Ubuntu 24.04 Docker Desktop is not starting

Question

I installed Ubuntu 24.04 LTS, and tried to install Docker Desktop following the instructions from the official site, but in the end, the first docker command can not be used if you did not use it with sudo, and Docker Desktop is not starting at all.

score 54 · Answer 1 · answered Apr 29 '24 at 20:00

54

$ sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
$ systemctl --user restart docker-desktop

for a temporary workaround.

The issue is caused by a change introduced in Ubuntu 24.04

See the corresponding Docker Desktop bug report.

answered Apr 29 '24 at 20:00

Dmitry Spikhalsky

804

score 23 · Answer 2 · answered Jul 05 '24 at 16:38

Create a default_allow AppArmor profile

According to Ubuntu Blog it is possible to create an AppArmor profile file to create a default_allow profile mode for an application.

While this effectively allows the application to remain unconfined, it also adds a new “userns,” rule to allow it to use unprivileged user namespaces.

Thus I took the given /opt/google.chrome.chrome example and adopt to opt.docker-desktop.bin.com.docker.backend:

sudo nano /etc/apparmor.d/opt.docker-desktop.bin.com.docker.backend

Add the following content:

abi <abi/4.0>,
include <tunables/global>
/opt/docker-desktop/bin/com.docker.backend flags=(default_allow) {
  userns,
Site-specific additions and overrides. See local/README for details.
include if exists <local/opt.docker-desktop.bin.com.docker.backend>
}

Restart apparmor.service

sudo systemctl restart apparmor.service

et voila, you own Docker-Desktop on 24.04 LTS without throwing unprivileged user namespaces into the trough for everyone

Artur Meinild · Answer 3 · 2024-05-17T11:46:31.203

As indicated by the official Docker Documentation, Docker Desktop is not yet officially supported on Ubuntu 24.04.

Docker has a note in their documentation stating:

The latest Ubuntu 24.04 LTS is not yet supported. Docker Desktop will fail to start. Due to a change in how the latest Ubuntu release restricts the unprivileged namespaces, sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 needs to be run at least once. Refer to the Ubuntu Blog for more details.

One would assume that support would be introduced shortly after the release of a new LTS version, but since I have no idea how Docker conduct their business time will have to tell.

Wait until 24.04 is officially supported from Docker.

score -1 · Answer 4 · edited Jun 05 '24 at 05:10

I made a service to do it automatically on reboot.

https://gist.github.com/suman-somu/5ff041537516d1e84eb6f43e616d5627

Creating a new systemd service file:

sudo nano /etc/systemd/system/set-apparmor-restrict.service

Add the following content:

[Unit]
Description=Disable AppArmor Restriction on Unprivileged User Namespaces
[Service]
Type=oneshot
ExecStart=/sbin/sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
RemainAfterExit=true
[Install]
WantedBy=multi-user.target

Reload systemd and enable the service:

sudo systemctl daemon-reload
sudo systemctl enable set-apparmor-restrict.service

Start the service immediately (optional):

sudo systemctl start set-apparmor-restrict.service

For deleting the service:

Disable the service:

sudo systemctl disable set-apparmor-restrict.service

Remove the service file:

sudo rm /etc/systemd/system/set-apparmor-restrict.service

Reload systemd:

sudo systemctl daemon-reload

score -1 · Answer 5 · answered Jun 02 '24 at 19:34

If you can avoid Docker Desktop and use the normal version instead, your life will be easier!

sudo apt install docker.io
sudo usermod -aG docker $USER  # add current user to docker group
# sudo reboot (not strictly required, but avoids permissions woes)

Ubuntu 24.04 Docker Desktop is not starting

5 Answers5

Create a default_allow AppArmor profile

Site-specific additions and overrides. See local/README for details.

Creating a new systemd service file:

For deleting the service: