diff --git a/docs/sources/installation/binaries.md b/docs/sources/installation/binaries.md index a2e40397f3..c5672d6f7a 100644 --- a/docs/sources/installation/binaries.md +++ b/docs/sources/installation/binaries.md @@ -32,18 +32,54 @@ runtime: Docker in daemon mode has specific kernel requirements. For details, check your distribution in [*Installation*](../#installation-list). -In general, a 3.8 Linux kernel is the minimum requirement for Docker, as -some of the prior versions have known issues that are triggered by Docker. -Linux kernel versions older than 3.8 are known to cause kernel panics and -to break Docker. +A 3.10 Linux kernel is the minimum requirement for Docker. +Kernels older than 3.10 lack some of the features required to run Docker +containers. These older versions are known to have bugs which cause data loss +and frequently panic under certain conditions. +We recommend kernel 3.10 or newer. The latest minor version (3.x.y) of the 3.10 (or a newer maintained version) Linux kernel is recommended. Keeping the kernel up to date with the latest minor version will ensure critical kernel bugs get fixed. +> **Warning**: +> Installing custom kernels and kernel packages is likely to not be +> supported by your Linux distribution's vendor. Please make sure to +> ask your vendor about Docker support first before attempting to +> install custom kernels on your distribution. + +> **Warning**: +> Installing a newer kernel might not be enough for some distributions +> which provide packages which are too old or incompatible with +> newer kernels. + Note that Docker also has a client mode, which can run on virtually any Linux kernel (it even builds on OS X!). +## Check if AppArmor and SELinux are enabled + +Some Linux distributions enable AppArmor or SELinux by default and +they run a kernel which doesn't meet the minimum requirements (3.10 +or newer). Updating the kernel to 3.10 or newer on such a system +might not be enough to start Docker and run containers. +Incompatibilities between the version of AppArmor/SELinux user +space utilities provided by the system and the kernel could prevent +Docker from running, from starting containers or make containers +exhibit unexpected behaviour. + +> **Warning**: +> If any of the two security mechanisms is enabled, it should not be +> disabled to make Docker or its containers run. This will reduce +> security in that environment, lose support from the distribution's +> vendor for the system and might break regulations, and security +> policies in heavily regulated environments. + +> **Warning**: +> Please use AppArmor or SELinux if your Linux distribution supports +> either of the two. This helps improve security and blocks certain +> types of exploits. Your distribution's documentation should provide +> detailed steps on how to enable the recommended security mechanism. + ## Get the docker binary: $ wget https://get.docker.com/builds/Linux/x86_64/docker-latest -O docker diff --git a/docs/sources/installation/rhel.md b/docs/sources/installation/rhel.md index de2b3c9746..7f9f11a718 100644 --- a/docs/sources/installation/rhel.md +++ b/docs/sources/installation/rhel.md @@ -53,6 +53,23 @@ this package is part of [Extra Packages for Enterprise Linux (EPEL)](https://fedoraproject.org/wiki/EPEL), a community effort to create and maintain additional packages for the RHEL distribution. +### Kernel support + +RHEL will only support Docker via the *extras* channel or EPEL package when +running on kernels shipped by the distribution. There are things like namespace +changes which will cause issues if one decides to step outside that box and run +non-distro kernel packages. + +> **Warning**: +> Please make sure that your system is up to date by installing updates +> using `yum update` and rebooting your system. +> Keeping the system up to date is recommended to ensure your system +> receives fixes for critical security vulnerabilities and severe bugs. +> The fixes for severe bugs include fixes for potential kernel panics +> specific to kernel 2.6.32. + +## Installation + Firstly, you need to install the EPEL repository. Please follow the [EPEL installation instructions](https://fedoraproject.org/wiki/EPEL#How_can_I_use_these_extra_packages.3F). diff --git a/docs/sources/installation/ubuntulinux.md b/docs/sources/installation/ubuntulinux.md index a8d807de4c..b61a4c5828 100644 --- a/docs/sources/installation/ubuntulinux.md +++ b/docs/sources/installation/ubuntulinux.md @@ -91,15 +91,23 @@ This installation path should work at all times. ### Dependencies -**Linux kernel 3.8** +**Linux kernel 3.13** -Due to a bug in LXC, Docker works best on the 3.8 kernel. Precise comes -with a 3.2 kernel, so we need to upgrade it. The kernel you'll install -when following these steps comes with AUFS built in. We also include the -generic headers to enable packages that depend on them, like ZFS and the -VirtualBox guest additions. If you didn't install the headers for your -"precise" kernel, then you can skip these headers for the "raring" -kernel. But it is safer to include them if you're not sure. +Kernel 3.13 is currently the recommended kernel version for Ubuntu Precise. +Some Ubuntu Precise installs have an older kernel installed, so it must +be upgraded. The kernel you'll install when following these steps has AUFS +built in. +We also include the generic headers to enable packages that depend on them, +like ZFS and the VirtualBox guest additions. If you didn't install the +headers for your "precise" kernel, then you can skip these headers for the +"trusty" kernel. It is safer to include the headers if you're not sure. + +> **Warning**: +> Kernels 3.8 and 3.11 are no longer supported by Canonical. Systems +> running these kernels need to be updated using the instructions below. +> Running Docker on these unsupported systems isn't supported either. +> These old kernels are no longer patched for security vulnerabilities +> and severe bugs which lead to data loss. Please read the installation instructions for backported kernels at Ubuntu.org to understand why you also need to install the Xorg packages @@ -109,10 +117,10 @@ each version. # install the backported kernel $ sudo apt-get update - $ sudo apt-get install linux-image-generic-lts-raring linux-headers-generic-lts-raring + $ sudo apt-get install linux-image-generic-lts-trusty linux-headers-generic-lts-trusty # install the backported kernel and xorg if using Unity/Xorg - $ sudo apt-get install --install-recommends linux-generic-lts-raring xserver-xorg-lts-raring libgl1-mesa-glx-lts-raring + $ sudo apt-get install --install-recommends linux-generic-lts-trusty xserver-xorg-lts-trusty libgl1-mesa-glx-lts-trusty # reboot $ sudo reboot