Ubuntu 24.04 Docker Desktop is not starting

Question

I installed Ubuntu 24.04 LTS, and tried to install Docker Desktop following the instructions from the official site, but in the end, the first docker command can not be used if you did not use it with sudo, and Docker Desktop is not starting at all.

If Docker Desktop is not started, how can you run any commands? Docker commands you run natively on your system does not affect Docker Desktop, but rather the locally running Docker Engine. — Artur Meinild, Apr 26 '24 at 12:04
Can confirm. Docker desktop isn't opening up. docker ps -a would not yield any results and keeps hanging on, but sudo docker ps -a does return results. — , Apr 26 '24 at 11:50
I also ran sudo groupadd docker sudo usermod -aG docker $USER and logged back in. Non-sudo command doesn't return data — , Apr 26 '24 at 11:54
Why are you talking about sudo groupadd docker? This isn't part of the Docker Desktop install instructions. The local Docker Engine, and Docker Desktop (running in a VM) are 2 different things.. — Artur Meinild, Apr 26 '24 at 12:00

score 57 · Answer 1 · answered Apr 29 '24 at 20:00

57

$ sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
$ systemctl --user restart docker-desktop

for a temporary workaround.

The issue is caused by a change introduced in Ubuntu 24.04

See the corresponding Docker Desktop bug report.

answered Apr 29 '24 at 20:00

Dmitry Spikhalsky

834

3

If you do this, you will not be able to see running containers in the Docker desktop!!! – Qui-Gon Jinn Aug 12 '24 at 21:09
1

And if you don't do this, you won't be able to see anything at all. And I don’t see any problems with displaying containers. – sandroid Oct 02 '24 at 18:26
This worked, not having a problem seeing running containers in Docker Desktop. /shrug – Bob Liberatore Nov 02 '24 at 16:09

score 23 · Answer 2 · answered Jul 05 '24 at 16:38

23

Create a default_allow AppArmor profile

According to Ubuntu Blog it is possible to create an AppArmor profile file to create a default_allow profile mode for an application.

While this effectively allows the application to remain unconfined, it also adds a new “userns,” rule to allow it to use unprivileged user namespaces.

Thus I took the given /opt/google.chrome.chrome example and adopt to opt.docker-desktop.bin.com.docker.backend:

sudo nano /etc/apparmor.d/opt.docker-desktop.bin.com.docker.backend

Add the following content:

abi <abi/4.0>,

include <tunables/global>
/opt/docker-desktop/bin/com.docker.backend flags=(default_allow) {
userns,
Site-specific additions and overrides. See local/README for details.
include if exists <local/opt.docker-desktop.bin.com.docker.backend>
}

Restart apparmor.service

sudo systemctl restart apparmor.service

et voila, you own Docker-Desktop on 24.04 LTS without throwing unprivileged user namespaces into the trough for everyone

answered Jul 05 '24 at 16:38

Martin Hans

331

2

Thanks for rewriting Ubuntu blog into a digestible command snippet. Docker Desktop is now running smoothly on Ubuntu 24.04 This should be the accepted answer. – Jansen Simanullang Jul 24 '24 at 12:23
1

This Should be the accepted answer. Unlike the other answer, the other fix requires you to rerun the command every time you reboot but this is more permanent as it continues to work even after rebooting – Lone Wolf Sep 01 '24 at 11:36
Best answer so far. Lazy people can use this gist based on the above suggestion :) https://gist.github.com/AmreeshTyagi/8e6c1a920a77b62db341fd28e8045088 – Amreesh Tyagi Oct 19 '24 at 08:16
1

I had to run systemctl --user restart docker-desktop after creating my AppArmor profile. Running the sudo version above wasn't enough. – DustinA Jun 10 '25 at 21:58

Artur Meinild · Answer 3 · 2024-05-17T11:46:31.203

2

As indicated by the official Docker Documentation, Docker Desktop is not yet officially supported on Ubuntu 24.04.

Docker has a note in their documentation stating:

The latest Ubuntu 24.04 LTS is not yet supported. Docker Desktop will fail to start. Due to a change in how the latest Ubuntu release restricts the unprivileged namespaces, sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 needs to be run at least once. Refer to the Ubuntu Blog for more details.

One would assume that support would be introduced shortly after the release of a new LTS version, but since I have no idea how Docker conduct their business time will have to tell.

Wait until 24.04 is officially supported from Docker.

edited May 17 '24 at 11:46

answered Apr 26 '24 at 11:51

Artur Meinild

31,385

2

"This is expected when a new version has just been released."

No it is not. Docker is supposed to test ahead for candidates of LTS and check release notes on major Operating system. The testcase is easy. New LTS product do not start. This is a product I pay for. Also they should inform their support about this. When I contacted support about this problem they had me checking all kinds of things and suggested wrong solutions.
– Patrik Lindström May 17 '24 at 11:17
@PatrikLindström do you expect me to have any opinion on how Docker conduct their business? I just state the facts as they are, what your expectations are for the Docker releases, you'll have to take with the Docker support. At the time of posting it was a fact that Docker hadn't included 24.04 in their documentation, but it was available shortly after release. – Artur Meinild May 17 '24 at 11:40
Sorry it was my frustration over Docker support. I had a similar issue with Jetbrains RustRover. They came back immediately with different suggestions of work arounds that I forwarded to Docker support. One of Jetbrains suggestions was writing an apparmor profile for the Jetbrains IDE runtime binary. See https://youtrack.jetbrains.com/issue/IJPL-59369 . Maybe something similar could be done as a workaround that do not turn off apparmor completely. https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces – Patrik Lindström May 17 '24 at 12:15
had ro add command in the other answer – Charleskimani Jul 12 '24 at 15:59
They have removed the note from the official Docker Documentation but forgot to update the link on the page to point the latest version – Maks Ko. Oct 28 '24 at 14:33

score -1 · Answer 4 · edited Jun 05 '24 at 05:10

I made a service to do it automatically on reboot.

https://gist.github.com/suman-somu/5ff041537516d1e84eb6f43e616d5627

Creating a new systemd service file:

sudo nano /etc/systemd/system/set-apparmor-restrict.service

Add the following content:

[Unit]
Description=Disable AppArmor Restriction on Unprivileged User Namespaces

[Service]
Type=oneshot
ExecStart=/sbin/sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
RemainAfterExit=true
[Install]
WantedBy=multi-user.target

Reload systemd and enable the service:

sudo systemctl daemon-reload
sudo systemctl enable set-apparmor-restrict.service

Start the service immediately (optional):

sudo systemctl start set-apparmor-restrict.service

For deleting the service:

Disable the service:

sudo systemctl disable set-apparmor-restrict.service

Remove the service file:

sudo rm /etc/systemd/system/set-apparmor-restrict.service

Reload systemd:

sudo systemctl daemon-reload

score -1 · Answer 5 · answered Jun 02 '24 at 19:34

If you can avoid Docker Desktop and use the normal version instead, your life will be easier!

sudo apt install docker.io
sudo usermod -aG docker $USER  # add current user to docker group
# sudo reboot (not strictly required, but avoids permissions woes)

Ubuntu 24.04 Docker Desktop is not starting

5 Answers5

Create a default_allow AppArmor profile

Site-specific additions and overrides. See local/README for details.

Creating a new systemd service file:

For deleting the service: