WSL子系统(Ubuntu)安装Docker
WSL子系统(Ubuntu)安装Docker
- 1 WSL子系统前置条件
- 1.1 编辑wsl.conf文件
- 1.2 查看systemd是否正常启动
- 2 Docker安装
- 3 Docker守护进程
- 3.1 方法一:创建docker组用户,提升当前用户至docker组权限
- 3.2 方法二:Rootless 模式(非root权限模式)
- 3.2.1 前置条件
- 3.2.2 利用一键脚本实现Rootless模式
- 4 更换Docker源
- 5 Docker常用命令
1 WSL子系统前置条件
Docker的守护进程 Docker daemon往往需要systemd启动,而WSL2中默认使用的是systemv,可以通过以下方式修改为systemd。
1.1 编辑wsl.conf文件
定位到/etc/wsl.conf文件,如果没有手动创建该文件,在文件中添加如下内容:
[boot]
systemd=true
或者直接在命令行中运行以下命令
echo -e "[boot]\nsystemd=true" > /etc/wsl.conf
![![[Pasted image 20250919113203.png]]](https://i-blog.csdnimg.cn/direct/8c651028d05d4ad98b80f97c00c685a6.png)
关闭Linux版本后,重新启动WSL实例。
wsl --shutdown # 在cmd或者powershell中输入关闭WSL
1.2 查看systemd是否正常启动
重新进入WSL子系统后,输入以命令验证systemd是否启动。
# 两条命令都可以验证systemd是否启动,任选其一即可
ps --no-headers -o comm 1
systemctl status
zhou@ZHOU-PC:~$ ps --no-headers -o comm 1
systemd
zhou@ZHOU-PC:~$ systemctl status
● ZHOU-PCState: runningUnits: 360 loaded (incl. loaded aliases)Jobs: 0 queuedFailed: 0 unitsSince: Fri 2025-09-19 11:39:01 CST; 1min 51s leftsystemd: 255.4-1ubuntu8.10CGroup: /├─init.scope│ ├─ 1 /sbin/init│ ├─ 2 /init│ ├─ 8 plan9 --control-socket 7 --log-level 4 --server-fd 8 --pipe-fd 10 --log-truncate│ ├─405 /init│ ├─406 /init│ ├─407 -bash│ ├─538 systemctl status│ └─539 cat├─system.slice│ ├─console-getty.service│ │ └─232 /sbin/agetty -o "-p -- \\u" --noclear --keep-baud - 115200,38400,9600 vt220│ ├─cron.service│ │ └─219 /usr/sbin/cron -f -P│ ├─dbus.service│ │ └─220 @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only还可以通过以下命令查看详细的状态。
systemctl list-unit-files --type=service
2 Docker安装
利用下面网站的一键脚本安装Docker
https://linuxmirrors.cn/
sudo bash <(curl -sSL https://linuxmirrors.cn/docker.sh)
如果出现以下错误信息
zhou@ZHOU-PC:~$ sudo bash <(curl -sSL https://linuxmirrors.cn/docker.sh)
[sudo] password for zhou:
bash: /dev/fd/63: No such file or directory
zhou@ZHOU-PC:~$ curl: (23) Failure writing output to destination
可以尝试将一键安装脚本下载下来之后,本地运行安装Docker
wget https://linuxmirrors.cn/docker.sh
--2025-09-19 14:20:24-- https://linuxmirrors.cn/docker.sh
Resolving linuxmirrors.cn (linuxmirrors.cn)... 54.232.119.62
Connecting to linuxmirrors.cn (linuxmirrors.cn)|54.232.119.62|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 73187 (71K) [application/x-sh]
Saving to: ‘docker.sh’docker.sh 100%[==========================================>] 71.47K 106KB/s in 0.7s2025-09-19 14:20:26 (106 KB/s) - ‘docker.sh’ saved [73187/73187]
本地运行一键脚本安装Docker,需要root用户或具有root权限的用户才可以
sudo bash docker.sh
3 Docker守护进程
Docker守护进程(daemon)绑定到Unix socket,而不是TCP端口。Unix socket需要root用户,或者其它用户使用sudo命令才可以使用。如果不想每次非root用户使用docker命令时必须添加sudo命令,可以采用如下的方法规避。
zhou@ZHOU-PC:~$ docker ps
permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.51/containers/json": dial unix /var/run/docker.sock: connect: permission denied
有两种方法:第一种方法是创建docker用户组,然后将当前用户提升至docker用户组,增加权限。
第二种方法是运行一键脚本实现Rootless模式(非root权限用户)。
两种方法均可,根据具体情况选择其一即可,第一种方法具有更完整的服务权限
To run Docker as a non-privileged user, consider setting up the
