[How to] Run Docker on your device

fredldotme

Hello again!

I've been working on bringing Docker to Ubuntu Touch, with success! Although not completely finished, I'd like to share what is possible today.

This requires a device with snapd installed, so either Ubuntu Touch 20.04 with Snapz0r (untested) or Ubuntu Touch 24.04-1.0 and up.

This required changes to the Docker Snap, with a PR on GitHub that has received two heart reactions by the maintainers, so the chances of this PR landing upstream are high. For those interested in what was necessary: https://github.com/canonical/docker-snap/pull/327

I've shared a preliminary build of this Docker Snap on Google Drive and my private NextCloud instance, until the PR is merged upstream. Download links are below.

For this Snap to work on all devices, one will currently have to install it in "devmode", a mode which disables confinement for this particular Snap. This effectively means that it will run with the same privileges as an apt-installed Docker package. For confinement to work this will require additional work in snapd which I'm currently waiting for input on: https://forum.snapcraft.io/t/getting-docker-snap-to-run-on-ubuntu-touch-with-k4-19-5-4/49243

Kernel support

For Docker to work your device's kernel requires a certain set of features enabled. I've tried to list them here: https://gist.github.com/fredldotme/5dffc8bfa410cfa8f541276407154494

Also, if the device uses CONFIG_ANDROID_PARANOID_NETWORK in it's configuration, it might be beneficial to disable that also since otherwise containers won't be able to connect to the internet.

Download

Download: https://drive.google.com/file/d/15WkBrBWVsz8WQCLpULF9AYsbnJFqI-M1/view?usp=sharing
Slow mirror: https://beimfredis.oisanfochnurscheis.se/index.php/f/30467

How to

1. Install the Snap on your device: sudo snap install --dangerous --devmode ./docker_28.4.0_arm64.snap
2. Hook up permissions:

sudo snap connect docker:privileged :docker-support
sudo snap connect docker:support :docker-support
sudo snap connect docker:firewall-control :firewall-control
sudo snap connect docker:network-control :network-control
sudo snap connect docker:docker-cli docker:docker-daemon
sudo snap connect docker:home

sudo snap disable docker
sudo snap enable docker

3. Use legacy xtables for firewall rules:

sudo snap set docker nftables=false
sudo snap restart docker

4. Test whether Docker works: sudo docker run hello-world

5. For running Docker without sudo, set up your user appropriately:

sudo addgroup --extrausers docker
sudo adduser $USER docker
newgrp docker
sudo snap disable docker
sudo snap enable docker

6. You're done!

If you feel really adventurous you can now even install the Clickable Snap (sudo snap install clickable) and develop your Ubuntu Touch apps directly on your Ubuntu Touch device. How awesome is that?

fredldotme

And here a little success story on combining the Clickable Snap & the Docker Snap, allowing to build AND test a click package directly on the device (in this case a JingPad). Photo courtesy of Sander: