Skip to content

update WSL Linux kernel version requirement #24525

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
karman-docker wants to merge 1 commit into
base: main
Choose a base branch
from
+4 −1
Open

update WSL Linux kernel version requirement #24525

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion content/manuals/desktop/features/wsl/best-practices.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ This page covers recommendations when running Docker Desktop on Windows using WS

Always use the latest version of WSL.

At a minimum you must use WSL version 2.1.5, otherwise Docker Desktop may not work as expected. Testing, development, and documentation is based on the newest kernel versions. Older versions of WSL can cause:
At a minimum you must use WSL version 2.1.5, otherwise Docker Desktop may not work as expected. Additionally, if you intend to use Enhanced Container Isolation feature, the Linux kernel used by WSL must be version 6.3.0 or newer. Testing, development, and documentation is based on the newest kernel versions. Older versions of WSL can cause:
Copy link
Contributor

@ctalledo ctalledo Mar 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Per the GitHub WSL releases page, users will need WSL 2.6+:

WSL version Bundled kernel (at release) Notes
2.7.0 (2025) 6.6.114.1 Rebased to Linux 6.6 LTS
2.6.x (2025) ~6.6.36.x Early rollout of 6.6 LTS kernel series
2.5.x (2024) ~5.15.x Still on 5.15 LTS before 6.6 transition

Therefore I suggest rewording to: "Additionally, if you intend to use Enhanced Container Isolation feature, use WSL 2.6+, as the Linux kernel used by WSL must be version 6.3.0 or newer."

Copy link
Contributor

@ctalledo ctalledo Mar 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same for the other changes below.

- Docker Desktop to hang periodically or when upgrading
- Deployment via SCCM to fail
- The `vmmem.exe` to consume all memory
Expand Down
1 change: 1 addition & 0 deletions content/manuals/desktop/setup/install/windows-install.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@
{{< tab name="WSL 2 backend, x86_64" >}}

- WSL version 2.1.5 or later. To check your version, see [WSL: Verification and setup](#wsl-verification-and-setup)
- The Linux kernel used by WSL must be version 6.3.0 or newer to support the Enhanced Container Isolation feature. If your current kernel is below 6.3.0, running `wsl --update` will upgrade both WSL and the Linux kernel to the latest available versions.

Check warning on line 51 in content/manuals/desktop/setup/install/windows-install.md

View workflow job for this annotation

GitHub Actions / validate (vale) 

[vale] reported by reviewdog 🐶
[Docker.RecommendedWords] Consider using 'following' instead of 'below'

Raw Output:
{"message": "[Docker.RecommendedWords] Consider using 'following' instead of 'below'", "location": {"path": "content/manuals/desktop/setup/install/windows-install.md", "range": {"start": {"line": 51, "column": 142}}}, "severity": "INFO"}
- Windows 10 64-bit: Enterprise, Pro, or Education version 22H2 (build 19045).
- Windows 11 64-bit: Enterprise, Pro, or Education version 23H2 (build 22631) or higher.
- Turn on the WSL 2 feature on Windows. For detailed instructions, refer to the
Expand Down
2 changes: 2 additions & 0 deletions ...als/enterprise/security/hardened-desktop/enhanced-container-isolation/_index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@ Enhanced Container Isolation (ECI) prevents malicious containers from compromisi
- ECI strengthens container isolation and locks in security configurations created by administrators, such as [Registry Access Management policies](/manuals/enterprise/security/hardened-desktop/registry-access-management.md) and [Settings Management](../settings-management/_index.md) controls.
- ECI works alongside other Docker security features like reduced Linux capabilities, seccomp, and AppArmor.

If you are using WSL2 backend, ECI requires the Linux kernel used by WSL must be version 6.3.0 or newer.

## Who should use Enhanced Container Isolation?

ECI is designed for:
Expand Down