Docker daemon in rootless mode for your user:dockerd-rootless-setuptool.sh installVisit https://docs.docker.com/go/rootless/ to learn about rootless mode.To run the Docker daemon as a fully privileged service, but granting non-root
users access, refer to https://docs.docker.com/go/daemon-access/WARNING: Access to the remote API on a privileged Docker daemon is equivalentto root access on the host. Refer to the 'Docker daemon attack surface'documentation for details: https://docs.docker.com/go/attack-surface/
3.1 方法一:创建docker组用户,提升当前用户至docker组权限
https://docs.docker.com/engine/install/linux-postinstall/#manage-docker-as-a-non-root-user
(1)创建docker组
sudo groupadd docker
创建docker组不是必须的命令,安装docker软件时可能已经创建了docker组,如果已经创建,直接进入到下一步
zhou@ZHOU-PC:~$ sudo groupadd docker
groupadd: group 'docker' already exists
(2)添加当前用户到docker组
# 两条命令选择其中一条即可,gpasswd是管理组命令,usermod是管理用户命令
sudo usermod -aG docker $USER #_usermod -a -G用于将用户添加到附加组,-a参数确保不会覆盖现有的附加组,必须与-G参数一起使用
sudo gpasswd -a $USER docker # gpasswd [-a user] groupname添加用户到指定组
(3)退出重新登录使得上述操作生效。
另外一种使其生效的方式,不退出系统,运行以下命令
newgrp docker
(4)查看当前用户所属的用户组
id
zhou@ZHOU-PC:~$ id
uid=1001(zhou) gid=989(docker) groups=989(docker),27(sudo),1002(zhou)
(5)正常使用docker
zhou@ZHOU-PC:~$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
(6)查看docker服务
systemctl status docker
systemctl status docker
● docker.service - Docker Application Container EngineLoaded: loaded (/usr/lib/systemd/system/docker.service; enabled; preset: enabled)Active: active (running) since Fri 2025-09-19 14:34:59 CST; 54min ago
TriggeredBy: ● docker.socketDocs: https://docs.docker.comMain PID: 8023 (dockerd)Tasks: 15Memory: 23.1M (peak: 43.9M)CPU: 1.523sCGroup: /system.slice/docker.service└─8023 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sockWarning: some journal files were not opened due to insufficient permissions.
3.2 方法二:Rootless 模式(非root权限模式)
https://docs.docker.com/engine/security/rootless/
Rootless 模式可以利用非root用户权限运行Docker守护进程(Docker daemon)和容器,从而减轻守护进程和容器运行时的潜在漏洞威胁。
3.2.1 前置条件
安装完成后,Docker daemon已经运行,需要将其停止。
systemctl status docker
zhou@ZHOU-PC:~$ systemctl status docker
● docker.service - Docker Application Container EngineLoaded: loaded (/usr/lib/systemd/system/docker.service; enabled; preset: enabled)Active: active (running) since Fri 2025-09-19 14:34:59 CST; 54min ago
TriggeredBy: ● docker.socketDocs: https://docs.docker.comMain PID: 8023 (dockerd)Tasks: 15Memory: 23.1M (peak: 43.9M)CPU: 1.523sCGroup: /system.slice/docker.service└─8023 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sockWarning: some journal files were not opened due to insufficient permissions.
利用如下命令停止docker.service和docker.socket服务,分两步。
第一步,终止docker.service和docker.socket服务。
sudo systemctl disable --now docker.service docker.socket
zhou@ZHOU-PC:~$ sudo systemctl disable --now docker.service docker.socket
Synchronizing state of docker.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install disable docker
Removed "/etc/systemd/system/sockets.target.wants/docker.socket".
