fine on Proxmox 8)

P

Peterkal

New Member
Dec 26, 2023
3
1
3
Hi all,

I’ve been running Docker directly on a Proxmox 8 host with Debian 12 for a long time. My setup includes VMs and Docker containers side by side — everything worked perfectly. Even GPU passthrough to containers (Intel iGPU or NVIDIA) was easy to configure via Docker Compose and worked reliably.

After upgrading to Proxmox 9 / Debian 13, my VMs still work fine, but Docker containers on the host fail to start. I’m getting various errors related to UNIX socket permissions, AppArmor denials, and IPC failures. Even simple containers like Alpine or MariaDB won’t start.

On one upgraded host with an NVIDIA GPU, I had to disable AppArmor entirely to get containers working again — and then everything worked as expected, including GPU passthrough. But disabling AppArmor feels like a risky workaround.

I’m not trying to emphasize GPU passthrough — that’s just a bonus. My main concern is that Docker containers don’t start at all on Proxmox 9 / Debian 13 host, even without any GPU configuration.

Questions:

  1. Is Docker on the host officially supported in Proxmox 9?
  2. Is there an AppArmor profile or configuration that allows Docker containers to run normally on Proxmox 9?
  3. What’s the recommended way to run Docker containers directly on the host without disabling AppArmor or moving everything into a VM?
I’m looking for an official and secure solution — not workarounds that compromise system security.

Thanks in advance!
 
  • Like
Reactions: Tert0
Peterkal said:
Is Docker on the host officially supported in Proxmox 9?

I’m looking for an official and secure solution — not workarounds that compromise system security.
Click to expand...
I think the answer is in the manual: https://pve.proxmox.com/pve-docs/pve-admin-guide.html#chapter_pct
If you want to run application containers, for example, Docker images, it is recommended that you run them inside a Proxmox QEMU VM.
Click to expand...
People have argued about how this is worded in many threads already but I think this answers your first question with a clear No.
Proxmox staff has also mentioned why they don't want to integrate Docker images into Proxmox VE in the past (but I don't know the exact wording or where to find that particular thread, sorry).
 
leesteken said:
I think the answer is in the manual: https://pve.proxmox.com/pve-docs/pve-admin-guide.html#chapter_pct

People have argued about how this is worded in many threads already but I think this answers your first question with a clear No.
Proxmox staff has also mentioned why they don't want to integrate Docker images into Proxmox VE in the past (but I don't know the exact wording or where to find that particular thread, sorry).
Click to expand...

Thanks for the reply — I understand the reasoning, and it’s logical and justified from a security and architectural standpoint.

But I do have one question: How is it that on Proxmox 8 with Debian 12, Docker ran perfectly fine directly on the host — including GPU passthrough (both iGPU and NVIDIA)? Everything worked smoothly, no AppArmor issues, no IPC errors, and even complex Docker Compose setups ran without a hitch.

I get that the recommended approach is to run Docker inside a VM, but that comes with limitations: PCI passthrough via IOMMU can only be assigned to one VM, which means I lose the flexibility of sharing the GPU across multiple containers. On the other hand, when Docker runs directly on the host, I can easily share the GPU between containers — which is ideal for workloads like AI, transcoding, etc.

So yes, I understand the philosophy behind Proxmox VE, but from a practical standpoint, this feels like a step backward compared to what worked reliably before. Maybe it would be worth considering a “Docker-friendly mode” on the host — even if it’s limited or unofficial — just to preserve that flexibility for users who need it.
 
You must log in or register to reply here.
Top Bottom