How to Install Docker on Fedora Linux

Fedora ships Podman as its default container tool, but many CI/CD pipelines, development workflows, and third-party integrations still expect the Docker daemon. To install Docker on Fedora, you can pull Docker CE straight from Docker’s official repository or use the Moby Engine packages that Fedora maintains in its default repos.

Both paths give you a working container runtime with Docker Compose, non-root user access, and full systemd service management, covering installation, firewall rules, essential commands, troubleshooting, and clean removal.

Docker Installation Methods for Fedora

Fedora offers two paths to running Docker containers, each with distinct trade-offs.

Method	Channel	Version	Updates	Best For
Docker CE (Official)	Docker Repository	Latest stable	Automatic via DNF	Users needing latest Docker features and official support
Moby Engine (Fedora)	Fedora Repos	Distribution default	Automatic via DNF	Users preferring Fedora-maintained packages with simpler setup

Docker CE is the recommended choice for most users because it ships the latest features, security patches directly from Docker, and bundles all official plugins. The Moby Engine is a solid alternative if you prefer Fedora-maintained packages and want a simpler setup without external repositories.

Docker Desktop is also available for Fedora as an experimental platform, bundling a VM-based engine with a GUI dashboard and Kubernetes. For CLI-focused or server deployments, Docker CE or Moby Engine is the lighter choice.

Install Docker CE on Fedora (Official Repository)

This method installs Docker Community Edition directly from Docker’s official repository, providing the latest stable release with all official plugins including Docker Compose and Docker Buildx.

Remove Previous Docker Installations

Remove any older Docker versions first to prevent package conflicts:

sudo dnf remove docker \
                  docker-client \
                  docker-client-latest \
                  docker-common \
                  docker-latest \
                  docker-latest-logrotate \
                  docker-logrotate \
                  docker-selinux \
                  docker-engine-selinux \
                  docker-engine

If none of these packages are installed, DNF reports that there is nothing to remove. The contents of /var/lib/docker/ (images, containers, volumes, and networks) remain intact during this removal.

Update Fedora System Packages

Refresh the package cache and apply any pending system updates:

sudo dnf upgrade --refresh

Commands in this walkthrough use sudo for operations that need root privileges. If your user is not in the sudoers file, follow the guide on how to add a user to sudoers on Fedora.

Verify Repository Management Tools

Fedora 43 includes dnf5-plugins by default, which provides the config-manager command for managing repositories. Verify the plugin is available:

dnf config-manager --help | head -5

Usage:
  dnf5 [GLOBAL OPTIONS] config-manager <COMMAND> ...

Description:
  Manage main and repositories configuration...

If the command displays usage information, you are ready to proceed. Otherwise, install the plugin with sudo dnf install dnf5-plugins.

Add Docker CE Repository

Add the official Docker CE repository to your system:

sudo dnf config-manager addrepo --from-repofile=https://download.docker.com/linux/fedora/docker-ce.repo

DNF downloads and installs the repository configuration file automatically.

Install Docker CE Packages

With the repository configured, install Docker CE along with its CLI and essential plugins:

sudo dnf install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

This installs the Docker daemon (docker-ce), the command-line client (docker-ce-cli), the container runtime (containerd.io), Docker Buildx for extended build capabilities, and Docker Compose for multi-container applications.

Verify Docker CE Installation

Confirm the installation by checking the installed versions:

docker --version

Docker version 29.x.x, build xxxxxxx

docker compose version

Docker Compose version v5.x.x

Install Moby Engine on Fedora (Default Repositories)

The Moby Engine is the open-source project Docker CE is built upon, and Fedora maintains its own version that integrates natively with the distribution.

Install Moby Engine

Install the Moby Engine along with Docker Compose:

sudo dnf install moby-engine docker-compose

This pulls in the Docker-compatible engine, command-line tools, and Docker Compose for orchestrating multi-container applications.

Verify Moby Engine Installation

After installation, confirm the packages are working:

docker --version

Docker version 29.x.x, build x.fc43

docker-compose --version

Docker Compose version 5.x.x

Fedora’s Moby Engine installs a docker-compose-switch package that makes both docker compose (subcommand) and docker-compose (standalone) work interchangeably. Docker CE only supports the docker compose subcommand.

Start and Enable the Docker Service on Fedora

Regardless of which installation method you chose, the Docker service does not start automatically after installation.

Enable Docker on Boot

Start Docker and configure it to launch on boot:

sudo systemctl enable docker --now

The --now flag combines the enable and start operations into a single command.

Verify Service Status

Confirm Docker is running:

sudo systemctl status docker

● docker.service - Docker Application Container Engine
     Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; preset: disabled)
    Drop-In: /usr/lib/systemd/service.d
             └─10-timeout-abort.conf
     Active: active (running) since Tue 2026-03-03 09:14:36 UTC; 5s ago
...

The output should show Active: active (running).

Test Docker Installation

Run the official hello-world container to verify Docker can pull images and run containers:

sudo docker run hello-world

Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
17eec7bbc9d7: Pull complete
Digest: sha256:ef54e839ef541993b4e87f25e752f7cf4238fa55f017957c2eb44077083d7a6a
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.
...