Removed "/etc/systemd/system/multi-user.target.wants/docker.service".
Disabling 'docker.service', but its triggering units are still active:
第二步,删除docker.sock文件。
sudo rm /var/run/docker.sock
3.2.2 利用一键脚本实现Rootless模式
安装完成Docker后会在/usr/bin目录下生成一键脚本 dockerd-rootless-setuptool.sh
zhou@ZHOU-PC:~$ ls -al /usr/bin | grep dockerd-rootless-setuptool.sh
-rwxr-xr-x 1 root root 16034 Sep 4 04:55 dockerd-rootless-setuptool.sh
直接以非root权限运行Rootless命令
dockerd-rootless-setuptool.sh install
zhou@ZHOU-PC:~$ dockerd-rootless-setuptool.sh install
[ERROR] Missing system requirements. Run the following commands to
[ERROR] install the requirements and run this tool again.########## BEGIN ##########
sudo sh -eux <<EOF
# Install newuidmap & newgidmap binaries
apt-get install -y uidmap
EOF
########## END ##########
提示缺少必要的newuidmap和newgidmap组件,根据提示安装uidmap即可。
zhou@ZHOU-PC:~$
########## BEGIN ##########
sudo sh -eux <<EOF
# Install newuidmap & newgidmap binaries
apt-get install -y uidmap
EOF
########## END ##########
+ apt-get install -y uidmap
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:libsubid4
The following NEW packages will be installed:libsubid4 uidmap
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 49.4 kB of archives.
After this operation, 208 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 libsubid4 amd64 1:4.13+dfsg1-4ubuntu3.2 [23.4 kB]
Get:2 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 uidmap amd64 1:4.13+dfsg1-4ubuntu3.2 [26.0 kB]
Fetched 49.4 kB in 1s (34.1 kB/s)
Selecting previously unselected package libsubid4:amd64.
(Reading database ... 41289 files and directories currently installed.)
Preparing to unpack .../libsubid4_1%3a4.13+dfsg1-4ubuntu3.2_amd64.deb ...
Unpacking libsubid4:amd64 (1:4.13+dfsg1-4ubuntu3.2) ...
Selecting previously unselected package uidmap.
Preparing to unpack .../uidmap_1%3a4.13+dfsg1-4ubuntu3.2_amd64.deb ...
Unpacking uidmap (1:4.13+dfsg1-4ubuntu3.2) ...
Setting up libsubid4:amd64 (1:4.13+dfsg1-4ubuntu3.2) ...
Setting up uidmap (1:4.13+dfsg1-4ubuntu3.2) ...
Processing triggers for man-db (2.12.0-4build2) ...
Processing triggers for libc-bin (2.39-0ubuntu8.5) ...
再次运行一键安装脚本
dockerd-rootless-setuptool.sh install
zhou@ZHOU-PC:~$ dockerd-rootless-setuptool.sh install
[INFO] Creating /home/zhou/.config/systemd/user/docker.service
[INFO] starting systemd service docker.service
+ systemctl --user start docker.service
+ sleep 3
+ systemctl --user --no-pager --full status docker.service
● docker.service - Docker Application Container Engine (Rootless)Loaded: loaded (/home/zhou/.config/systemd/user/docker.service; disabled; preset: enabled)Active: active (running) since Fri 2025-09-19 15:49:18 CST; 2min 39s leftDocs: https://docs.docker.com/go/rootless/Main PID: 10533 (rootlesskit)Tasks: 46Memory: 73.5M (peak: 74.2M)CPU: 928msCGroup: /user.slice/user-1001.slice/user@1001.service/app.slice/docker.service├─10533 rootlesskit --state-dir=/run/user/1001/dockerd-rootless --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run --propagation=rslave /usr/bin/dockerd-rootless.sh├─10545 /proc/self/exe --state-dir=/run/user/1001/dockerd-rootless --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run --propagation=rslave /usr/bin/dockerd-rootless.sh├─10566 slirp4netns --mtu 65520 -r 3 --disable-host-loopback --enable-sandbox --enable-seccomp 10545 tap0├─10574 dockerd└─10597 containerd --config /run/user/1001/docker/containerd/containerd.tomlSep 19 15:46:34 ZHOU-PC dockerd-rootless.sh[10574]: time="2025-09-19T15:46:34.918197655+08:00" level=warning msg="WARNING: No io.max (rbps) support"
Sep 19 15:46:34 ZHOU-PC dockerd-rootless.sh[10574]: time="2025-09-19T15:46:34.918213543+08:00" level=warning msg="WARNING: No io.max (wbps) support"
Sep 19 15:46:34 ZHOU-PC dockerd-rootless.sh[10574]: time="2025-09-19T15:46:34.918228102+08:00" level=warning msg="WARNING: No io.max (riops) support"
Sep 19 15:46:34 ZHOU-PC dockerd-rootless.sh[10574]: time="2025-09-19T15:46:34.918241902+08:00" level=warning msg="WARNING: No io.max (wiops) support"
Sep 19 15:46:34 ZHOU-PC dockerd-rootless.sh[10574]: time="2025-09-19T15:46:34.918295014+08:00" level=info msg="Docker daemon" commit=249d679 containerd-snapshotter=false storage-driver=overlay2 version=28.4.0
Sep 19 15:46:34 ZHOU-PC dockerd-rootless.sh[10574]: time="2025-09-19T15:46:34.919527995+08:00" level=info msg="Initializing buildkit"
Sep 19 15:49:18 ZHOU-PC dockerd-rootless.sh[10574]: time="2025-09-19T15:49:18.294707183+08:00" level=info msg="Completed buildkit initialization"
Sep 19 15:49:18 ZHOU-PC dockerd-rootless.sh[10574]: time="2025-09-19T15:49:18.320905755+08:00" level=info msg="Daemon has completed initialization"
Sep 19 15:49:18 ZHOU-PC dockerd-rootless.sh[10574]: time="2025-09-19T15:49:18.321430121+08:00" level=info msg="API listen on /run/user/1001/docker.sock"
Sep 19 15:49:18 ZHOU-PC systemd[463]: Started docker.service - Docker Application Container Engine (Rootless).
+ DOCKER_HOST=unix:///run/user/1001//docker.sock /usr/bin/docker version
Client: Docker Engine - CommunityVersion: 28.4.0API version: 1.51Go version: go1.24.7Git commit: d8eb465Built: Wed Sep 3 20:57:32 2025OS/Arch: linux/amd64Context: defaultServer: Docker Engine - CommunityEngine:Version: 28.4.0API version: 1.51 (minimum version 1.24)Go version: go1.24.7Git commit: 249d679Built: Wed Sep 3 20:57:32 2025OS/Arch: linux/amd64Experimental: falsecontainerd:Version: 1.7.27GitCommit: 05044ec0a9a75232cad458027ca83437aae3f4darunc:Version: 1.2.5GitCommit: v1.2.5-0-g59923efdocker-init:Version: 0.19.0GitCommit: de40ad0rootlesskit:Version: 2.3.4ApiVersion: 1.1.1NetworkDriver: slirp4netnsPortDriver: builtinStateDir: /run/user/1001/dockerd-rootlessslirp4netns:Version: 1.2.1GitCommit: 09e31e92fa3d2a1d3ca261adaeb012c8d75a8194
+ systemctl --user enable docker.service
Created symlink /home/zhou/.config/systemd/user/default.target.wants/docker.service → /home/zhou/.config/systemd/user/docker.service.
[INFO] Installed docker.service successfully.
