Fix Docker API Version Error for CasaOS (App Not Loading)

dragonfire1119 · November 11, 2025, 8:39pm

Having trouble with CasaOS and Docker after an update? You’re not alone. This post covers new fixes—especially for LXC/Proxmox users—and includes a handy script to resolve recent Docker API and AppArmor permission errors.

Backup your data before running.

Common Errors

Some headaches you might see:

Error response from daemon: client version 1.43 is too old. Minimum supported API version is 1.44
OCI runtime create failed: runc create failed: unable to start container process: error during container init: open sysctl net.ipv4.ip_unprivileged_port_start file: reopen fd 8: permission denied
Docker permission issues, especially on overlay2 storage
NEW: CVE-2025-52881 AppArmor failures after updating containerd in LXC or Proxmox environments

Why This Happens

These errors occur after:

Docker is auto-upgraded to a new version (API 1.44+) but CasaOS still needs the older 1.43 API.
Overlay2 filesystem permissions become corrupted or runtime state isn’t clean.
AppArmor breaks containerd in LXC/Proxmox due to the CVE-2025-52881 security patch.

Special Note for LXC/Proxmox

If you run CasaOS or Docker inside LXC under Proxmox, you may now encounter:

failed to create shim task: OCI runtime create failed: runc create failed:
unable to start container process: error during container init:
open sysctl net.ipv4.ip_unprivileged_port_start file: reopen fd 8: permission denied

This is caused by the latest containerd updates conflicting with nested AppArmor.

References:

The All-in-One Fix Script

This script detects and corrects the most common issues on Debian/Ubuntu systems—including LXC/Proxmox quirks!

It:

Detects your OS and LXC environment
Downgrades Docker to 24.0.7 (API 1.43)
Downgrades containerd in LXC to 1.7.28-1 (pre-AppArmor breakage)
Cleans up Docker runtime, overlay2 permissions, stale state
Restarts both Docker and CasaOS safely
Holds Docker packages to prevent auto-updates
Removes standalone docker-compose; installs the plugin version

Run it here:

bash -c "$(wget -qLO - https://raw.githubusercontent.com/bigbeartechworld/big-bear-scripts/master/casaos-fix-docker-api-version/run.sh)"

If GitHub Isn’t Reachable (Domain Blocked)

Copy run.sh to your server.
Save as run.sh
Execute:

bash run.sh

After Running the Script

Check your Docker status:

docker version

Both client and server should now show a compatible API version (1.43).

Preventing Future Trouble

Packages are held! This stops apt from auto-upgrading and breaking CasaOS:

sudo apt-mark hold docker-ce docker-ce-cli containerd.io

Proxmox/LXC Tip: Do NOT upgrade containerd until AppArmor is fixed upstream. See:

GitHub Issue

If you need to unhold later:

sudo apt-mark unhold docker-ce docker-ce-cli containerd.io

Advanced: Alternative AppArmor Solutions (LXC/Proxmox)

If you don’t want to downgrade containerd, try these in /etc/pve/lxc/$CTID.conf:

Option 1: Disable AppArmor for Container

lxc.apparmor.profile: unconfined
lxc.mount.entry: /dev/null sys/module/apparmor/parameters/enabled none bind 0 0

Option 2: Wait for upstream fixes in Proxmox, containerd, or runc.

The script uses the downgrade method, which is safe and doesn’t require host changes.

Requirements

Debian/Ubuntu system
Sudo/root access
Internet connection
CasaOS (optional—the script works even if not installed)

Versions Used/Installed

Docker CE: 24.0.7
Docker API: 1.43 (CasaOS compatible)
containerd.io: 1.7.28-1 (LXC/Proxmox)
Should work with CasaOS latest version

Support This Work

If this script saved you time or fixed your setup, consider supporting more free tools and tutorials:

Support on Ko-fi

azarothis · November 11, 2025, 10:16pm

I think the script has a problem. I executed it with sudo but Docker remains in version 29.0.0

dragonfire1119 · November 11, 2025, 11:18pm

Hello, what is the output of the script any errors?