The “Hello from Docker!” message confirms everything is working.

Manage the Docker Service on Fedora

Docker runs as a systemd service. Use these commands to control the daemon:

Action	Command
Start Docker	sudo systemctl start docker
Stop Docker	sudo systemctl stop docker
Restart Docker	sudo systemctl restart docker
Enable on boot	sudo systemctl enable docker
Disable on boot	sudo systemctl disable docker
Check status	sudo systemctl status docker

Configure Docker for Non-Root Users on Fedora

By default, Docker commands require root privileges. Adding your user to the docker group lets you run containers without typing sudo every time.

Adding a user to the docker group grants them root-equivalent permissions for container operations. Only add trusted users to this group.

Add Your User to the Docker Group

Add your current user to the docker group:

sudo usermod -aG docker $USER

Log out and log back in to apply the group membership change. In some cases, a system reboot may be necessary.

Verify Non-Root Access

After logging back in, confirm Docker commands work without sudo:

docker ps

CONTAINER ID   IMAGE   COMMAND   CREATED   STATUS   PORTS   NAMES

An empty container list (no permission errors) confirms non-root access is working.

Configure Docker Logging on Fedora

Docker CE defaults to the JSON file logging driver, while Fedora’s Moby Engine defaults to the journald driver for systemd integration. You can override the driver in the daemon configuration file.

Create Daemon Configuration

Docker’s daemon settings live in /etc/docker/daemon.json. The file does not exist by default, so create it:

sudo nano /etc/docker/daemon.json

Add the following configuration to send logs to a remote syslog server:

{
  "log-driver": "syslog",
  "log-opts": {
    "syslog-address": "tcp://logs.example.com:514",
    "syslog-facility": "daemon",
    "tag": "{{.Name}}"
  }
}

Replace logs.example.com with the address of your actual syslog server. The tag option uses the container name for log identification.

Apply Configuration Changes

After modifying the daemon configuration, restart Docker:

sudo systemctl restart docker

Verify the logging driver is active:

docker info --format '{{.LoggingDriver}}'

syslog

Any subsequent changes to daemon.json require another restart to take effect.

Configure Firewall for Docker on Fedora

Fedora uses firewalld as its default firewall. When exposing container ports to external networks, you may need to add firewall rules for incoming connections.

Allow Specific Ports

To allow external access to a container port (for example, port 8080 for a web application):

sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --reload

The --permanent flag ensures the rule persists across reboots, and --reload applies it immediately.

Verify Firewall Rules

List the currently active firewall rules to confirm your configuration:

sudo firewall-cmd --list-all

public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp1s0
  sources:
  services: dhcpv6-client ssh
  ports: 8080/tcp
  ...

The output shows port 8080/tcp is now open. For more details, see the guide on installing and configuring firewalld on Fedora.

Essential Docker Commands on Fedora

These are the commands you will use most often when working with Docker containers, images, networks, and volumes:

Command	Description
docker run	Create and start a container from an image
docker ps	List running containers
docker ps -a	List all containers including stopped ones
docker images	List downloaded images
docker build	Build an image from a Dockerfile
docker stop	Stop a running container
docker rm	Remove a stopped container
docker rmi	Remove an image
docker network	Manage Docker networks
docker volume	Manage Docker volumes

Run Interactive Containers

To start a container and access its shell interactively:

docker run -it ubuntu:latest /bin/bash

This downloads the Ubuntu image (if not already present), starts a container, and opens an interactive bash shell. The -i flag keeps stdin open while -t allocates a pseudo-TTY.

Run Containers in Background

For long-running services, run containers in detached mode with the -d flag:

docker run -d --name webserver -p 8080:80 nginx

This runs an Nginx web server in the background, maps host port 8080 to container port 80, and assigns the name “webserver” for easy reference.

Manage Containers

Stop a running container by name or ID:

docker stop webserver

Remove a stopped container:

docker rm webserver

View logs from a container:

docker logs webserver

Build Custom Images

Build a Docker image from a Dockerfile in the current directory:

docker build -t myapp:latest .

Here, the -t flag tags the image with a name and version, and . specifies the build context directory containing the Dockerfile.

Commit Container Changes

If you modify a running container and want to save those changes as a new image:

docker run -it --name mycontainer ubuntu:latest /bin/bash

Make your changes inside the container, then exit and commit:

docker commit mycontainer myimage:latest

The new image “myimage” now contains all modifications made in the container.

Troubleshoot Docker on Fedora

Permission Denied When Running Docker Commands

If you encounter permission errors when running Docker commands without sudo:

permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.47/containers/json": dial unix /var/run/docker.sock: connect: permission denied

This means your user is not in the docker group or group changes have not been applied. Verify your current group membership:

groups

username wheel

If “docker” is not listed, add your user to the docker group:

sudo usermod -aG docker $USER

Log out and log back in to apply the change. After logging back in, verify:

groups

username wheel docker

Test Docker access without sudo:

docker ps

CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES

Docker Service Failed to Start

If Docker fails to start after installation or configuration changes:

sudo systemctl status docker

● docker.service - Docker Application Container Engine
     Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; preset: disabled)
     Active: failed (Result: exit-code) since Tue 2026-03-03 10:15:33 EST; 5s ago
...

