Docker Community Forums

Share and learn in the Docker community.

How to access docker from inside a docker container?


#1

I am running a Jenkins build server in a docker container on my Synology NAS.

As part of some build jobs I need to call docker to create me a new docker image containing the newly built resources. I understand that there are two options to achieve this:

a. I could install (a second) docker inside the jenkins container, i.e. run docker inside a docker container.

b. I could allow the jenkins container access to the docker that hosts the jenkins container itself.

I would like to go for option b., i.e. spare me an additional docker installation inside the jenkins container (and besides: I wouldn’t even be sure if docker inside docker would work).

I googled around somewhat and found, that accessing the hosting docker from inside a container should be feasible by adding:

services:
  ...
  jenkins:
    ... 
    volumes:
      # This allows to access the host's docker, e.g. for builds:
      - /var/run/docker.sock:/var/run/docker.sock
...

to the docker-compose.yml that I use to start jenkins. Mapping the docker socket should allow a docker client inside the jenkins container to access the docker daemon on the host running that container. I also installed the docker client plugin in Jenkins.

And, indeed, the access as such seems to work, but when I try to build me my example project “hellonode” I get the following error:

docker build -t michaelmoser/hellonode .
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.29/build?buildargs=%7B%7D&cachefrom=%5B%5D&cgroupparent=&cpuperiod=0&cpuquota=0&cpusetcpus=&cpusetmems=&cpushares=0&dockerfile=Dockerfile&labels=%7B%7D&memory=0&memswap=0&networkmode=default&rm=1&shmsize=0&t=michaelmoser%2Fhellonode&target=&ulimits=null: dial unix /var/run/docker.sock: connect: permission denied

So obviously there is some permission thing that must be in place before that actually works. Any idea anyone, what I need to do to get this working?


#2

Mesanwhile I google on and found
<https://stackoverflow.com/questions/22135897/access-docker-socket-within-container>

I executed the command shown there:
docker exec -u root {name-here} /bin/chmod -v a+s (which docker)
… and that got me going!

And - yes - I also read the misc. comments re. the fact that this exposure of the docker host is not such a good idea re. security… :frowning:


(Tgeliot) #3

To reinforce what you learned about needing to put “-u root” in your command, when I am logged in as something other than root on a VM (not in a container) and want to do something significant with docker, I need to invoke “sudo docker . . .”. Seems like the same issue.