Docker daemon not accessible within Docker container ("Docker-in-Docker") on Bluefin DX

[bennothommo]

Describe the bug

On my Bluefin DX install, I use the Docker-in-Docker feature in a VSCode devcontainer for my development environment. I have noticed that in a recent Bluefin update, the Docker daemon is no longer accessible within this devcontainer, thus I'm unable to use the Docker setup inside my development environment.

The error message I get within the devcontainer whenever running any sort of Docker command (such as docker images) is:

Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

What did you expect to happen?

Normally, I am able to use Docker commands within the devcontainer without issue.

Output of bootc status

Current booted image: ghcr.io/ublue-os/bluefin-dx:41-20241120.2
    Image version: latest-41.20241120.2 (2024-11-20 21:37:16 UTC)
    Image digest: sha256:126ea0e28210bf22f6c38a1bfd178511d9bda84f5b3548e45b5098a24ae83af8
Current rollback image: ghcr.io/ublue-os/bluefin-dx:41-20241124.5
    Image version: latest-41.20241124.5 (2024-11-24 21:24:26 UTC)
    Image digest: sha256:d0dd42ec9d6f0d1f21ea6e13c588a71de5785f8fed671b6568f9ceb5b8c4c399

Output of groups

[my group] wheel incus-admin lxd docker libvirt

Extra information or context

I ruled out all other things I can think of beforehand:

• I've run ujust dx-group
• I've re-built my Devcontainers in VSCode
• I've deleted the Docker containers, images and volumes and started completely from scratch.
• I've requested an older version of Docker in the devcontainer config

The only thing that has worked so far is rolling back Bluefin. In this case, I was originally on ghcr.io/ublue-os/bluefin-dx:41-20241124.5 and it started working again when rolled back to ghcr.io/ublue-os/bluefin-dx:41-20241120.2, so I can only assume that perhaps some permission or configuration for Docker that's included in Bluefin DX within those 4 days is preventing it from being used inside a container context.

[jedrek18]

I'm experiencing the same issue on Bluefin DX 41.20241124.5, Docker daemon in my devcontainer fails to start . It looks like it has something to do with iptables. Here's /tmp/dockerd.log from the container:

time="2024-11-26T10:10:20.725669780+01:00" level=info msg="Loading containers: start."
time="2024-11-26T10:10:20.726856150+01:00" level=info msg="unable to detect if iptables supports xlock: 'iptables --wait -L -n': `iptables v1.8.10 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?)\nPerhaps iptables or your kernel needs to be upgraded.`" error="exit status 3"
time="2024-11-26T10:10:20.740279647+01:00" level=info msg="stopping event stream following graceful shutdown" error="<nil>" module=libcontainerd namespace=moby
time="2024-11-26T10:10:20.740425766+01:00" level=info msg="stopping healthcheck following graceful shutdown" module=libcontainerd
time="2024-11-26T10:10:20.740460562+01:00" level=info msg="stopping event stream following graceful shutdown" error="context canceled" module=libcontainerd namespace=plugins.moby
failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to register "bridge" driver: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.8.10 (legacy): can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

EDIT:
Latest working image is ghcr.io/ublue-os/bluefin-dx:41-20241122.2. /tmp/dockerlogd.log contents for comparison:

