Bind mount docker socket in Dockerfile

Is it possible to bind mount the docker socket in a buildkit docker build? My build context does not include /var/run. I tried something like this, but docker daemon returns an error back.

RUN --mount=type=bind,target=/var/run/docker.sock,source=/var/run/docker.sock docker ps

I’m using buildkit, docker version 26.1.0.

Please do not share the error with us, it could indicate what the issue is.

Why do you think you could use RUN starting with an option --mount instead of a command?

The mount option is valid for the RUN instruction:

https://docs.docker.com/reference/dockerfile/#run—mount

What I don’t know is why the docker socket would be needed during building an image.

Of course, as @bluepuma77 piointed out, you don’t help us to help you if you don’t share the error messages.

2 Likes

I have a docker ce-cli inside the image, so mounting the docker socket would allow me to run the docker cli connecting to the docker daemon on the host machine.

Here is the error message

 => ERROR [docker_test 1/4] RUN --mount=type=bind,target=/var/run/docker.sock,source=/var/run/docker.sock docker ps                                                                                                                      0.0s
------
 > [docker_test 1/4] RUN --mount=type=bind,target=/var/run/docker.sock,source=/var/run/docker.sock docker ps:
------
Dockerfile:83
--------------------
  81 |     FROM my_image AS docker_test
  82 |     
  83 | >>> RUN --mount=type=bind,target=/var/run/docker.sock,source=/var/run/docker.sock docker ps
--------------------
ERROR: failed to solve: failed to compute cache key: failed to calculate checksum of ref 0b02d253-5d2d-4081-95e7-8ece3c6163b9::zzyadke92f23ttyq52rleo2ej: "/var/run/docker.sock": not found

With docker run you can mount a file, so want to the the same for docker build. Not sure if issue is that the file resides outside the docker context of if issue is that only paths can be bind mounted. Bind mounting a folder inside the context during the build stage does work. I tried passing multiple build contexts (docker buildx build --build-context), but same issue.

While it’s an interesting problem, and I have found an issue raised on GitHub regarding this, it includes a possible workaround too

However, could this perhaps be an X/Y problem? What exactly are you trying to achieve? This may be possible without the need to mount the docker.sock

1 Like

I totally forgot, but yes, you can only mount files from the build context.

Tested the workaround provided in the link I sent earlier with these:

services:
  prep:
    image: alpine/socat
    container_name: test-build-prep
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    ports:
      - 2375:2375
    command: tcp-listen:2375,reuseaddr,fork unix-connect:/var/run/docker.sock

  build:
    image: deanayalon/tests:build-sock
    build: .
    container_name: test-build-sock
FROM alpine

RUN apk add docker

# RUN --mount=type=bind,target=/var/run/docker.sock,source=/var/run/docker.sock docker ps > ps
ENV DOCKER_HOST=tcp://host.docker.internal:2375 
ENV TESTCONTAINERS_HOST_OVERRIDE=host.docker.internal
RUN docker ps > ps

CMD cat ps

Mounting the docker socket allows accessing the docker daemon on the host machine. Now you can build a new docker image inside a docker without having docker daemon inside the first docker image. I think some people refer to this as Docker-out-of-Docker (dood). In a CI build environment we typically run like this

docker run -v /var/run/docker.sock:/var/run/docker.sock ...

But now I need to the the same on a docker build instead of a docker run.

Yes, I understand that, but what are you trying to achieve for which you need to mount the docker.sock during build time?

The first docker has the gcc compiler and builds. Next you want to take those artifacts from the install and construct a docker image without having the docker daemon on the toolchain docker. Something like this;

RUN ninja install/strip
RUN --mount=type=bind,target=/var/run/docker.sock,source=/var/run/docker.sock docker build...

This is probably solvable by a multi-stage build as well, but I really like to have ability to mount the docker socket during builds in the same way as docker run.

I figured it’d be something that a multi-stage build may solve, and so, if possible, you probably should use that

As for accessing the socket for whatever other purposes, see the workaround I posted, worked for me on a Mac using Docker Desktop, seems to work for the original creator on a Windows machine, I do not know how well this will operate with a pure Docker Engine on Linux, but I’ll test it soon

So you want to run docker build while another docker build is already running. This is really not how yo should use Docker.

We are talking about two different things. docker build is to build an image which process should not depend on your host machine (OK, it will as you are using the cpu and memory of the host). Running a container can depend on the host machine. You could run a container that manages something on the host, but I would never allow my docker build acces to my docker socket as it means it has full root access to my host and if anything goes wrong, it could affect not just the build you are working on, but everything else.