runtipi not starting: Error response from daemon
Hi I'm running runtipi now for several month on a promox lxc container without trouble. But after the backup this saturday, runtipi can't start anymore:
CLI=================================================================================
Welcome to Ubuntu 24.04.3 LTS (GNU/Linux 6.8.12-9-pve x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/pro
root@runtipi:~# cd runtipi
root@runtipi:~/runtipi# ./runtipi-cli start
✓ User permissions are ok
✓ Copied system files
✓ Generated .env file
✓ File permissions ok
✓ Images pulled
✓ Existing containers stopped
✗ Failed to start containers
Debug: Container runtipi-queue Creating
Container runtipi-db Creating
Container runtipi-db Created
Container runtipi-queue Created
Container runtipi Creating
Container runtipi Created
Container runtipi-reverse-proxy Creating
Container runtipi-reverse-proxy Created
Container runtipi-db Starting
Container runtipi-queue Starting
Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: open sysctl net.ipv4.ip_unprivileged_port_start file: reopen fd 8: permission denied: unknown
error.log========================================================================
2025-11-04T16:00:06.685Z - error > <--->An error occurred: Request timed out
2025-11-05T04:45:09.105Z - error > <--->An error occurred: Request timed out
2025-11-05T21:30:06.929Z - error > <--->An error occurred: Request timed out
2025-11-07T04:45:07.112Z - error > <--->An error occurred: Request timed out
============================================================================================
Somebody had a tip for me?
Kind regards
Daniel
Ubuntu
Ubuntu Pro | Ubuntu
Canonical provides Ubuntu Pro with 10 years of enhanced CVE patching, FIPS compliance, CIS and DISA-STIG profiles and enterprise-grade open source software security with a single subscription for open source supply chain provenance.
3 Replies
Hello @Daniel,
This is a recent issue with nested containers inside LXC, you should find all the informations needed here :
https://github.com/opencontainers/runc/issues/4968
GitHub
CVE-2025-52881: fd reopening causes issues with AppArmor profiles (...
TL; DR This is caused by a design flaw in AppArmor when running runc (or Docker/Podman/containerd) inside a nested container that has an AppArmor profile applied (the very short explanation is that...
Thanks for the hint.
ok, the section about proxmox has helped to temporary fix the error. Thanks.