Docker has become one of the most popular tool in the recent years. This is because it allows developer to deploy their application to any machine with the same setup. Think of it like running a Java program on any machine with JVM installed. Due to the popularity, it is also important for us to secure the docker containers. One of the features that was released by the Docker team was the rootless mode which disables the root access from docker container.<\/p>\n
In this tutorial, I will be going through how to setup docker rootless mode in the proper way on Debian.<\/p>\n
Let's create a docker user before we start<\/p>\n
sudo useradd -m -s \/bin\/bash docker\nsudo passwd docker\nsudo usermod -aG sudo docker<\/code><\/pre>\nand lets login as newly created user docker<\/em><\/strong>.<\/p>\nInstall Rootless Docker<\/h1>\nSet up repository<\/h2>\nsudo apt-get update && \\\nsudo apt-get install -y ca-certificates curl gnupg lsb-release uidmap iptables dbus-user-session fuse-overlayfs && \\\ncurl -fsSL https:\/\/download.docker.com\/linux\/debian\/gpg | sudo gpg --dearmor -o \/usr\/share\/keyrings\/docker-archive-keyring.gpg && \\\necho "deb [arch=$(dpkg --print-architecture) signed-by=\/usr\/share\/keyrings\/docker-archive-keyring.gpg] https:\/\/download.docker.com\/linux\/debian $(lsb_release -cs) stable" | sudo tee \/etc\/apt\/sources.list.d\/docker.list > \/dev\/null<\/code><\/pre>\nRelogin after running the above command.<\/p>\n
Install Docker Engine<\/h2>\nsudo apt update && \\\nsudo apt-get install -y docker-ce docker-ce-cli containerd.io<\/code><\/pre>\nSince we are running rootless docker, we will proceed to disable the rootful docker<\/p>\n
sudo systemctl disable --now docker.service docker.socket<\/code><\/pre>\nReboot the system after disabling<\/p>\n
Install the setup script<\/h2>\nsudo apt-get update\nsudo apt-get install -y docker-ce-rootless-extras <\/code><\/pre>\nInstall Rootless Docker<\/h2>\n
run the following as non-root to install rootless docker.<\/p>\n
dockerd-rootless-setuptool.sh install<\/code><\/pre>\nnext enable rootless docker to launch on startup.<\/p>\n
systemctl --user enable docker\nsudo loginctl enable-linger $(whoami)<\/code><\/pre>\nCongratulations, you have now successfully setup rootless docker. I will share with you on how to expose docker API so that it can be managed by tools like portainer or used by jenkins.<\/p>\n
If you are doing this on ubuntu, you will need to enable cgroup v2 to avoid permission issues in some containers. please refer to https:\/\/rootlesscontaine.rs\/getting-started\/common\/cgroup2\/<\/a><\/p>\n