Axel_Leon · November 12, 2025, 12:14am

I ran the script, but I was still on version 29.0.0.
Right after running it, some containers stopped starting due to permission issues.

To resolve the Docker API problem, I downgraded using this procedure, but with the --reinstall option: https://github.com/IceWhaleTech/CasaOS/issues/2387#issuecomment-3514996581

For my Ubuntu version, this resulted in:
sudo apt-get install --reinstall docker-ce=5:28.5.2-1~ubuntu.25.04~plucky docker-ce-cli=5:28.5.2-1~ubuntu.25.04~plucky

However, I’m still having permission problems since running the script and I don’t know how to fix them yet

dragonfire1119 · November 12, 2025, 12:36am

Do you have any logs or the permission error? Also have you tried the script again since 1.1.0?

Axel_Leon · November 12, 2025, 9:10am

After checking, I ran the script in version 1. I never ran it in version 1.1.0.

I have no errors in the Docker logs; however, in the containers that no longer start, I have:

big-bear-owncloud-db:

[ERROR] mariadbd: Can't create/write to file '/tmp/ibpZGu5k' (Errcode: 13 "Permission denied")
/usr/local/bin/docker-entrypoint.sh: line 138: cannot create temp file for here-document: Permission denied

n8n:

Error: EACCES: permission denied, mkdir '/home/node/.cache'

jdownloader2:

APP_NAME: /etc/cont-env.d/APP_NAME: line 1: JDownloader: not found

paperless-tika:

org.apache.tika.server.core.TikaServerCli Can't start: java.util.concurrent.ExecutionException: java.nio.file.AccessDeniedException: /tmp/apache-tika-server-forked-tmp-13142266320983578138

paperless-webserver:

FileNotFoundError: [Errno 2] No usable temporary directory found in ['/tmp', '/var/tmp', '/usr/tmp', '/usr/src/paperless/src']

The permissions permission of var/lib/docker:

drwx--x---  12 root root  4096 nov.  12 00:57 .
drwxr-xr-x  77 root root  4096 oct.  21 08:33 ..
drwx--x--x   3 root root  4096 mai   27 12:39 buildkit
drwx--x---  38 root root  4096 nov.  12 01:23 containers
-rw-------   1 root root    36 mai   27 12:39 engine-id
drwxr-xr-x   3 root root  4096 mai   27 12:39 image
drwxr-x---   3 root root  4096 mai   27 12:39 network
drwx--x--- 500 root root 65536 nov.  12 01:23 overlay2
drwx------   3 root root  4096 mai   27 12:39 plugins
drwx------   2 root root  4096 nov.  12 00:57 runtimes
drwx------   2 root root  4096 mai   27 12:39 swarm
drwx------   3 root root  4096 nov.  12 00:57 tmp
drwx-----x  52 root root  4096 nov.  12 00:57 volumes

I found this script which has a function called fix_docker_permissions, which sets the permissions of /var/lib/docker and /var/lib/docker/tmp to 755 : casaos-toolkit

But I’d appreciate your opinion before I start running any scripts.

Edit:
I finally realized that the best solution was to recreate the problematic containers.
That’s fixed.

R.Fischer · November 13, 2025, 4:57pm

I’m stuck. My runnig System got a update and crashed. After some efforts to fix it i ended up installing the whole thing from scratch. I installed Ubuntu server 24.04.2, witch i used bach in March. Everything looks fine. Next installed casaos and ended up with Docker version 29.0.0. Then I tried to downgrad as recommended, didn’t work. Still Docker 29.0.0

So now what can I do to get casaos running again.

Never mind. I got it working

VERSION_STRING=5:28.3.2-1~ubuntu.24.04~noble
sudo apt-get install docker-ce=$VERSION_STRING docker-ce-cli=$VERSION_STRING containerd.io docker-buildx-plugin docker-compose-plugin

did the trick- Now casaos starts the gui and i can install all the app from scratch.