Check if Docker is rootless
docker info | grep -E "(Root|rootless)"
ps aux | grep dockerd
ps aux | grep dockerd
If rootless, dockerd runs under your user, not root.
Install rootless Docker
Prerequisites (Ubuntu/Debian):
sudo apt-get install -y uidmap dbus-user-session
Install and setup:
# Disable system Docker if running
sudo systemctl disable --now docker.service docker.socket
# Install rootless Docker
curl -fsSL https://get.docker.com/rootless | sh
# Enable auto-start
systemctl --user enable docker
sudo loginctl enable-linger $(whoami)
sudo systemctl disable --now docker.service docker.socket
# Install rootless Docker
curl -fsSL https://get.docker.com/rootless | sh
# Enable auto-start
systemctl --user enable docker
sudo loginctl enable-linger $(whoami)
Add to shell profile:
export PATH=/home/$USER/bin:$PATH
export DOCKER_HOST=unix://$XDG_RUNTIME_DIR/docker.sock
export DOCKER_HOST=unix://$XDG_RUNTIME_DIR/docker.sock
Verify
systemctl --user start docker
docker run --rm hello-world
docker run --rm hello-world
Security Impact
Even if containers are compromised, attackers cannot gain root access to your host system. This fundamentally improves your security posture.
Complete Documentation
For detailed installation instructions, troubleshooting, and configuration options, see: Docker Rootless Documentation