From time to time I need to get this working, either by a new computer or some reinstall. Lately, I had to do this twice because my new Dell XPS laptop needed to be serviced, and I had to reinstall my OS of choice: Fedora Linux.
From now one, I assume you already have docker installed, in my case (Fedora Linux) is just a matter of typing:
sudo dnf install docker
Change the default docker directory
Since I don’t want docker to pollute my
/user directory, I usually create a new directory just to hold the docker images and files.
In this case, I will use
/home/docker, since I have a very large partition for the
sudo vim /etc/sysconfig/docker
-g /home/docker to the OPTIONS line:
OPTIONS='--selinux-enabled --log-driver=journald -g /home/docker'
Now to make sure SELinux recognizes this in a proper context, we need to run:
sudo chcon -Rt svirt_sandbox_file_t /home/docker
To ensure you can run docker with your current user, instead of using the root user, you need to create one group and add it to your user’s groups.
Setup docker to run with your user
To ensure you can run docker with your user and ditch the
sudo usage, you need to create a group and add the user to the group:
Create the docker group.
sudo groupadd docker
Now add your (current) user to the docker group:
sudo usermod -aG docker $USER
Now logout and login again, to make sure your user as the right groups loaded
To check if everything is properly set up, you can run docker:
docker run hello-world
and you’ll be now able to run docker as your beloved user!
Setup your workspace or project directory
Now that you have docker running by your user, you (may) want to be able to share your project folder with the container, to make sure the process inside the docker can read your files and make some changes if necessary.
So got to the root directory of your project or your workspace, in case you have several projects and run:
sudo chcon -Rt svirt_sandbox_file_t /path/to/worksapce_or_project
If you still cannot access internet inside your container
In my recent Fedora 33 installation, I have to perform some changes to the firewall in order to access the internet. A bug report is already open at Bugzilla.
The root issue is we do not have IP Masquerading enabled.
First, get the list of active zones:
sudo firewall-cmd --get-active-zones
docker interfaces: docker0 public interfaces: enp56s0u1u1
Then I need to add the masquerade to the
sudo firewall-cmd --zone=public --add-masquerade
Note, that in several search results, instead of
public you may see
FedoraWorkstation, so in the previous command you need to replace
Since docker run their processed inside the containers as root, it’s always a good idea to keep SELinux enabled, to ensure nothing is misbehaving and reading files that should not be read.
If you see anywhere people suggesting to disable SELinux, please ignore, because in this world security is never enough.