Error running Docker on Drive OS 7.0.3 on Drive AGX Thor

DRIVE OS Version:
7.0.3

Issue Description: Provide issue description and attached logs as text message instead of images
I’m trying to run / build docker containers on a Drive AGX Thor

The docker service does not start up:

nvuser@tegra-ubuntu:\~$ systemctl status docker
× docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; preset: enabled)
Drop-In: /etc/systemd/system/docker.service.d
└─override.conf
Active: failed (Result: exit-code) since Mon 2026-04-13 09:58:26 UTC; 9min ago
Duration: 41min 54.947s
TriggeredBy: × docker.socket
Docs: https://docs.docker.com
Process: 55526 ExecStart=/usr/bin/dockerd --ip-forward=false -H fd:// --containerd=/run/containerd/containerd.sock (code=exited, status=1/FAILURE)
Main PID: 55526 (code=exited, status=1/FAILURE)
CPU: 97ms

Apr 13 09:58:26 tegra-ubuntu systemd\[1\]: docker.service: Scheduled restart job, restart counter is at 3.
Apr 13 09:58:26 tegra-ubuntu systemd\[1\]: docker.service: Start request repeated too quickly.
Apr 13 09:58:26 tegra-ubuntu systemd\[1\]: docker.service: Failed with result ‘exit-code’.
Apr 13 09:58:26 tegra-ubuntu systemd\[1\]: Failed to start docker.service - Docker Application Container Engine.

The logfile indicates a problem with setting up a network bridge:

 Subject: Automatic restarting of a unit has been scheduled
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ Automatic restarting of the unit docker.service has been scheduled, as the result for
░░ the configured Restart= setting for the unit.
Apr 13 09:58:24 tegra-ubuntu systemd[1]: Starting docker.service - Docker Application Container Engine...
░░ Subject: A start job for unit docker.service has begun execution
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ A start job for unit docker.service has begun execution.
░░ 
░░ The job identifier is 8854.
Apr 13 09:58:24 tegra-ubuntu dockerd[55526]: time="2026-04-13T09:58:24.082409591Z" level=info msg="Starting up"
Apr 13 09:58:24 tegra-ubuntu dockerd[55526]: time="2026-04-13T09:58:24.082910192Z" level=info msg="OTEL tracing is not configured, using no-op tracer provider"
Apr 13 09:58:24 tegra-ubuntu dockerd[55526]: time="2026-04-13T09:58:24.082999451Z" level=info msg="CDI directory does not exist, skipping: failed to monitor for changes: no such file or directory" dir=/etc/cdi
Apr 13 09:58:24 tegra-ubuntu dockerd[55526]: time="2026-04-13T09:58:24.083011367Z" level=info msg="CDI directory does not exist, skipping: failed to monitor for changes: no such file or directory" dir=/var/run/cdi
Apr 13 09:58:24 tegra-ubuntu dockerd[55526]: time="2026-04-13T09:58:24.083082904Z" level=info msg="detected 127.0.0.53 nameserver, assuming systemd-resolved, so using resolv.conf: /run/systemd/resolve/resolv.conf"
Apr 13 09:58:24 tegra-ubuntu dockerd[55526]: time="2026-04-13T09:58:24.091129808Z" level=info msg="Creating a containerd client" address=/run/containerd/containerd.sock timeout=1m0s
Apr 13 09:58:24 tegra-ubuntu dockerd[55526]: time="2026-04-13T09:58:24.094649974Z" level=info msg="Loading containers: start."
Apr 13 09:58:24 tegra-ubuntu dockerd[55526]: time="2026-04-13T09:58:24.221247388Z" level=info msg="[graphdriver] using prior storage driver: overlay2"
Apr 13 09:58:24 tegra-ubuntu dockerd[55526]: time="2026-04-13T09:58:24.223911269Z" level=info msg="Restoring containers: start."
Apr 13 09:58:24 tegra-ubuntu dockerd[55526]: time="2026-04-13T09:58:24.234773266Z" level=info msg="Deleting nftables IPv4 rules" error="exit status 1"
Apr 13 09:58:24 tegra-ubuntu dockerd[55526]: time="2026-04-13T09:58:24.238637885Z" level=info msg="Deleting nftables IPv6 rules" error="exit status 1"
Apr 13 09:58:24 tegra-ubuntu dockerd[55526]: time="2026-04-13T09:58:24.295277466Z" level=info msg="stopping event stream following graceful shutdown" error="<nil>" module=libcontainerd namespace=moby
Apr 13 09:58:24 tegra-ubuntu dockerd[55526]: failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to register "bridge" driver: failed to create NAT chain DOCKER: iptables failed: iptables --wait -t nat -N DOCKER: iptables v1.8.10 (nf_tables): Could not fetch rule set generation id: Invalid argument
Apr 13 09:58:24 tegra-ubuntu dockerd[55526]:  (exit status 4)
Apr 13 09:58:24 tegra-ubuntu systemd[1]: docker.service: Main process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ An ExecStart= process belonging to unit docker.service has exited.
░░ 
░░ The process' exit code is 'exited' and its exit status is 1.
Apr 13 09:58:24 tegra-ubuntu systemd[1]: docker.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ The unit docker.service has entered the 'failed' state with result 'exit-code'.
Apr 13 09:58:24 tegra-ubuntu systemd[1]: Failed to start docker.service - Docker Application Container Engine.
░░ Subject: A start job for unit docker.service has failed
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ A start job for unit docker.service has finished with a failure.
░░ 
░░ The job identifier is 8854 and the job result is failed.
Apr 13 09:58:26 tegra-ubuntu systemd[1]: docker.service: Scheduled restart job, restart counter is at 3.
░░ Subject: Automatic restarting of a unit has been scheduled
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ Automatic restarting of the unit docker.service has been scheduled, as the result for
░░ the configured Restart= setting for the unit.
Apr 13 09:58:26 tegra-ubuntu systemd[1]: docker.service: Start request repeated too quickly.
Apr 13 09:58:26 tegra-ubuntu systemd[1]: docker.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ The unit docker.service has entered the 'failed' state with result 'exit-code'.
Apr 13 09:58:26 tegra-ubuntu systemd[1]: Failed to start docker.service - Docker Application Container Engine.
░░ Subject: A start job for unit docker.service has failed
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ A start job for unit docker.service has finished with a failure.
░░ 
░░ The job identifier is 8956 and the job result is failed.

