CentOS 8 运行 Docker in Docker 失败，如何解决？

最小化安装系统，使用 https://download.docker.com/linux/centos/docker-ce.repo 安装了 docker-ce docker-ce-cli containerd.io ，关闭了 firewalld 、selinux ，重启了 docker：

docker run --privileged -d --name dind-test docker:dind 

日志如下：

 Generating RSA private key, 4096 bit long modulus (2 primes) ..............................................................................................++++ ...............................................................................................................................................................................................................................................................................................................++++ e is 65537 (0x010001) Generating RSA private key, 4096 bit long modulus (2 primes) .....................................................................................................................................................++++ ....................................................++++ e is 65537 (0x010001) Signature ok subject=CN = docker:dind server Getting CA Private Key /certs/server/cert.pem: OK Generating RSA private key, 4096 bit long modulus (2 primes) ..............................................................................................................................................................................................................................................................................................................................................................++++ ................................++++ e is 65537 (0x010001) Signature ok subject=CN = docker:dind client Getting CA Private Key /certs/client/cert.pem: OK time="2022-02-24T07:23:34.760594256Z" level=info msg="Starting up" time="2022-02-24T07:23:34.763695780Z" level=warning msg="could not change group /var/run/docker.sock to docker: group docker not found" time="2022-02-24T07:23:34.765710334Z" level=info msg="libcontainerd: started new containerd process" pid=79 time="2022-02-24T07:23:34.765786276Z" level=info msg="parsed scheme: \"unix\"" module=grpc time="2022-02-24T07:23:34.765809168Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc time="2022-02-24T07:23:34.765974707Z" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock <nil> 0 <nil>}] <nil> <nil>}" module=grpc time="2022-02-24T07:23:34.766035328Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc time="2022-02-24T07:23:34.790274621Z" level=info msg="starting containerd" revision=7b11cfaabd73bb80907dd23182b9347b4245eb5d version=v1.4.12 time="2022-02-24T07:23:34.828556147Z" level=info msg="loading plugin \"io.containerd.content.v1.content\"..." type=io.containerd.content.v1 time="2022-02-24T07:23:34.828841242Z" level=info msg="loading plugin \"io.containerd.snapshotter.v1.aufs\"..." type=io.containerd.snapshotter.v1 time="2022-02-24T07:23:34.839186454Z" level=info msg="skip loading plugin \"io.containerd.snapshotter.v1.aufs\"..." error="aufs is not supported (modprobe aufs failed: exit status 1 \"ip: can't find device 'aufs'\\nmodprobe: can't change directory to '/lib/modules': No such file or directory\\n\"): skip plugin" type=io.containerd.snapshotter.v1 time="2022-02-24T07:23:34.839455354Z" level=info msg="loading plugin \"io.containerd.snapshotter.v1.btrfs\"..." type=io.containerd.snapshotter.v1 time="2022-02-24T07:23:34.840184092Z" level=info msg="skip loading plugin \"io.containerd.snapshotter.v1.btrfs\"..." error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.btrfs (xfs) must be a btrfs filesystem to be used with the btrfs snapshotter: skip plugin" type=io.containerd.snapshotter.v1 time="2022-02-24T07:23:34.840249560Z" level=info msg="loading plugin \"io.containerd.snapshotter.v1.devmapper\"..." type=io.containerd.snapshotter.v1 time="2022-02-24T07:23:34.840343274Z" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.devmapper" error="devmapper not configured" time="2022-02-24T07:23:34.840391034Z" level=info msg="loading plugin \"io.containerd.snapshotter.v1.native\"..." type=io.containerd.snapshotter.v1 time="2022-02-24T07:23:34.840589611Z" level=info msg="loading plugin \"io.containerd.snapshotter.v1.overlayfs\"..." type=io.containerd.snapshotter.v1 time="2022-02-24T07:23:34.841204096Z" level=info msg="loading plugin \"io.containerd.snapshotter.v1.zfs\"..." type=io.containerd.snapshotter.v1 time="2022-02-24T07:23:34.841575997Z" level=info msg="skip loading plugin \"io.containerd.snapshotter.v1.zfs\"..." error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.zfs must be a zfs filesystem to be used with the zfs snapshotter: skip plugin" type=io.containerd.snapshotter.v1 time="2022-02-24T07:23:34.841690890Z" level=info msg="loading plugin \"io.containerd.metadata.v1.bolt\"..." type=io.contanerd.metadata.v1 time="2022-02-24T07:23:34.841778714Z" level=warning msg="could not use snapshotter devmapper in metadata plugin" error="devmapper not configured" time="2022-02-24T07:23:34.841815889Z" level=info msg="metadata content store policy set" policy=shared time="2022-02-24T07:23:34.890892709Z" level=info msg="loading plugin \"io.containerd.differ.v1.walking\"..." type=io.containerd.differ.v1 time="2022-02-24T07:23:34.891002672Z" level=info msg="loading plugin \"io.containerd.gc.v1.scheduler\"..." type=io.containerd.gc.v1 time="2022-02-24T07:23:34.891149173Z" level=info msg="loading plugin \"io.containerd.service.v1.introspection-service\"..." type=io.containerd.service.v1 time="2022-02-24T07:23:34.891285080Z" level=info msg="loading plugin \"io.containerd.service.v1.containers-service\"..." type=io.containerd.service.v1 time="2022-02-24T07:23:34.891337250Z" level=info msg="loading plugin \"io.containerd.service.v1.content-service\"..." type=io.containerd.service.v1 time="2022-02-24T07:23:34.891381619Z" level=info msg="loading plugin \"io.containerd.service.v1.diff-service\"..." type=io.containerd.service.v1 time="2022-02-24T07:23:34.891426999Z" level=info msg="loading plugin \"io.containerd.service.v1.images-service\"..." type=io.containerd.service.v1 time="2022-02-24T07:23:34.891476952Z" level=info msg="loading plugin \"io.containerd.service.v1.leases-service\"..." type=io.containerd.service.v1 time="2022-02-24T07:23:34.891551223Z" level=info msg="loading plugin \"io.containerd.service.v1.namespaces-service\"..." type=io.containerd.service.v1 time="2022-02-24T07:23:34.891624866Z" level=info msg="loading plugin \"io.containerd.service.v1.snapshots-service\"..." type=io.containerd.service.v1 time="2022-02-24T07:23:34.891677202Z" level=info msg="loading plugin \"io.containerd.runtime.v1.linux\"..." type=io.containerd.runtime.v1 time="2022-02-24T07:23:34.892160041Z" level=info msg="loading plugin \"io.containerd.runtime.v2.task\"..." type=io.containerd.runtime.v2 time="2022-02-24T07:23:34.892678088Z" level=info msg="loading plugin \"io.containerd.monitor.v1.cgroups\"..." type=io.containerd.monitor.v1 time="2022-02-24T07:23:34.893531281Z" level=info msg="loading plugin \"io.containerd.service.v1.tasks-service\"..." type=io.containerd.service.v1 time="2022-02-24T07:23:34.893697433Z" level=info msg="loading plugin \"io.containerd.internal.v1.restart\"..." type=io.containerd.internal.v1 time="2022-02-24T07:23:34.893824075Z" level=info msg="loading plugin \"io.containerd.grpc.v1.containers\"..." type=io.containerd.grpc.v1 time="2022-02-24T07:23:34.893955169Z" level=info msg="loading plugin \"io.containerd.grpc.v1.content\"..." type=io.containerd.grpc.v1 time="2022-02-24T07:23:34.893986203Z" level=info msg="loading plugin \"io.containerd.grpc.v1.diff\"..." type=io.containerd.grpc.v1 time="2022-02-24T07:23:34.894035779Z" level=info msg="loading plugin \"io.containerd.grpc.v1.events\"..." type=io.containerd.grpc.v1 time="2022-02-24T07:23:34.894124767Z" level=info msg="loading plugin \"io.containerd.grpc.v1.healthcheck\"..." type=io.containerd.grpc.v1 time="2022-02-24T07:23:34.894208021Z" level=info msg="loading plugin \"io.containerd.grpc.v1.images\"..." type=io.containerd.grpc.v1 time="2022-02-24T07:23:34.894267863Z" level=info msg="loading plugin \"io.containerd.grpc.v1.leases\"..." type=io.containerd.grpc.v1 time="2022-02-24T07:23:34.894323113Z" level=info msg="loading plugin \"io.containerd.grpc.v1.namespaces\"..." type=io.containerd.grpc.v1 