--- sidebar_position: 4 --- > ## Documentation Index > Fetch the complete documentation index at: https://docs.lium.io/llms.txt > Use this file to discover all available pages before exploring further. # Sysbox [Sysbox](https://github.com/nestybox/sysbox) is a container runtime that lets customers run Docker-in-Docker securely inside pods — without `--privileged` mode. Many workloads (custom image builds, CI/CD pipelines, system-level tooling) require it. :::danger Sysbox is required Every validator probes every node for the `sysbox-runc` runtime. Nodes missing it are rejected — they earn **no emission and cannot be rented**. Sysbox is a hard requirement for every Lium node, not an optional optimization. Setup takes ~5 minutes. ::: ## Install The `lium-io` repo ships an installer that takes care of NVIDIA Container Toolkit + Sysbox in one go. From any Ubuntu host: ```bash curl -fsSL https://raw.githubusercontent.com/Datura-ai/lium-io/main/neurons/executor/nvidia_docker_sysbox_setup.sh | sudo bash ``` Or, if you already have the [`lium-io` repo](https://github.com/Datura-ai/lium-io) cloned locally: ```bash cd lium-io/neurons/executor chmod +x nvidia_docker_sysbox_setup.sh sudo ./nvidia_docker_sysbox_setup.sh ``` Confirm `/etc/docker/daemon.json` includes the sysbox runtime: ```json { "runtimes": { "sysbox-runc": { "path": "/usr/bin/sysbox-runc" } } } ``` Restart Docker: ```bash sudo systemctl restart docker ``` ## Verify Run the same command our validator uses: ```bash docker run --rm --runtime=sysbox-runc --gpus all daturaai/compute-subnet-executor:latest nvidia-smi ``` If you see `nvidia-smi` output — you're good. ## Docker ≥ 29.2.0: CDI compatibility fix Running **Docker 29.2.0 or later**? Sysbox + GPU will fail with a `permission denied` error: ``` OCI runtime create failed: ... failed to open OCI spec file: ... permission denied ``` This is because Docker 29.2.x [enables CDI (Container Device Interface) by default](https://docs.docker.com/reference/cli/dockerd/#disable-cdi-devices), routing `--gpus` through CDI — incompatible with sysbox's user namespace. Disable CDI by adding `"features": {"cdi": false}` to `/etc/docker/daemon.json`: ```json { "features": { "cdi": false } } ``` Restart Docker and re-run the verify command: ```bash sudo systemctl restart docker ``` This change is safe and reversible — remove the `features` block and restart Docker to re-enable CDI. ## Troubleshooting - **`sysbox-runc not found`** — the installer didn't finish. Re-run `nvidia_docker_sysbox_setup.sh` and check its output. - **GPU not visible inside the container** — confirm NVIDIA Container Toolkit is installed (`nvidia-container-cli --version`) and the Docker daemon was restarted after the install. - **Validator still reports Sysbox missing** — wait one validation cycle (~15 min) and re-check from the Provider Portal.