Docker Desktop: Difference between revisions
Created page with "(Intro needed about Docker Desktop) == Docker Desktop not working on Ubuntu 24.04 == Docker Desktop apparently has a problem running on Ubuntu 24.04 (and Kubuntu 24.04) You can tell because when you launch Docker Desktop, nothing happens (the dockerd daemon does not start, and the GUI does not appear). You can also tell because if you try to do anything from the command line (e.g. <code>docker run hello-world</code>), or otherwise involve Docker, you will get the..." |
Add solution |
||
| Line 2: | Line 2: | ||
== Docker Desktop not working on Ubuntu 24.04 == | == Docker Desktop not working on Ubuntu 24.04 == | ||
Docker Desktop apparently has a problem running on Ubuntu 24.04 (and Kubuntu 24.04) | Docker Desktop apparently has a problem running on Ubuntu 24.04 (and Kubuntu 24.04). If you encounter this issue, it is most likely (99.9%?) because Ubuntu made security configuration changes in 2023 for AppArmor. We'll get to the "why" this problem exists in a bit when we cover how to fix it. First, let's focus on identifying the problem. | ||
You can tell because when you launch Docker Desktop, nothing happens | You can tell you have a problem because when you launch Docker Desktop, nothing happens. The dockerd daemon does not start, and the GUI does not appear. | ||
You can also tell because if you try to do anything from the command line (e.g. <code>docker run hello-world</code>), or otherwise involve Docker, you will get the familiar 'Is the docker daemon running?' error output. | You can also tell because if you try to do anything from the command line (e.g. <code>docker run hello-world</code>), or otherwise involve Docker, you will get the familiar 'Is the docker daemon running?' error output. | ||
=== Docker diagnose === | |||
You can get a more accurate picture of your system status with | You can get a more accurate picture of your system status with | ||
| Line 102: | Line 103: | ||
</poem> | </poem> | ||
== Fix Docker Desktop on Ubuntu == | |||
Confine the Docker Desktop application with its own AppArmor profile<ref>https://askubuntu.com/questions/1511725/ubuntu-24-04-docker-desktop-is-not-starting/1519662#1519662:~:text=Create%20a%20default_allow%20AppArmor%20profile</ref>: | |||
Edit (create) <code>/etc/apparmor.d/opt.docker-desktop.bin.com.docker.backend</code> | |||
with contents<pre> | |||
abi <abi/4.0>, | |||
include <tunables/global> | |||
/opt/docker-desktop/bin/com.docker.backend flags=(default_allow) { | |||
userns, | |||
# Site-specific additions and overrides. See local/README for details. | |||
include if exists <local/opt.docker-desktop.bin.com.docker.backend> | |||
} | |||
</pre>Restart the AppArmor service | |||
<code>sudo systemctl restart apparmor.service</code> | |||
You should now be able to run Docker Desktop, and run the diagnose command, and it will continue to work after rebooting too. Going forward, I suppose the AppArmor profile for Docker Desktop will be included in the distribution so that users will not need to do anything. | |||
=== Why does this problem exist? === | |||
'''[https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces Unprivileged User namespace restrictions]''' were [https://discourse.ubuntu.com/t/ubuntu-24-04-lts-noble-numbat-release-notes/39890#p-99950-unprivileged-user-namespace-restrictions introduced in Ubuntu 24.04] because the developers (and Canonical) want to take a "security by default" posture. | |||
A lot of people on the internet will tell you the solution is to turn off the security feature. That is the wrong approach. That approach is reminiscent of the people who disable RedHat's SELinux (Security Enhanced Linux) because it's too hard to learn to use the security features or simply do not care about operating a secure system. | |||
{{References}} | |||
[[Category:Virtualization]] | [[Category:Virtualization]] | ||
[[Category:DevOps]] | [[Category:DevOps]] | ||
[[Category:Kubernetes]] | [[Category:Kubernetes]] | ||