I installed docker.io on an Ubuntu 18.04 machine running kernel linux-image-5.0.0-29-generic and compared the output of the script /usr/share/docker.io/contrib/check-config.sh with the Debian machine running kernel linux-image-5.2.0-3-amd64. The output on the left is the Debian machine where docker will not run and the one on the right is the Ubuntu one:
info: reading kernel config from /boot/config-5.2.0-3-amd | info: reading kernel config from /boot/config-5.0.0-29-ge - cgroup hierarchy: nonexistent?? | - cgroup hierarchy: properly mounted [/sys/fs/cgr (see https://github.com/tianon/cgroupfs-mount) < - CONFIG_NF_NAT_IPV4: missing | - CONFIG_NF_NAT_IPV4: enabled (as module) - CONFIG_NF_NAT_NEEDED: missing | - CONFIG_NF_NAT_NEEDED: enabled (cgroup swap accounting is currently not enabled, y | (cgroup swap accounting is currently enabled) - CONFIG_LEGACY_VSYSCALL_NONE: enabled | - CONFIG_LEGACY_VSYSCALL_EMULATE: enabled (containers using eglibc <= 2.13 will not work. Swi < "CONFIG_VSYSCALL_[NATIVE|EMULATE]" or use "vsyscal < on kernel command line. Note that this will disabl < VDSO which may assist in exploiting security vulne < - CONFIG_CGROUP_HUGETLB: missing | - CONFIG_CGROUP_HUGETLB: enabled - CONFIG_EXT4_FS: enabled (as module) | - CONFIG_EXT4_FS: enabled - CONFIG_CRYPTO_AEAD: enabled (as module) | - CONFIG_CRYPTO_AEAD: enabled - CONFIG_CRYPTO_GCM: enabled (as module) | - CONFIG_CRYPTO_GCM: enabled - CONFIG_CRYPTO_SEQIV: enabled (as module) | - CONFIG_CRYPTO_SEQIV: enabled - CONFIG_CRYPTO_GHASH: enabled (as module) | - CONFIG_CRYPTO_GHASH: enabled - CONFIG_INET_XFRM_MODE_TRANSPORT: missing | - CONFIG_INET_XFRM_MODE_TRANSPORT: enabled (a - CONFIG_AUFS_FS: missing | - CONFIG_AUFS_FS: enabled (as module) (note that some kernels include AUFS patches but < - CONFIG_BLK_DEV_DM: enabled (as module) | - CONFIG_BLK_DEV_DM: enabled Basically you can see that on the Debian system where docker fails to run the following are reported as missing: cgroup hierarchy CONFIG_NF_NAT_IPV4 CONFIG_NF_NAT_NEEDED CONFIG_LEGACY_VSYSCALL_NONE CONFIG_CGROUP_HUGETLB CONFIG_AUFS_FS I was also researching on forums and found that running /usr/sbin/dockerd by itself is useful for debugging output. Here is what it reports on the Debian machine: Error starting daemon: Devices cgroup isn't mounted
0xCEC1B8C7E51FC983.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
