How to Install Docker Engine on RHEL 7

Docker Engine is the industry-standard container runtime that allows you to build, ship, and run applications inside isolated containers. On Red Hat Enterprise Linux 7, installing Docker CE (Community Edition) requires a few extra steps compared to other distributions because RHEL 7 ships with its own container toolchain. This tutorial walks you through adding the official Docker CE repository, installing the necessary packages, configuring the daemon, integrating Docker with SELinux, and verifying that your installation is fully functional.

Prerequisites

  • A running RHEL 7 system (7.4 or later recommended) with root or sudo access
  • Active internet connectivity or access to a local mirror
  • A valid Red Hat subscription (for base system packages) or a CentOS 7 equivalent environment
  • At least 2 GB of free disk space under /var/lib/docker
  • SELinux in enforcing mode is supported — do not disable it

Step 1: Remove Older or Conflicting Docker Packages

RHEL 7 may ship with older Docker packages or Podman/Buildah components that conflict with Docker CE. Remove them before proceeding to avoid dependency conflicts during installation.

sudo yum remove docker 
               docker-client 
               docker-client-latest 
               docker-common 
               docker-latest 
               docker-latest-logrotate 
               docker-logrotate 
               docker-engine 
               podman 
               runc

It is safe to run this command even if none of these packages are installed — yum will simply report that there is nothing to remove.

Step 2: Install Required Dependencies

Docker CE requires the yum-utils package to add third-party repositories, as well as the device-mapper storage driver libraries.

sudo yum install -y yum-utils 
                    device-mapper-persistent-data 
                    lvm2

The device-mapper-persistent-data and lvm2 packages are needed by the devicemapper storage driver. Even if you plan to use the overlay2 driver, installing them prevents potential dependency warnings.

Step 3: Add the Docker CE YUM Repository

Use yum-config-manager to add the official Docker CE repository. This creates the file /etc/yum.repos.d/docker-ce.repo automatically.

sudo yum-config-manager 
    --add-repo 
    https://download.docker.com/linux/centos/docker-ce.repo

Because Docker does not publish a dedicated RHEL 7 repository, the CentOS 7 repository is fully compatible and is the officially recommended approach. To verify the repository was added correctly:

sudo yum repolist | grep docker

You should see output similar to:

docker-ce-stable    Docker CE Stable - x86_64

Step 4: Install Docker CE, CLI, and containerd

Install the three core components: the Docker daemon (docker-ce), the Docker command-line client (docker-ce-cli), and the container runtime (containerd.io).

sudo yum install -y docker-ce docker-ce-cli containerd.io

To install a specific version rather than the latest, first list available versions:

yum list docker-ce --showduplicates | sort -r

Then install by version string, for example:

sudo yum install -y docker-ce-20.10.21 docker-ce-cli-20.10.21 containerd.io

Step 5: Enable and Start the Docker Service

Use systemctl to enable Docker so it starts automatically at boot, then start it immediately.

sudo systemctl enable docker
sudo systemctl start docker

Confirm the service is running correctly:

sudo systemctl status docker

Expected output will include Active: active (running). If the service fails to start, check the journal for details:

sudo journalctl -u docker --no-pager -n 50

Step 6: Add Your User to the Docker Group

By default, the Docker daemon socket is owned by root and the docker group. Adding your user to the docker group allows you to run Docker commands without sudo.

sudo usermod -aG docker $USER

You must log out and back in (or open a new shell session) for the group membership to take effect. Verify with:

groups $USER

Security note: Membership in the docker group grants effective root-equivalent access to the host system. Only add trusted users.

Step 7: Verify the Installation with hello-world

Run the Docker-provided hello-world image to confirm the daemon, networking, and image pull functionality are all working correctly.

docker run hello-world

You should see a message beginning with “Hello from Docker!”. This confirms Docker pulled the image from Docker Hub, created a container, ran it, and produced output — all successfully.

For a more detailed system summary, run:

docker info

The output reports the storage driver, logging driver, kernel version, number of containers and images, and the SELinux status.

Step 8: Configure /etc/docker/daemon.json

The Docker daemon is configured via /etc/docker/daemon.json. This file does not exist by default; you must create it. A common baseline configuration for RHEL 7 looks like this:

sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<'EOF'
{
  "storage-driver": "overlay2",
  "log-driver": "journald",
  "log-opts": {
    "tag": "{{.Name}}"
  },
  "selinux-enabled": true,
  "live-restore": true
}
EOF

Key options explained:

  • storage-driver: overlay2 is the recommended driver on RHEL 7 with kernel 3.10.0-514 or later.
  • log-driver: journald integrates container logs with the system journal, accessible via journalctl.
  • selinux-enabled: Enables SELinux label enforcement for containers (see Step 9).
  • live-restore: Keeps containers running if the Docker daemon is restarted or upgraded.

After editing daemon.json, reload the daemon configuration and restart Docker:

sudo systemctl daemon-reload
sudo systemctl restart docker

Step 9: SELinux and Docker on RHEL 7

RHEL 7 runs SELinux in enforcing mode by default, and Docker is fully compatible when configured correctly. The selinux-enabled: true option in daemon.json instructs Docker to apply SELinux labels to containers and their processes.

Verify SELinux enforcement is active:

getenforce

When bind-mounting host directories into containers, you may encounter permission denied errors from SELinux. The solution is to use the :z or :Z volume mount labels:

# :z — shared label (accessible by multiple containers)
docker run -v /mydata:/app/data:z myimage

# :Z — private label (accessible only by this container)
docker run -v /mydata:/app/data:Z myimage

You can also check SELinux denials related to Docker using:

sudo ausearch -m avc -ts recent | grep docker

If the container-selinux policy package is not installed, install it:

sudo yum install -y container-selinux

Conclusion

You have successfully installed Docker CE on RHEL 7 by adding the official Docker CE repository, installing the required packages, enabling the systemd service, and configuring the daemon for production use with SELinux integration. Your Docker environment is now ready to pull images, run containers, and serve as the foundation for more advanced workflows such as Docker Compose, container networking, and orchestration with Docker Swarm or Kubernetes. Always keep Docker updated with sudo yum update docker-ce docker-ce-cli containerd.io and monitor the Docker Engine release notes for security patches.