Docker Community Forums

Share and learn in the Docker community.

Trying to join the docker group by using "--group-add docker" results in adding group 999


I am trying to start a docker from inside of a docker container. I am currently trying to run with the following args

“–group-add docker -u 1001:1001 -v /var/run/docker.sock:/var/run/docker.sock -v /etc/passwd:/etc/passwd -v /etc/group:/etc/group”

But I am getting permission issues because the socket is owned by root and docker group. The user belongs to the docker group but when using “–group-add docker” it will for some reason add docker group as 999 which is not matching the docker group that the user 1001 belongs which is 127. I am trying to run this on multiple jenkins nodes so I cannot hardcode the --group-add to 127. I am having some issues with setting this dynamically in jenkins right now. So my question is what is the best approach from docker point of view to have this working?

I appreciate any pointers

After some more investigation when using --group-add docker it dose look like docker dose search for this group before it starts the container because if I use --group-add test then it will stop saying that the group dose not exists. When using the --group-add docker then it will look it up and for some reason say that it is 999 when the actual group is 127 on my host and then I get a permission denied for accessing the docker.sock file because it is owned by 127 since that is id for the docker group.

It appears as if the --group-add option is resulting in a hardcoded value which dose not make sense.

Ok so I understands what is going on now to be able to call a docker container from inside another I had to install docker in the docker image that use when doing that the docker group will be created so when running the container the docker group 999 exists inside the container. When using the --group-add docker it will join the user to the 999 group. The problem now is that the docker.sock is not owned by the internal docker group in the container but the external and therefore I have to make sure that when using the --group-add I can set the external docker group id to get this to work.

my case solution

sudo setfacl -m user:$USER:rw /var/run/docker.sock

#other solution
sudo usermod -aG docker $USER

#an other solution
sudo groupadd docker
sudo gpasswd -a $USER docker
docker run hello-world