1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

name: docker
description: Enable Docker-in-container — Incus security keys plus a systemd drop-in that masks /sys/kernel/security for dockerd. After attaching, install docker.io inside the container.
config:
  security.nesting: "true"
  security.syscalls.intercept.mknod: "true"
  security.syscalls.intercept.setxattr: "true"
devices:
  docker-mask-apparmor:
    type: disk
    source: /usr/local/share/repoman/recipes/docker/mask-apparmor.conf
    path: /etc/systemd/system/docker.service.d/mask-apparmor.conf
    readonly: "true"
    shift: "true"