LXC Meets Docker? And Other Questions About Proxmox 9.1

Proxmox VE 9.1 just dropped, and as always, the update brought with it more than a version bump. If you've been following the chatter…

Mr.PlanB

~5 min read · November 20, 2025 (Updated: November 20, 2025) · Free: No

Proxmox VE 9.1 just dropped, and as always, the update brought with it more than a version bump. If you've been following the chatter online, there's excitement, hesitation, and a whole lot of curiosity — especially around one shiny new feature: creating LXC containers directly from OCI images. For the uninitiated, that's basically a way to pull Docker-like containers into the Proxmox world.

But that's just the tip of the iceberg. From TPM tweaks to better SDN reporting, there's a lot to unpack. So instead of dumping a changelog, we've rounded up the biggest questions being asked and answered them straight.

Let's dive into what you're really wondering about Proxmox 9.1.

Q: What's the big deal with LXC containers from OCI images? Is this Docker now?

Kind of. The new feature lets you spin up LXC containers using images from OCI registries — yes, like Docker Hub. But don't toss out your Docker setup just yet.

Right now, it's a tech preview, which means it's experimental and a bit rough around the edges. You can pull images and launch containers, but complex things like docker-compose, native volume management, or full network config aren't there yet. It's less "Docker on Proxmox" and more "Docker-adjacent with Proxmox flavor."

Still, it's a huge step. Many users were able to get things like Grafana, Nextcloud, or Nginx containers running without much hassle. Others ran into limitations — especially when containers needed more than just environment variables to configure or expected Docker's layered filesystem behavior.

In short? It's promising. If all goes well, this could reduce the need to run Docker inside an LXC or a full VM, giving you better resource efficiency without ditching Proxmox's control layer.

Q: Is this update stable? Should I upgrade now or wait?

The consensus? Mostly stable — with caveats.

People running version 9 already are reporting smooth sailing with the 9.1 upgrade, though there are some horror stories of BIOS settings, failed boots, and mysterious segfaults on specific setups. Most of those issues seem tied to underlying hardware quirks or users skipping steps like pve8to9 checks.

One user summed it up best: "I worked in IT long enough to know never to be the first nor the last to upgrade."

So, if you're on 8.x:

Yes, it's safe — if you follow the upgrade documentation to the letter.
No, if you're tired, under-caffeinated, and trying this at 11PM on production nodes.

Q: Wait, what's with the TPM changes?

Proxmox VE 9.1 adds support for TPM state in qcow2 format, which might sound niche, but matters for anyone running Windows VMs with secure boot or other modern security features.

This is especially relevant if you're snapshotting or migrating VMs that rely on TPM. In earlier versions, snapshots and backups didn't always play nice with TPM-enabled machines. Now, that data can be stored properly.

But warning: You can't create a snapshot of a running VM with TPM — at least not yet. You'll need to shut down the VM first.

Q: What else is actually new in 9.1?

Here are a few highlights you might care about:

New vCPU flags for fine-grained control of nested virtualization (a win for dev/test environments).
Enhanced SDN status reporting, especially if you're using Proxmox's software-defined networking features.
Improvements to the web UI, including better upgrade notifications and container handling.
Kernel updates, which improve compatibility and performance but can break older NFS client setups if you're not careful.

There's also better handling of /proc and /sys in nested container environments—fixing an issue that had been blocking certain Docker containers from running properly inside LXC.

Q: Does this fix the Docker-in-LXC AppArmor issue?

Yes — but it depends on your setup.

The infamous apparmor + runc combo that broke Docker in LXCs has been a recurring issue, especially for users running Debian 13. The 9.1 update lifts some AppArmor restrictions when nesting is enabled, which fixes the issue for unprivileged containers.

That said, this isn't a Proxmox bug. It's upstream from Docker/runc/AppArmor itself. Workarounds included downgrading runc, switching to Alpine, or just moving containers to VMs. With this update, many of those headaches go away—as long as you restart your containers after updating.

Q: Are VMs or LXCs better now for Docker?

The debate rages on.

Some say that running Docker in a full VM (especially on Alpine) gave them better performance than LXCs.
Others argue that should never be the case unless your LXC is misconfigured.

One user suggested that a cleaner environment, CPU pinning, and NUMA awareness made their Docker-on-VM setup snappier than Docker-in-LXC ever was.

The real takeaway? It depends on your workload. For quick-and-dirty web servers, LXC might still be fine. For anything needing heavy I/O, encryption, or tight kernel control — VMs still win.

Q: So is this a step toward replacing Docker entirely in Proxmox?

Maybe eventually. Right now, it's more of a side-step than a full replacement.

There's hope that in future versions we'll see better volume mapping, container orchestration (think mini docker-compose), and maybe even direct Docker API integration. But today, Proxmox's OCI feature is more like building a smarter bridge between its container engine and the modern container ecosystem.

Q: Anything else to watch out for in this release?

A few things:

NFS stability: Some users saw nodes hang under heavy NFS load with the new kernel. Others reported zero issues. If you rely heavily on NFS, proceed with caution or test first.
Boot priority glitches: A handful of folks found their BIOS boot priorities flipped post-upgrade.
No support for snapshotting running TPM-enabled Windows VMs yet. You'll still need to shut them down.

And as always, don't skip the pve8to9 validation script. It can catch old configs or leftover packages that might cause problems mid-upgrade.

Q: TL;DR — should I upgrade to 9.1?

If you're running Proxmox in a home lab or non-critical setup? Go for it.

The new features — especially OCI support — are worth checking out.

If you're managing production clusters? Test it first. Wait a week or two if you're not in a rush.

And if you're someone who gets a thrill from watching the world burn? Sure, upgrade live at midnight without reading the docs. Just don't say we didn't warn you.

Final Thoughts:

Proxmox VE 9.1 feels like a bridge — between where virtualization was and where it's headed. Docker-style LXC containers? TPM-aware snapshots? More granular SDN controls? These are forward-looking features that hint at a more integrated, container-friendly future.

But for now, that future is still in preview. If you're the kind of user who enjoys playing with new toys and doesn't mind a little trial and error, this release is a playground. If stability is king, give it a minute.

In the meantime, keep an eye on those OCI images. Proxmox isn't trying to be Docker — but it's definitely trying to speak the same language.

#lxc #docker