[INFO] To control docker.service, run: `systemctl --user (start|stop|restart) docker.service`
[INFO] To run docker.service on system startup, run: `sudo loginctl enable-linger zhou`[INFO] Creating CLI context "rootless"
Successfully created context "rootless"
[INFO] Using CLI context "rootless"
Current context is now "rootless"[INFO] Make sure the following environment variable(s) are set (or add them to ~/.bashrc):
export PATH=/usr/bin:$PATH[INFO] Some applications may require the following environment variable too:
export DOCKER_HOST=unix:///run/user/1001//docker.sock
4 更换Docker源
如果docker安装完成之后需要更换相应的源,可以再次运行安装脚本选择合适的源即可。
sudo bash docker.sh
5 Docker常用命令
| Docker基础命令 | |
|---|---|
| 启动Docker服务 | systemctl start docker |
| 关闭Docker服务 | systemctl stop docker |
| 重启Docker服务 | systemctl restart docker |
| 设置Docker开机启动 | systemctl enable docker |
| 关闭Docker开机启动 | systemctl disable docker |
| 查看Docker服务运行状态 | systemctl status docker |
| 查看Docker版本 | docker version |
| 查看所有服务(所有状态) | systemctl list-units --type=service |
| 查看所有正在运行的服务 | systemctl list-units --type=service --state=running |
| 查看所有active状态(运行或退出)的服务 | systemctl list-units --type=service --state=active |
| 查看所有enable状态的服务 | systemctl list-unit-files --state=enabled |
| Docker镜像命令 | |
|---|---|
| 查看本地镜像 | docker images |
| 查询Docker Hub镜像 | docker search imagename |
| 拉取最新镜像 | docker pull imagename |
| 拉取指定版本镜像 | docker pull imagename:tag |
| 推送镜像到服务器 | docker push imagename |
| 推送指定版本镜像到服务器 | docker push imagename:tag |
| 删除镜像 | docker rmi imagename/image id |
| 强制删除镜像 | docker rmi -f imagename/image id |
| 强制删除镜像 | docker image rm imagename/image id |
| 强制删除多个镜像 | dicker rmi -f imagename1 imagename2 imagename3 #删除多个镜像,中间用空格隔开 |
| 删除全部镜像(快捷命令) | docker rmi -f $(docker images -aq) #-a为显示全部,-q为只显示ID |
| Docker容器命令 | |
|---|---|
| 显示正在运行的容器 | docker ps |
| 显示全部容器(包含已停止) | docker ps -a |
| 创建并运行容器且进入终端交互模式 | docker run -it --name containername -p 8080:80 iamgename containername创建的容器名称;-p将宿主机端口与容器端口映射,冒号左侧是宿主机端口,右侧是容器端口;-it交互式终端模式 |
| 创建并后台运行容器(全新的容器) | docker run -d --name containername -p 8080:80 iamgename containername创建的容器名称;-p将宿主机端口与容器端口映射,冒号左侧是宿主机端口,右侧是容器端口;-d表示后台运行容器(守护式运行),此模式下只有使用dockerstop命令才能终止容器运行,从容器中使用exit命令退出后仍能保持容器运行 |
| 创建并运行容器的命令(推荐命令) | docker run -itd --name containername -p 8080:80 iamgename |
| 从容器退出回到系统(不能使用CTRL+C) | exit 或者 CTRL+D 退出容器并终止容器运行,后面需要使用dockerstart命令重新启动容器 |
| 从容器退出回到系统(不能使用CTRL+C) | Ctrl + P + Q 退出容器并保持容器继续运行 |
| 设置容器随docker服务启动而自启动 | docker run -d --name containername -p 8080:80 --restart=always iamgename 参数–restartalways,表示该容器随docker服务启动而自动启动 |
| 容器已启动后,设置随docker服务启动而自启动 | docker update containername/container id --restart=always |
| 进入正在运行的容器(推荐) | docker exec -it containername/container id /bin/bash #进入容器终端模式 |
| 进入容器 | docker attach containername/container id |
| 启动暂停的容器 | docker start containername/container id |
| 暂停容器 | docker pause containername/container id |
| 停止容器(杀死进程,回收内存) | docker stop containername/container id 容器重启后进程号不变 |
| 杀死容器 | docker kill containername/container id 容器重启后开启新的进程号 |
| 重启正在运行容器 | docker restart containername/container id |
| 更改容器名 | docker rename containername newcontainername |
| 删除容器 | docker rm containername/container id |
| 强制删除容器 | docker rm -f containername/container id |
| 强制删除多个容器 | dicker rm -f containername1 containername2 containername3 删除多个镜像,中间用空格隔开 |
| 删除全部容器(快捷命令) | docker rm -f $(docker ps -aq) #-a为显示全部,-q为只显示ID |
| 查看容器运行日志 | docker logs containername |
| 实时追踪容器运行日志 | docker logs -f containername |
| 实时追踪容器运行日志的后20行 | docker logs -f --tail=20 containername |