ubuntu_24.04 LTS安装docker desktop启动无窗口及引擎启动失败的解决方法
1. 安装docker desktop后启动无窗口
现象: 执行sudo apt install ./docker-desktop-4.29.0-amd64.deb成功安装docker desktop后,无论是在菜单里点击Docker Desktop图标还是执行systemctl --user start docker-desktop均没有窗口出现。
查看日志:在~/.docker/desktop/log/host/Docker Desktop.stderr.log 中有以下内容:
[2024-04-27T06:39:49.728616797Z] [22344:0427/143949.728566:FATAL:setuid_sandbox_host.cc(157)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /opt/docker-desktop/chrome-sandbox is owned by root and has mode 4755.
解决方法:执行
sudo chown root:root /opt/docker-desktop/chrome-sandbox
sudo chmod 4755 /opt/docker-desktop/chrome-sandbox
然后执行 systemctl --user restart docker-desktop,窗口出现,问题解决。
2. 启动出现 "An unexpected error occurred"或一直显示"Starting the Docker Engine..."
报错内容:
running engine: waiting for the VM setup to be ready: running filesharing: running virtiofsd for /home: Error entering sandbox:
DropSupplementalGroups(Os { code: 1, kind: PermissionDenied, message: "Operation not permitted" })
执行sudo dmesg出现以下等内容
[ 2329.792894] audit: type=1400 audit(1714467432.031:190): apparmor="DENIED" operation="capable" class="cap" profile="unprivileged_userns" pid=10057 comm="virtiofsd" capability=6 capname="setgid"
解决方法:
echo "==> Disabling Apparmor unprivileged userns mediation"
echo 0 > /proc/sys/kernel/apparmor_restrict_unprivileged_userns
echo "==> Disabling Apparmor unprivileged unconfined mediation"
echo 0 > /proc/sys/kernel/apparmor_restrict_unprivileged_unconfined
以root权限执行以上内容(方法来源: https://github.com/canonical/lxd/issues/12882#issuecomment-1941766215 )
该方法会带来一定的安全风险
这个问题应该与ubuntu 24.04 的 Unprivileged user namespace restrictions 有关,应该会修复