5

I'm facing the following problem: I created a Jenkins docker container, and linked the docker socket on the host, with the container. Like this:

docker run -v /var/run/docker.sock:/var/run/docker.sock -p 8080:8080 -p 50000:50000 -d --name jenkins --restart unless-stopped jenkins

Then when I try to create some jobs on jenkins I get the usual "permission denied" message:

Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.29/images/json: dial unix /var/run/docker.sock: connect: permission denied

But that problem doesn't happen if I attach to the container and run the command using the root user.

How can I fix this?

I can't add jenkins user to docker group on the host by running sudo gpasswd -a jenkins docker (because there is no jenkins user on the host, only in the container) and I also can't run this command inside the container (because the container doesn't know about any docker group). Any tips on how to solve this?

Improve this question
1
  • 1
    try to add --privileged agrument when you run container. Command will looks like docker run -v /var/run/docker.sock:/var/run/docker.sock -p 8080:8080 -p 50000:50000 -d --name jenkins --restart unless-stopped --privileged jenkins Commented Aug 1, 2017 at 21:16

1 Answer 1

Reset to default
3

You can add the docker group inside the container. Do this in its bash:

groupadd -g <docker-group-id> docker

Find out the <docker-group-id> running this in the host:

ls -ln /var/run/docker.sock

Then add the jenkins user to the docker group:

gpasswd -a jenkins docker

Take into account any security issue that this could produce:

Warning: The docker group grants privileges equivalent to the root user. For details on how this impacts security in your system, see Docker Daemon Attack Surface.

Refer to the docs

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

I ended up improving a bit your first 2 commands into a single one. Like this: groupadd -g $(ls -ln /var/run/docker.sock | awk '{print $4}') docker. Thanks!
How can I get <docker-group-id> ?
When I run the command you shared @Vini.g.fer. It says "groupadd: GID '50' already exists", could you please help me with this? :)
Command may change a bit according to your operating system. Ran this command on Ubuntu 16.04. If you run only ls -ln /var/run/docker.sock you'll get an output like this "srw-rw---- 1 0 999 0 Ago 16 13:31 /var/run/docker.sock". The output from this command you need is the group number (999 in my case). This error message says this ID is already in use for another group. Maybe the host and container have different group IDs.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.