ubuntu_24.04 LTS安裝docker desktop啟動無視窗及引擎啟動失敗的解決方法
1. 安裝docker desktop後啟動無視窗
現象: 執行sudo apt install ./docker-desktop-4.29.0-amd64.deb成功安裝docker desktop後,無論是在選單裡點選Docker Desktop圖示還是執行systemctl --user start docker-desktop均沒有視窗出現。
檢視日誌:在~/.docker/desktop/log/host/Docker Desktop.stderr.log 中有以下內容:
[2024-04-27T06:39:49.728616797Z] [22344:0427/143949.728566:FATAL:setuid_sandbox_host.cc(157)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /opt/docker-desktop/chrome-sandbox is owned by root and has mode 4755.
解決方法:執行
sudo chown root:root /opt/docker-desktop/chrome-sandbox
sudo chmod 4755 /opt/docker-desktop/chrome-sandbox
然後執行 systemctl --user restart docker-desktop,視窗出現,問題解決。
2. 啟動出現 "An unexpected error occurred"或一直顯示"Starting the Docker Engine..."
報錯內容:
running engine: waiting for the VM setup to be ready: running filesharing: running virtiofsd for /home: Error entering sandbox:
DropSupplementalGroups(Os { code: 1, kind: PermissionDenied, message: "Operation not permitted" })
執行sudo dmesg出現以下等內容
[ 2329.792894] audit: type=1400 audit(1714467432.031:190): apparmor="DENIED" operation="capable" class="cap" profile="unprivileged_userns" pid=10057 comm="virtiofsd" capability=6 capname="setgid"
解決方法:
echo "==> Disabling Apparmor unprivileged userns mediation"
echo 0 > /proc/sys/kernel/apparmor_restrict_unprivileged_userns
echo "==> Disabling Apparmor unprivileged unconfined mediation"
echo 0 > /proc/sys/kernel/apparmor_restrict_unprivileged_unconfined
以root許可權執行以上內容(方法來源: https://github.com/canonical/lxd/issues/12882#issuecomment-1941766215 )
該方法會帶來一定的安全風險
這個問題應該與ubuntu 24.04 的 Unprivileged user namespace restrictions 有關,應該會修復