UPDATE: Answer appears to be to do the unprivileged install process. See below.
Following the HA supervised install howto here
after performing step 2 installing docker there is a note in the output:
========================================================
To run Docker as a non-privileged user, consider setting up the
Docker daemon in rootless mode for your user:dockerd-rootless-setuptool.sh installVisit Rootless mode | Docker Docs to learn about rootless mode.
To run the Docker daemon as a fully privileged service, but granting non-root
users access, refer to Post-installation steps | Docker DocsWARNING: Access to the remote API on a privileged Docker daemon is equivalent
to root access on the host. Refer to the ‘Docker daemon attack surface’
documentation for details: Security | Docker Docs============================================================
Now, canonically, running as root is a bad idea and historically is heavily discouraged if there is a choice. Running as non-root if you have the choice is the right choice.
However, docker really really wants to be root. Trying to run a docker container as anything other than privileged is just asking for trouble and hassle and tedium and frustration and throwing things breakage. (one of the many many many problems that the docker devs just blithely blew by. But I digress and no one asked anyway).
So what’s the recommended thing to do here? the supervised howto doesn’t even mention the “dockerd-rootless-setuptool.sh install” step, so I didn’t do it. But I’d at least like to confirm that skipping it is the HA approved choice.
Thanks,