Home / FAQ / Can You Run Docker in an LXD Container?

Can You Run Docker in an LXD Container?

Learn how to configure an LXD container to support nested virtualization, allowing you to successfully run Docker inside for an isolated development environment.

Yes, and It's Highly Recommended

Yes, you can absolutely run Docker inside an LXD container. This is a powerful and popular use case that combines LXD's strong system-level isolation with Docker's application packaging benefits.

This approach allows you to create a secure, isolated, and resource-controlled "sandbox" where you can use Docker freely without worrying about affecting the host system or other projects.

Why Would You Do This?

Running Docker inside LXD provides several key advantages:

  • Enhanced Security: The entire Docker environment (including the Docker daemon and all its containers) is confined within LXD's security boundary. Even if a vulnerability is found in Docker, it cannot break out of the LXD isolation layer to affect the host.
  • Environment Isolation & Portability: You can create a separate LXD container for each project, containing a specific version of Docker and all related applications. This entire environment can be snapshotted, migrated, or replicated, greatly simplifying management.
  • Fine-Grained Resource Control: You can use LXD's resource-limiting features (CPU, memory, disk, network) to precisely allocate resources to each Docker environment, preventing projects from interfering with each other.
  • Keeping the Host Clean: There's no need to install Docker on your main system, keeping the host environment minimal and tidy.

How-To Guide: Configuration in Three Steps

Running Docker in an LXD container is very straightforward and requires just one key configuration setting.

Step 1: Create an LXD Container with Nesting Enabled

We need to tell LXD that this container will be used to run nested virtualization technologies (like Docker). This is done by setting the security.nesting=true flag.

lxc launch ubuntu:22.04 docker-host -c security.nesting=true

This command will:

  • lxc launch ubuntu:22.04: Create and start a container based on the Ubuntu 22.04 image.
  • docker-host: Name the new container "docker-host".
  • -c security.nesting=true: (The crucial step) Set the configuration key that allows nested technologies like Docker to run inside the container.

Step 2: Enter the Container and Install Docker

Once the container is created, we enter its shell and install Docker just as we would on a regular system.

# Get a shell inside the container
lxc exec docker-host -- bash

# Inside the container, download and run the official Docker install script
curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh

Step 3: Verify That Docker is Working

After the installation is complete, run the classic "hello-world" image from inside the container to verify that everything is working correctly.

# Run this inside the docker-host container
docker run hello-world

If you see the welcome message from Docker, congratulations! You have successfully set up a fully functional Docker environment inside an LXD container.

Conclusion: LXD + Docker = The Best of Both Worlds

LXD and Docker are not competitors; they are excellent tools that solve problems at different levels. Using them together gives you the VM-level security and isolation of LXD combined with the application-level agility and packaging of Docker, making it an ideal choice for modern development and operations.