docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update page for Docker Desktop for Linux tech preview (#14199) 

* Update Linux preview page

Signed-off-by: Anca Iordache <anca.iordache@docker.com>
Co-authored-by: Usha Mandya <47779042+usha-mandya@users.noreply.github.com>

* Minor style and format updates

* Add a new section on why DD4L runs a VM

* Fix typo

* Fix another typo

Hopefully, the last one ;)

Co-authored-by: Usha Mandya <47779042+usha-mandya@users.noreply.github.com>
This commit is contained in:
Anca Iordache 2022-02-01 15:19:15 +01:00 committed by GitHub
parent b32cd2997b
commit 433d75492a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 64 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
desktop/linux/index.md
View File

@ -24,10 +24,28 @@ To install Docker Desktop for Linux:
1. Set up the [Docker repository](../../engine/install/ubuntu.md#install-using-the-repository).
2. Download and install the Tech Preview Debian package:
```console
$ curl https://desktop-stage.docker.com/linux/main/amd64/73772/docker-desktop.deb --output docker-desktop.deb
$ curl https://desktop-stage.docker.com/linux/main/amd64/74134/docker-desktop.deb --output docker-desktop.deb
$ sudo apt install ./docker-desktop.deb
```
3. Check whether the user belongs to `docker` and `kvm` groups. You may need to restart the host to load the group configuration.
3. Check whether the user belongs to `docker` and `kvm` groups. You may need to restart the host to load the group configuration (automated in post-install script).
There are a few post-install configuration steps done through the maintainers' scripts (post-install script contained
in the deb package.
For each user, the post-install script:
- installs systemd units
- configures `desktop-linux` as the default Docker CLI context
- installs Compose and the `docker scan` plugins to `~/.docker/cli-plugins`
- enables Compose V2 as the default `docker-compose`
- adds user to `docker` and `kvm` groups
In addition, the post-install script:
- sets the capability on the Docker Desktop binary to map privileged ports and set resource limits
- adds a DNS name for Kubernetes to `/etc/hosts`
- creates the Docker Desktop file for the application launcher
## Check the shared memory
@ -124,7 +142,14 @@ $ systemctl --user stop docker-desktop
## Logs
If you experience any issues, you can access Docker Desktop logs by running the following command:
To create and upload a diagnostics bundle:
1. From the Docker menu, select **Troubleshoot** > **Get support**.
2. When the diagnostics are available, click **Upload to get a Diagnostic ID**.
3. Make a note of the Diagnostic ID displayed on the Support page. You can send this ID with your bug report to investigate any issues.
**Troubleshoot** > **Get support**. Wait for a bundle to be generated, once uploaded, it displays a diagnostics ID that can be sent to us for investigation.
Or, if you prefer to investigate the issue, you can access Docker Desktop logs by running the following command:
```console
$ journalctl --user --unit=docker-desktop
@ -144,10 +169,45 @@ $ sudo apt remove docker-desktop
## Known issues
- The **Reset to factory defaults** option on the **Troubleshoot** page currently does not work.
- The Docker CLI login flow has some inconsistencies that we are currently investigating. If you experience any issues when trying to log in, remove the `credsStore` property from `~/.docker/config.json` and restart Docker Desktop (run either
`systemctl --user restart docker-desktop` or quit Docker Desktop and relaunch).
- Docker Desktop stores the passwords in base-64 encoded plaintext. Integration with `pass` is currently a work in progress.
- After launching Docker Desktop, you must remove `~/.docker/scan/config.json` for `docker scan` to work.
- Dev Environments are not yet available.
- At the end of the installation process, `apt` displays an error due to installing a downloaded package. You can ignore this error message.
```
N: Download is performed unsandboxed as root, as file '/home/user/Downloads/docker-desktop.deb' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
```
## Why Docker Desktop for Linux runs a VM
Docker Desktop for Linux runs a Virtual Machine (VM) for the following reasons:
1. **To ensure that Docker Desktop provides a consistent experience across platforms**.
During research, the most frequently cited reason for users wanting Docker
Desktop for Linux (DD4L) was to ensure a consistent Docker Desktop
experience with feature parity across all major operating systems. Utilizing
a VM ensures that the Docker Desktop experience for Linux users will closely
match that of Windows and macOS.
This need to deliver a consistent experience across all major OSs will become increasingly important as we look towards adding exciting new features, such as Docker Extensions, to Docker Desktop that will benefit users across all tiers. Well provide more details on these at [DockerCon22](https://www.docker.com/dockercon/){: target="_blank" rel="noopener" class="_"}. Watch this space.
2. **To enhance security**
Container image vulnerabilities pose a security risk for the host environment. There is a large number of unofficial images that are not guaranteed to be verified for known vulnerabilities. Malicious users can push images to public registries and use different methods to trick users into pulling and running them. The VM approach mitigates this threat as any malware that gains root privileges is restricted to the VM environment without access to the host.
Why not run rootless Docker? Although this has the benefit of superficially limiting access to the root user so everything looks safer in "top", it allows unprivileged users to gain `CAP_SYS_ADMIN` in their own user namespace and access kernel APIs which are not expecting to be used by unprivileged users, resulting in vulnerabilities like [this](https://www.openwall.com/lists/oss-security/2022/01/18/7){: target="_blank" rel="noopener" class="_"}.
3. **To provide the benefits of feature parity and enhanced security, with minimal impact on performance**
The VM utilized by DD4L uses `virtiofs`, a shared file system that allows virtual machines to access a directory tree located on the host. Our internal benchmarking shows that with the right resource allocation to the VM, near native file system performance can be achieved with virtiofs.
As such, we have adjusted the default memory available to the VM in DD4L. You can tweak this setting to your specific needs by using the **Memory** slider within the **Settings** > **Resources** tab of Docker Desktop.