Following instruction from https://docs.docker.com/engine/security/rootless/.
-
Disable the system-wide service
sudo systemctl disable --now docker.service docker.socket
-
Check the status of the service
sudo systemctl status docker
This should look like this:
$ sudo systemctl status docker ● docker.service - Docker Application Container Engine Loaded: loaded (/lib/systemd/system/docker.service; disabled; vendor preset: enabled) Active: inactive (dead) TriggeredBy: ● docker.socket Docs: https://docs.docker.com -
Reboot the system
sudo reboot
The following packages are required for rootless Docker:
uidmapdbus-user-session
Check if they are already installed on your system.
$ dpkg -l | grep 'uidmap\|dbus-user-session'
ii dbus-user-session 1.12.16-2ubuntu2.3 amd64 simple interprocess messaging system (systemd --user integration)
ii uidmap 1:4.8.1-1ubuntu5.20.04.4 amd64 programs to help use subuidsInstall the previous mentioned packages if they are not already installed.
sudo apt-get update
sudo apt-get install -y uidmap dbus-user-session Required to login as a specific user to install and start rootless Docker.
sudo apt-get update
sudo apt-get install -y systemd-containerGPU support in Docker rootless mode requires some changes to the following configuration file: /etc/nvidia-container-runtime/config.toml
[nvidia-container-cli]
# ...
no-cgroups = true
# ...
[nvidia-container-runtime]
# ...
# debug = "~/.local/nvidia-container-runtime.log"
# ...The following instructions assume that Docker has been installed previously as system-wide service and the script dockerd-rootless-setuptool.sh is available on the system.
When using Docker rootless Docker has to get installed for each user on the system separately. Follow the instructions below for each user that needs Docker.
-
Define variable with the user name you like to install Docker (rootless mode)
other_user=<user name>
-
Login as user using
machinectland openbashsudo machinectl shell $other_user@ bash-
Install rootless docker
dockerd-rootless-setuptool.sh install
-
Append variables mentioned at the bottom of the output to
~/.bashrcfileecho """ export PATH=/usr/bin:\$PATH export DOCKER_HOST=unix:///run/user/$(id -u $USER)/docker.sock """ >> ~/.bashrc
-
Check if the appending the variables was successful using
tail --lines 3 ~/.bashrcShould look similar to this:
$ tail --lines 3 ~/.bashrc export PATH=/usr/bin:$PATH export DOCKER_HOST=unix:///run/user/<user id>/docker.sock
-
Making the previous added variable available from command line
source ~/.bashrc
-
Data-root directory can be changed before start if you want to store the Docker images on a different location.
-
Specify the variable
data_rootand create the directory if it does not already existdata_root=<specify alternate data-root directory> mkdir ${data_root}
-
Create file
~/.config/docker/daemon.jsonwith alternate data-root locationecho """{ \"data-root\":\"${data_root}\" }""" > ~/.config/docker/daemon.json
-
Check if the alternate data-root has been added to the file
cat ~/.config/docker/daemon.json
-
-
Start Docker (rootless mode) for user
systemctl --user start docker systemctl --user enable docker systemctl --user status dockerThe status should look similar to this, where the circle on the left should be green indicating the running service (
🟢 docker.service - ....$ systemctl --user status docker ● docker.service - Docker Application Container Engine (Rootless) Loaded: loaded (/home/sylvia/.config/systemd/user/docker.service; enabled; vendor preset: enabled) Active: active (running) since Sun 2023-03-05 15:50:01 CET; 30min ago Docs: https://docs.docker.com/go/rootless/ ... -
Check if alternate data-root gets applied, if defined previously
docker info
-
Exit bash and user logon using
machinectlexit exit
-
-
Enable Docker service startup on system startup for user
sudo loginctl enable-linger $other_user