Docker

  • Ubuntu 22.04 LTSVersion 20.10.21 (Universe)
  • Ubuntu 24.04 LTSVersion 24.0.7 (Universe)
  • Ubuntu 24.10Version 26.1.3 (Universe)
Logo für Docker von Dotcloud, Apache-Lizenz 2.0

Docker is the hottest shit in virtualization, a quasi-standard for application containers isolated from each other. The larger the machine parks to be managed, the more worthwhile it is to set them up and “orchestrate” them.

But Docker can also be worthwhile on a smaller scale: complex applications that would normally require a server admin to install and configure numerous packages can be “deployed” – installed, started, stopped, restored to a previous state or deleted – with just a few commands.

The version control system Git is used for downloading and synchronizing the image files.

Installation

Installation via the Ubuntu package sources is possible:

sudo apt-get install docker.io

Allthough Ubuntu LTS receives updates of the Docker package, it is worthwhile to get fresh packages immediately from Docker’s own repository. Their docker package is called docker-ce (“ce” like Community Edition), not docker.io.

sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
sudo  tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update
sudo apt install docker-ce

Easier, but not secure, is it to pull the latest version via the setup script from get.docker.com:

wget -qO- https://get.docker.com/ | sh

Running docker as root and rootless

Docker requires root rights to run the Docker daemon and all containers. This inevitably creates a security problem. If you do not run Docker as root or via sudo, but add your own user to the docker group, this gives your user root-like rights, which does not mitgate the problem.

The Docker developers are aware of this problem and have created a remedy with Docker Rootless. This often works, as long as containers do not require root rights.

To configure a Docker CE setup so that Docker is executed in an unprivileged namespace, install the following package, which performs the actions of the rootless script and also configures an App Armor profile to allow unprivileged processes to create user namespaces:

sudo apt install docker-ce-rootless-extras

Alternatives

Redhat has released Podman, a partially compatible alternative to Docker that does not require root rights by default.