Check the service logs for detailed error messages:

sudo journalctl -xeu docker --no-pager | tail -20

Mar  3 10:15:33 fedora dockerd[12345]: failed to start daemon: error reading config file: /etc/docker/daemon.json: invalid character '}' looking for beginning of object key string

The most common cause is syntax errors in /etc/docker/daemon.json. Validate the JSON configuration:

sudo python3 -m json.tool /etc/docker/daemon.json

Expecting property name enclosed in double quotes: line 5 column 3 (char 89)

Fix the syntax error in the file (common issues include trailing commas, missing quotes, or invalid escape sequences), then restart Docker:

sudo systemctl restart docker

Verify Docker started successfully:

sudo systemctl status docker

● docker.service - Docker Application Container Engine
     Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; preset: disabled)
     Active: active (running) since Tue 2026-03-03 10:20:15 EST; 3s ago
...

SELinux Blocking Container Access to Host Directories

Fedora runs SELinux in enforcing mode by default. If containers cannot access bind-mounted host directories, you will see permission errors inside the container:

ls: cannot open directory '/data': Permission denied

Check for SELinux denials in the audit log:

sudo ausearch -m avc -ts recent

----
time->Tue Mar  3 10:25:30 2026
type=AVC msg=audit(1702394730.123:456): avc:  denied  { read } for  pid=12345 comm="nginx" name="index.html" dev="dm-0" ino=67890 scontext=system_u:system_r:container_t:s0:c123,c456 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=0

The denial shows SELinux blocked container access to files with an incorrect context. For bind mounts, append the :Z option to let Docker set the correct SELinux context automatically. For a deeper look at SELinux modes and policies, see the guide on managing SELinux on Fedora.

docker run -v /home/user/data:/data:Z nginx

The :Z flag relabels the content so only the specific container can access it. For shared volumes accessed by multiple containers, use :z (lowercase) instead:

docker run -v /shared/data:/data:z nginx

Verify the container can now access the mounted directory:

docker exec container_name ls -la /data

total 12
drwxr-xr-x. 2 root root 4096 Mar  3 10:30 .
drwxr-xr-x. 1 root root 4096 Mar  3 10:30 ..
-rw-r--r--. 1 root root  123 Mar  3 10:30 index.html

Podman Socket Conflicts

Fedora ships Podman by default. If you have both Podman and Docker installed, socket conflicts can occur:

Error starting daemon: error while opening volume store metadata database: timeout

Check if Podman’s socket is active:

sudo systemctl status podman.socket

● podman.socket - Podman API Socket
     Loaded: loaded (/usr/lib/systemd/system/podman.socket; enabled; preset: disabled)
     Active: active (listening) since Tue 2026-03-03 09:00:00 EST; 2h ago
...

If you plan to use Docker exclusively, disable and stop the Podman socket:

sudo systemctl disable --now podman.socket
sudo systemctl disable --now podman.service

Restart Docker to claim the socket:

sudo systemctl restart docker

Verify Docker is running without conflicts:

docker info | grep -i "server version"

 Server Version: 29.x.x

GPG Key Not Found Errors

Occasionally, when installing Docker CE from the official repository, you may encounter GPG key verification failures:

Error: GPG check FAILED
Public key for docker-ce-29.x.x-1.fc43.x86_64.rpm is not installed

This error indicates the Docker repository GPG key was not imported during setup. Import it manually:

sudo rpm --import https://download.docker.com/linux/fedora/gpg

Verify the key was imported:

rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n' | grep -i docker

gpg-pubkey-xxxxxxxx-xxxxxxxx	gpg(Docker Release (CE rpm) <docker@docker.com>)

Retry the Docker installation:

sudo dnf install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Docker CE from the official repository includes proper GPG signatures and installs without issues on Fedora 43 in most cases. This troubleshooting step is only needed if the automatic key import failed during repository setup.

Remove Docker from Fedora

To uninstall Docker, follow the removal steps for your installation method.

Remove Docker CE

Stop the Docker service and remove the packages:

sudo systemctl stop docker
sudo dnf remove docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Remove the Docker repository file:

sudo rm /etc/yum.repos.d/docker-ce.repo

Remove Moby Engine

For the Moby Engine installation, stop the service and remove packages:

sudo systemctl stop docker
sudo dnf remove moby-engine docker-compose

Remove Docker Data

The following commands permanently delete all Docker images, containers, volumes, and custom configurations. Back up any important data before proceeding.

Remove all Docker data directories:

sudo rm -rf /var/lib/docker
sudo rm -rf /var/lib/containerd
sudo rm -rf /etc/docker

FAQ: Docker on Fedora

Conclusion

Your Fedora system can now build images, spin up containers, and manage them through Compose without needing sudo for every command. If you version-control your Dockerfiles, install Git on Fedora next. For managing containers on remote hosts, enable SSH on Fedora so you can reach the Docker daemon over the network.