time="2022-02-24T07:23:34.894377043Z" level=info msg="loading plugin \"io.containerd.internal.v1.opt\"..." type=io.containerd.internal.v1 time="2022-02-24T07:23:34.894828889Z" level=info msg="loading plugin \"io.containerd.grpc.v1.snapshots\"..." type=io.containerd.grpc.v1 time="2022-02-24T07:23:34.894887081Z" level=info msg="loading plugin \"io.containerd.grpc.v1.tasks\"..." type=io.containerd.grpc.v1 time="2022-02-24T07:23:34.894949989Z" level=info msg="loading plugin \"io.containerd.grpc.v1.version\"..." type=io.containerd.grpc.v1 time="2022-02-24T07:23:34.894996324Z" level=info msg="loading plugin \"io.containerd.grpc.v1.introspection\"..." type=io.containerd.grpc.v1 time="2022-02-24T07:23:34.895529028Z" level=info msg=serving... address=/var/run/docker/containerd/containerd-debug.sock time="2022-02-24T07:23:34.895804150Z" level=info msg=serving... address=/var/run/docker/containerd/containerd.sock.ttrpc time="2022-02-24T07:23:34.896113274Z" level=info msg=serving... address=/var/run/docker/containerd/containerd.sock time="2022-02-24T07:23:34.896170862Z" level=info msg="containerd successfully booted in 0.112697s" time="2022-02-24T07:23:34.907970487Z" level=info msg="parsed scheme: \"unix\"" module=grpc time="2022-02-24T07:23:34.908043720Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc time="2022-02-24T07:23:34.908129918Z" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock <nil> 0 <nil>}] <nil> <nil>}" module=grpc time="2022-02-24T07:23:34.908168076Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc time="2022-02-24T07:23:34.911090189Z" level=info msg="parsed scheme: \"unix\"" module=grpc time="2022-02-24T07:23:34.911135671Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc time="2022-02-24T07:23:34.911176202Z" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock <nil> 0 <nil>}] <nil> <nil>}" module=grpc time="2022-02-24T07:23:34.911213930Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc time="2022-02-24T07:23:35.083473908Z" level=warning msg="Your kernel does not support cgroup blkio weight" time="2022-02-24T07:23:35.083515595Z" level=warning msg="Your kernel does not support cgroup blkio weight_device" time="2022-02-24T07:23:35.084239564Z" level=info msg="Loading containers: start." time="2022-02-24T07:23:35.101032861Z" level=warning msg="Running modprobe bridge br_netfilter failed with message: ip: can't find device 'bridge'\nbridge 204800 1 br_netfilter\nstp 16384 1 bridge\nllc 16384 2 bridge,stp\nip: can't find device 'br_netfilter'\nbr_netfilter 24576 0 \nbridge 204800 1 br_netfilter\nmodprobe: can't change directory to '/lib/modules': No such file or directory\n, error: exit status 1" time="2022-02-24T07:23:35.103391649Z" level=warning msg="Running iptables --wait -t nat -L -n failed with message: `modprobe: can't change directory to '/lib/modules': No such file or directory\niptables v1.8.7 (legacy): can't initialize iptables table `nat': Table does not exist (do you need to insmod?)\nPerhaps iptables or your kernel needs to be upgraded.`, error: exit status 3" time="2022-02-24T07:23:35.151747586Z" level=info msg="stopping event stream following graceful shutdown" error="<nil>" module=libcontainerd namespace=moby time="2022-02-24T07:23:35.152208810Z" level=info msg="stopping event stream following graceful shutdown" error="context canceled" module=libcontainerd namespace=plugins.moby time="2022-02-24T07:23:35.152217865Z" level=info msg="stopping healthcheck following graceful shutdown" module=libcontainerd time="2022-02-24T07:23:36.153093848Z" level=warning msg="grpc: addrConn.createTransport failed to connect to {unix:///var/run/docker/containerd/containerd.sock <nil> 0 <nil>}. Err :connection error: desc = \"transport: Error while dialing dial unix:///var/run/docker/containerd/containerd.sock: timeout\". Reconnecting..." module=grpc failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: modprobe: can't change directory to '/lib/modules': No such file or directory iptables v1.8.7 (legacy): can't initialize iptables table `nat': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. (exit status 3) 

在 CentOS 7 上没有问题，有朋友知道怎么解决吗？