Docker Community Forums

Share and learn in the Docker community.

Docker.sock mount permission

I would like to run a docker container from container as “docker out of docker” (sibling) strategy. So, I am trying to mount /var/run/docker.sock volume to my container.

docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock docker sh

However, when I mount the container and check docker.sock permissions

# ls -l /var/run/docker.sock
srw-rw---- 1 nobody nobody 0 Nov 2 2019 /var/run/docker.sock

on docker.sock, it shows ownership as nobody nogroup causing permission denied when I try to run any docker container.

I tried --privileged, chown on entrypoint, creating group name as docker and set its gid matching the host, mounting with double / as //var/run/docker.sock but neither of them works.

The last and important thing, I do not have sudo access on the host machine. However, my user is in docker group and I can run docker run without any problem.

Ps. I tried this issue on 3 servers (non-sudo user) - 1 local machine (sudo user). On local, it’s working fine and I see docker group permissions are attached after mounting the docker.sock; but on servers, it’s nobody as I have written above.

Is “userns” enabled in sour daemon config? Run docker info to check it. The output is something like this:

 Security Options:
  apparmor
  seccomp
   Profile: default
  userns

On local,

Security Options:
   apparmor
   seccomp
    Profile: default

On servers:

 Security Options:
  seccomp
   Profile: default
  rootless

Both have “userns” disabled, so I don’t think that’s the problem. If it helps, I have just tried docker run with --userns=host , but that didn’t work either.

“rootless” mode has a similar effect. When you have rootless containers the socket is also different. docker info should show you the currently used socket.

2 Likes

I have been trying to solve this for one week, cannot say how grateful I am.

I found docker.sock file inside /var/user/$UID , then voila!

docker run --rm -it -v /run/user/"$(id -u)"/docker.sock:/var/run/docker.sock docker sh

Again, thank you so much!