How to Install Docker Rootless on SLES 15/16 (2026 Guide)
Quick one-liner: Install Docker in rootless mode on SUSE Linux Enterprise Server (SLES) 15 or 16 using openSUSE repositories — no root privileges required for daily container operations.
Why This Matters
When I first started with Docker, I ran everything as root. It was easy, it worked, and I didn't think twice about it. Then I learned that a container escape vulnerability could give an attacker full root access to my entire system. That's when I switched to rootless Docker — and you should too.
Rootless Docker runs the Docker daemon entirely under your regular user account. No sudo required. No root privileges for container operations. If a container gets compromised, the attacker is stuck with your user's permissions — not root.
Why SLES? This guide was written based on community votes — many of you asked for SUSE-specific instructions. Here's the thing: Docker CE doesn't publish official packages for SLES. Instead, we use the openSUSE Virtualization:containers and security:netfilter repositories, which provide docker-stable and docker-stable-rootless-extras packages that work perfectly on SLES.
This guide walks you through the entire process step by step for SUSE Linux Enterprise Server (SLES) 15 and 16.
Prerequisites
- Operating System: SUSE Linux Enterprise Server (SLES) 15 or 16
-
Disk Space: At least 20 GB free in your home directory (check with
df -h ~) - Time: 15-20 minutes
- Access: Sudo privileges for initial installation only
- Repositories: Access to openSUSE repositories (default on most SLES installations)
Step 1: Remove Old Docker Packages
Before installing Docker from the openSUSE repositories, remove any conflicting packages from your distribution's default repos.
For SLES:
sudo zypper remove docker docker-client docker-client-latest \
docker-common docker-latest docker-latest-logrotate \
docker-logrotate docker-engine podman runc
This ensures a clean starting point and prevents package conflicts.
Step 2: Add openSUSE Repositories
Docker CE doesn't publish official packages for SLES. Instead, we use the openSUSE repositories which maintain up-to-date Docker packages for SLES.
Add the Virtualization:containers repository:
sudo zypper addrepo \
https://download.opensuse.org/repositories/\
Virtualization:/containers/16.0/\
Virtualization:containers.repo
For SLES 15.x, use this instead:
sudo zypper addrepo \
https://download.opensuse.org/repositories/\
Virtualization:/containers/15.7/\
Virtualization:containers.repo
Add the security:netfilter repository (required for rootless extras):
sudo zypper addrepo \
https://download.opensuse.org/repositories/\
security:netfilter/16.0/\
security:netfilter.repo
For SLES 15.x, use this instead:
sudo zypper addrepo \
https://download.opensuse.org/repositories/\
security:netfilter/15.7/\
security:netfilter.repo
Refresh the repositories:
sudo zypper refresh
Browse available versions: If you're using a different SLES version, browse the available releases at:
- https://download.opensuse.org/repositories/Virtualization:/containers/
- https://download.opensuse.org/repositories/security:netfilter/
Step 3: Install Docker Rootless
Install the docker-stable-rootless-extras package. This pulls in docker-stable and all other required dependencies automatically.
sudo zypper install -y docker-stable-rootless-extras
What gets installed:
-
docker-stable— The Docker daemon and CLI -
docker-stable-rootless-extras— Rootless mode support files - All required dependencies (containerd, runc, etc.)
Note: Unlike Docker CE packages, the openSUSE docker-stable package does not include the Docker Compose plugin. We'll install that separately in the next step.
Step 4: Install Docker Compose (Optional but Recommended)
The docker-stable package doesn't include Docker Compose. Install it separately and register it as a CLI plugin to use the modern docker compose command (v2 syntax).
Install docker-compose:
sudo zypper install -y docker-compose
Register as a Docker CLI plugin:
mkdir -p ~/.docker/cli-plugins
ln -sf /usr/bin/docker-compose ~/.docker/cli-plugins/docker-compose
Verify the plugin works:
docker compose version
You should see the Docker Compose version (e.g., Docker Compose version v2.x.x).
Why this matters: The symlink makes docker compose (without hyphen) available as a Docker CLI plugin. This is the modern v2 syntax used throughout this guide and in Docker Compose files.
Step 5: Set Up Rootless Docker
Here's where rootless mode actually gets enabled. From this point on, no sudo is required.
First, disable the system-wide Docker daemon:
sudo systemctl disable --now docker.service docker.socket
Now run the rootless setup script as your regular user:
dockerd-rootless-setuptool.sh install
You should see output ending with:
[INFO] Installed docker.service successfully.
[INFO] To control docker.service, run: `systemctl --user (start|stop|restart) docker.service`
[INFO] To run docker.service on system startup, run: `sudo loginctl enable-linger [username]`
Enable your user's Docker service to start automatically on boot:
systemctl --user enable --now docker
Enable lingering so your user services start at boot even without a login session:
sudo loginctl enable-linger [username]
Replace [username] with your actual username.
Verification
Here's how to confirm everything worked:
Switch to rootless context:
docker context use rootless
Test with a real container (jq demo):
Instead of the usual hello-world, let's verify with something useful. I've got a JSON file — sample.json. Normally you'd need to install jq to parse it. But with Docker, the tool comes with the container:
cat sample.json | docker run --rm -i stedolan/jq '.'
First time, you'll see:
Unable to find image 'stedolan/jq:latest' locally
Downloaded newer image for stedolan/jq:latest
Then the output — beautifully formatted JSON:
{
"name": "David",
"company": "Transcend Solutions",
"role": "DevOps Engineer",
"skills": ["Docker", "Kubernetes", "Linux"],
"location": "Singapore",
"experience_years": 15
}
No installation. No sudo. Same command on any system with Docker.
Confirm rootless mode:
docker info 2>&1 | grep "rootless"
Expected output:
rootless
Check your context:
docker context show
Expected output:
rootless
Verify data directory:
docker info 2>&1 | grep "Docker Root Dir"
Rootless Docker stores everything under your home directory:
Docker Root Dir: /home/youruser/.local/share/docker
(Instead of /var/lib/docker for system Docker)
List running containers:
docker ps
This shows an empty table (no containers running yet):
CONTAINER IMAGE COMMAND CREATED STATUS PORTS NAMES
Verify Docker starts at boot:
systemctl --user status docker
You should see "active (running)" and "enabled".
Rootless Limitations to Know
Running Docker in rootless mode has a few trade-offs:
| Limitation | Impact | Workaround |
|---|---|---|
| No ports below 1024 | Can't bind to ports 80, 443 directly | Use a rootful reverse proxy |
| Storage in home directory | Images/volumes use ~/.local/share/docker
|
Ensure adequate home directory space |
No ping from containers |
ICMP requires root privileges | Use curl or wget for connectivity tests |
These are minor trade-offs for the significant security benefit of never running the Docker daemon as root.
What's Next
Now that you have a secure rootless Docker environment on SLES, you're ready to:
- Pull and run your first containers
- Learn about Docker volumes for persistent data
- Set up multi-container applications with Docker Compose
Prefer a different distro? I also wrote the same guide using Ubuntu last week.
For more deep dives on Docker, check out "Levelling Up with Docker" — 14 chapters of practical guides covering volumes, networking, Compose, production deployments, and more.
Found this helpful? Share it with someone who's learning Docker!
SEO Metadata:
- Title: How to Install Docker Rootless on SLES 15/16 (2026 Guide)
- Meta Description: Install Docker in rootless mode on SUSE Linux Enterprise Server (SLES) 15 or 16 using openSUSE repositories. No sudo required. Complete step-by-step guide.
- Target Keywords: docker rootless sles, docker-stable-rootless-extras, install docker suse linux enterprise, opensuse docker repository sles, docker rootless sles 15, docker rootless sles 16
- Word Count: ~1,200
Top comments (0)
Some comments may only be visible to logged-in visitors. Sign in to view all comments.