I’ve been following documentation to install docker desktop [1] and am unable to complete the installation process. I downloaded the latest deb package for docker desktop, docker and utilities were installed previously, and dependency packages were also successfully installed, but when I try to install the deb package, I get the following error output from apt and dpkg:
# dpkg -i docker-desktop-amd64.deb
Selecting previously unselected package docker-desktop.
(Reading database ... 699900 files and directories currently installed.)
Preparing to unpack docker-desktop-amd64.deb ...
Unpacking docker-desktop (4.45.0-203075) ...
Setting up docker-desktop (4.45.0-203075) ...
Enabling use of privileged ports by Docker Desktop
kubernetes.docker.internal already in /etc/hosts
Reloading systemd daemon for logged in users
Done reloading systemd daemon for logged in users
Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
Warning: unable to find a suitable fs in /proc/mounts, is it mounted?
Use --subdomainfs to override.
dpkg: error processing package docker-desktop (--install):
installed docker-desktop package post-installation script subprocess returned error exit status 1
Processing triggers for mailcap (3.70+nmu1ubuntu1) ...
Processing triggers for gnome-menus (3.36.0-1.1ubuntu3) ...
Processing triggers for desktop-file-utils (0.27-2build1) ...
Processing triggers for bamfdaemon (0.5.6+22.04.20220217-0ubuntu5) ...
Rebuilding /usr/share/applications/bamf-2.index...
Errors were encountered while processing:
docker-desktop
It doesn’t say where in the post-install script it fails, only that it does. Can anybody tell me what’s going on here and how I might get past it?
It should work on a standard Ubuntu 24.04 on a regular machine (VM or physical).
This is just a warning, but I don’t know why it would be there. Where is your Ubuntu OS? Physical machine, VM, WSL2 on Windows, LXC container, Proxmox?
When Ubuntu 24.04 was new, there was an incompatibility with Docker Desktop caused by some security-related change in Ubuntu, but that was fixed.
This is a physical machine. That warning doesn’t make sense to me either. /proc/mounts looks normal to me. Local disk only has one mount:
/dev/nvme0n1p2 / ext4 rw,relatime 0 0
Not sure what problem the script would have with that. It would help to know what the post-install script is trying to do when it errors out. Maybe this warning is unrelated to the actual problem. AppArmor is completely disabled, so I’m ignoring that warning as well.
# This profile allows everything and only exists to give the
# application a name instead of having the label "unconfined"
abi <abi/4.0>,
include <tunables/global>
profile docker-desktop /opt/docker-desktop/Docker\ Desktop flags=(unconfined) {
userns,
# Site-specific additions and overrides. See /etc/apparmor.d/local/README for details.
include if exists <local/docker-desktop>
I think it was made when DD idn’t work on Ubuntu 24.04 because of the security changes in Ubuntu and they had to create a profile to make it work. If your apparmor is completely disabled, I can imagine the postinstall script not being able to activate it. Just a guess.
Docker DEsktop does not need Docker, only the docker cli. Installing the daemon is completely unnecessary and could cause issues, although I don’t think this is one of those.
Thanks for the tip on debugging postinst. I was able to find where the error was happening and it was indeed at the very end where the apparmor target gets activated, specifically in line 83.
I commented out that line, removed the symlink at /usr/local/bin//docker and ran apt -f install and was finally able to get it to complete. Will have the user that requested this test and make sure it works for their desktop session.
If it turns out that everything works fine without apparmor, I would suggest to the package maintainer that the postinst script should properly handle the condition where apparmor is completely disabled to avoid this in the future.
Just to wrap this up, the user confirmed they were able to run docker desktop, so it appears this was successful. Thanks for the help pointing me in the right direction. 25 years of using debian, you’d think I would know better how packages work.
They probbaly didn’t think of disabling Apparmor completely. I never needed to do it. Docker even has a dedicated page about Apparmor profiles in the documentation: AppArmor security profiles for Docker | Docker Docs
But it was an interesting topic and it shows that Apparmor could be mentioned in the installation guide of “Docker Desktop for Linux / Ubuntu” and maybe made optional with a warning in the docker info.
I can bring this topic to the staff’s attention, but if you want to report it directly and follow the the progress, you can do it too on GitHub
Bug reports (as it doesn’t work on all Ubuntu 24.04 and Apaprmor is not mentioned as strict requirement)
Roadmap (to support missing apparmor):
My first idea is sending a bug report and the staff can probably move it to the roadmap if they think it is not a bug.