time="2024-11-26T11:13:46.292668929+01:00" level=info msg="Loading containers: start."
// removed some non-related lines
time="2024-11-26T11:13:47.154125570+01:00" level=info msg="loading plugin \"io.containerd.event.v1.publisher\"..." runtime=io.containerd.runc.v2 type=io.containerd.event.v1
time="2024-11-26T11:13:47.154186285+01:00" level=info msg="loading plugin \"io.containerd.internal.v1.shutdown\"..." runtime=io.containerd.runc.v2 type=io.containerd.internal.v1
time="2024-11-26T11:13:47.154197090+01:00" level=info msg="loading plugin \"io.containerd.ttrpc.v1.task\"..." runtime=io.containerd.runc.v2 type=io.containerd.ttrpc.v1
time="2024-11-26T11:13:47.154268705+01:00" level=info msg="loading plugin \"io.containerd.ttrpc.v1.pause\"..." runtime=io.containerd.runc.v2 type=io.containerd.ttrpc.v1
time="2024-11-26T11:13:47.193841085+01:00" level=info msg="loading plugin \"io.containerd.event.v1.publisher\"..." runtime=io.containerd.runc.v2 type=io.containerd.event.v1
time="2024-11-26T11:13:47.193883571+01:00" level=info msg="loading plugin \"io.containerd.internal.v1.shutdown\"..." runtime=io.containerd.runc.v2 type=io.containerd.internal.v1
time="2024-11-26T11:13:47.193889808+01:00" level=info msg="loading plugin \"io.containerd.ttrpc.v1.task\"..." runtime=io.containerd.runc.v2 type=io.containerd.ttrpc.v1
time="2024-11-26T11:13:47.193934263+01:00" level=info msg="loading plugin \"io.containerd.ttrpc.v1.pause\"..." runtime=io.containerd.runc.v2 type=io.containerd.ttrpc.v1
time="2024-11-26T11:13:47.194804696+01:00" level=info msg="No non-localhost DNS nameservers are left in resolv.conf. Using default external servers"
time="2024-11-26T11:13:47.252410852+01:00" level=info msg="loading plugin \"io.containerd.event.v1.publisher\"..." runtime=io.containerd.runc.v2 type=io.containerd.event.v1
time="2024-11-26T11:13:47.252803993+01:00" level=info msg="loading plugin \"io.containerd.internal.v1.shutdown\"..." runtime=io.containerd.runc.v2 type=io.containerd.internal.v1
time="2024-11-26T11:13:47.252818725+01:00" level=info msg="loading plugin \"io.containerd.ttrpc.v1.task\"..." runtime=io.containerd.runc.v2 type=io.containerd.ttrpc.v1
time="2024-11-26T11:13:47.252914553+01:00" level=info msg="loading plugin \"io.containerd.ttrpc.v1.pause\"..." runtime=io.containerd.runc.v2 type=io.containerd.ttrpc.v1
time="2024-11-26T11:13:47.336573677+01:00" level=info msg="loading plugin \"io.containerd.event.v1.publisher\"..." runtime=io.containerd.runc.v2 type=io.containerd.event.v1
time="2024-11-26T11:13:47.336625684+01:00" level=info msg="loading plugin \"io.containerd.internal.v1.shutdown\"..." runtime=io.containerd.runc.v2 type=io.containerd.internal.v1
time="2024-11-26T11:13:47.336632260+01:00" level=info msg="loading plugin \"io.containerd.ttrpc.v1.task\"..." runtime=io.containerd.runc.v2 type=io.containerd.ttrpc.v1
time="2024-11-26T11:13:47.336680019+01:00" level=info msg="loading plugin \"io.containerd.ttrpc.v1.pause\"..." runtime=io.containerd.runc.v2 type=io.containerd.ttrpc.v1
time="2024-11-26T11:13:47.450365886+01:00" level=info msg="Loading containers: done."
time="2024-11-26T11:13:47.456012562+01:00" level=warning msg="WARNING: bridge-nf-call-iptables is disabled"
time="2024-11-26T11:13:47.456026452+01:00" level=warning msg="WARNING: bridge-nf-call-ip6tables is disabled"
time="2024-11-26T11:13:47.456038997+01:00" level=info msg="Docker daemon" commit=41ca978 containerd-snapshotter=true storage-driver=overlayfs version=27.3.1
time="2024-11-26T11:13:47.456102342+01:00" level=info msg="Daemon has completed initialization"
time="2024-11-26T11:13:56.603513602+01:00" level=info msg="API listen on /var/run/docker.sock"