Fix: permission denied sur sysctl net.ipv4.ip_unprivileged_port_start (Docker / Proxmox LXC)

🧩 Fix: `permission denied` on `sysctl net.ipv4.ip_unprivileged_port_start` (Docker / Proxmox LXC)

🧠 Context

After recent updates to Ubuntu 24.04 and containerd, a security patch (related to CVE-2025-52881) prevents Docker or Pterodactyl Wings from accessing the sysctl parameter:

open sysctl net.ipv4.ip_unprivileged_port_start file: reopen fd 3: permission denied: unknown

This issue commonly occurs:

On Proxmox unprivileged LXC containers
With Docker or Pterodactyl Wings
On recent containerd versions (>= 1.7.29)

✅ Solution: downgrade to a stable `containerd` version

1. Check your current version

apt list containerd.io

If you are on 1.7.29 or newer → the bug is active.

2. Install the stable version

apt install containerd.io=1.7.28-1~ubuntu.24.04~noble

⚠️ This version is stable and compatible with Docker, Wings, and Proxmox LXC environments.

3. Prevent automatic updates

Stop apt upgrade from reinstalling the broken version:

apt-mark hold containerd.io

4. Restart services

systemctl restart containerd
systemctl restart docker
systemctl restart wings

🧪 Verification

Try reinstalling a server or launching a test container:

docker run --rm alpine echo "OK"

If the permission denied error no longer appears, the issue is resolved.

📦 Recommended Environment

Component

Recommended version

Ubuntu 24.04 LTS

Docker

27.5.1

containerd

1.7.28-1

runc

1.1.14

Proxmox

9.x (unprivileged LXC compatible)

📎 References

CVE: CVE-2025-52881
Upstream issue: containerd / runc permission denied on sysctl

🧱 Quick Summary

apt install containerd.io=1.7.28-1~ubuntu.24.04~noble -y
apt-mark hold containerd.io
systemctl restart containerd docker wings

Resolves the permission denied issue on net.ipv4.ip_unprivileged_port_start without breaking Docker.

PrécédentChanger son nom de serveur

Mis à jour il y a 29 jours

🧩 Fix: permission denied on sysctl net.ipv4.ip_unprivileged_port_start (Docker / Proxmox LXC)