Permission denied error invoking Docker on Mac host from inside Docker Ubuntu container as non-root user

macos ubuntu docker jenkins docker-in-docker
mxyzplk picture mxyzplk · Jul 9, 2017 · Viewed 13.2k times · Source

I'm trying to invoke docker on my OSX host running Docker for Mac 17.06.0-ce-mac17 from inside a running jenkins docker container (jenkins:latest), per the procedure described at http://jpetazzo.github.io/2015/09/03/do-not-use-docker-in-docker-for-ci/.  

I mount /var/run/docker.sock into the container, I stick a ubuntu docker binary inside it, and it's able to execute - but from inside the container as user "jenkins" when I run e.g. "docker ps" I get

Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.30/containers/json?all=1: dial unix /var/run/docker.sock: connect: permission denied.  

If I connect to the container as root (docker exec -u 0) it works though.

I need the jenkins user to be able to run this. I tried adding a docker group and adding jenkins to it inside the ubuntu container but that didn't help, since it's got nothing to do with the outside and Docker for Mac doesn't work like running this on linux where you can do semi easy uid/gid matching. I want to distribute this container so answers that go and hack part of my Docker for Mac install won't really help me. I'd rather not run the whole jenkins setup as root if I can help it. (I also tried running the container as privileged, that didn't help.)

Per the advice in Permission Denied while trying to connect to Docker Daemon while running Jenkins pipeline in Macbook I chowned the /var/run/docker.sock file inside the container manually to jenkins and now jenkins can run docker. But I'm having trouble coming up with a solution for a distributable container - I can't do that chown in the Dockerfile because the file doesn't exist yet, and shimming in into the entrypoint doesn't help because that runs as jenkins.

What do I need to do in order to build and run an image that will run external docker containers on my Mac as a non-root user from inside the container?

Answer

Tomer picture Tomer · Jan 28, 2019

Follow this: https://forums.docker.com/t/mounting-using-var-run-docker-sock-in-a-container-not-running-as-root/34390

Basically, all you need to do is to change /var/run/docker.sock permissions inside your container and run the docker with sudo.

I've created a Dockerfile that can be used to help:

FROM jenkinsci/blueocean:latest

USER root
# change docker sock permissions after moutn
RUN if [ -e /var/run/docker.sock ]; then chown jenkins:jenkins /var/run/docker.sock; fi

Related questions

Is there a keyboard shortcut (hotkey) to open Terminal in macOS?

One of my primary tools used for programming is my Terminal. It makes my programming process more efficient when I'm able to quickly open a Terminal window. In Ubuntu, I was using (window+Alt+T) to open Terminal. But now …

Read More
What are the differences between using the terminal on a mac vs linux?

I've been using Ubuntu for the last four years. I have a basic knowledge of shell commands and I prefer working in a terminal rather than using a GUI. Recently I've started using a Mac. I've tried a few terminal …

Read More
How to close this ssh tunnel?

I opened a ssh tunnel as described in this post: Zend_Db: How to connect to a MySQL database over SSH tunnel? But now I don't know what I actually did. Does this command affect anything on the server? And …

Read More