Any hints appreciated.

Dear @andreas.westhues ,
Did you try using host network using -net=host with privilege flag?
Could you check if the discussion at DriveOS 7.0.3 target docker fails to start helps?

Dear @SivaRamaKrishnaNV
thank you for your quick reply. Yes it seems that driveos-7-0-3-target-docker-fails-to-start describe the same issue.
However adding -net=host to each docker command is not a working solution for me. It would mean that I have to modify each build script that build containers.
For example I need to build a dev container for VS-Code but VS-Code does not give me the option to provide the network argument for the docker build command…
Is there any way to restore the normal docker behavior on Thor?
Kind regards,
Andreas

One little amendment (might be interesting for other users too):
In order to get docker daemon to start at all I first had to set the iptables to legacy versions:

nvuser@tegra-ubuntu:~$ sudo update-alternatives --config ip6tables
There are 2 choices for the alternative ip6tables (providing /usr/sbin/ip6tables).

  Selection    Path                        Priority   Status
------------------------------------------------------------
  0            /usr/sbin/ip6tables-nft      20        auto mode
* 1            /usr/sbin/ip6tables-legacy   10        manual mode
  2            /usr/sbin/ip6tables-nft      20        manual mode

Press <enter> to keep the current choice[*], or type selection number: 1
nvuser@tegra-ubuntu:~$ sudo update-alternatives --config iptables
There are 2 choices for the alternative iptables (providing /usr/sbin/iptables).

  Selection    Path                       Priority   Status
------------------------------------------------------------
  0            /usr/sbin/iptables-nft      20        auto mode
* 1            /usr/sbin/iptables-legacy   10        manual mode
  2            /usr/sbin/iptables-nft      20        manual mode

Press <enter> to keep the current choice[*], or type selection number: 1

Without this, docker daemon did not start at all (see error message in my initial post)

Could you please provide any update for this topic?

Does that mean docker run command is not working by default ?

Note that in DRIVE platform, the docker support on target is for limited use and experimentation only. So not all features expect to work on target.

Yes, without setting ip6tables to legacy mode, docker did not work at all.
In the meantime we upgraded DriveOS to 7.2.4. We are currently on hold with the works on the Thor system because we wait for out IT-Dept. to provide external network connection. I’ll keep you updated.