ubuntu_24.04 Noble LTS安裝docker desktop啟動無視窗及引擎啟動失敗的解決方法

ubuntu_24.04 LTS安裝docker desktop啟動無視窗及引擎啟動失敗的解決方法

1. 安裝docker desktop後啟動無視窗

現象： 執行sudo apt install ./docker-desktop-4.29.0-amd64.deb成功安裝docker desktop後，無論是在菜單里點擊Docker Desktop圖標還是執行systemctl --user start docker-desktop均沒有視窗出現。
查看日誌：在~/.docker/desktop/log/host/Docker Desktop.stderr.log 中有以下內容：

[2024-04-27T06:39:49.728616797Z] [22344:0427/143949.728566:FATAL:setuid_sandbox_host.cc(157)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /opt/docker-desktop/chrome-sandbox is owned by root and has mode 4755.

解決方法：執行

sudo chown root:root /opt/docker-desktop/chrome-sandbox
sudo chmod 4755 /opt/docker-desktop/chrome-sandbox

然後執行 systemctl --user restart docker-desktop，視窗出現，問題解決。

2. 啟動出現 "An unexpected error occurred"或一直顯示"Starting the Docker Engine..."

報錯內容：

running engine: waiting for the VM setup to be ready: running filesharing: running virtiofsd for /home:  Error entering sandbox:
DropSupplementalGroups(Os { code: 1, kind: PermissionDenied, message: "Operation not permitted" })

執行sudo dmesg出現以下等內容

[ 2329.792894] audit: type=1400 audit(1714467432.031:190): apparmor="DENIED" operation="capable" class="cap" profile="unprivileged_userns" pid=10057 comm="virtiofsd" capability=6  capname="setgid"

解決方法：

echo "==> Disabling Apparmor unprivileged userns mediation"
echo 0 > /proc/sys/kernel/apparmor_restrict_unprivileged_userns

echo "==> Disabling Apparmor unprivileged unconfined mediation"
echo 0 > /proc/sys/kernel/apparmor_restrict_unprivileged_unconfined

以root許可權執行以上內容（方法來源： https://github.com/canonical/lxd/issues/12882#issuecomment-1941766215 ）
該方法會帶來一定的安全風險
這個問題應該與ubuntu 24.04 的 Unprivileged user namespace restrictions 有關，應該會修複