Permission denied to Docker daemon socket at unix:///var/run/docker.sock

前端 未结 5 622
感情败类
感情败类 2021-01-31 23:04

I have this Dockerfile:

FROM chekote/gulp:latest 

USER root
RUN apt-get update \\
      && apt-get upgrade -y \\
      && apt-get i         


        
相关标签:
5条回答
  • 2021-01-31 23:39

    The error has nothing to do with docker pull or docker image subcommand, but rather that you need to call the docker command as either a user with write access to the docker socket (for example, by being root, using sudo, or by being in the docker group).

    0 讨论(0)
  • 2021-01-31 23:45

    open terminal and type this command

    sudo chmod 666 /var/run/docker.sock
    

    let me know the results...

    0 讨论(0)
  • 2021-01-31 23:49

    A quick way to avoid that. Add your user to the group.

    sudo gpasswd -a $USER docker
    

    Then set the proper permissions.

    sudo setfacl -m user:<your username>:rw /var/run/docker.sock
    

    Should be good from there.

    0 讨论(0)
  • 2021-01-31 23:57

    You need the --privileged flag with your docker run command.

    By the way , you can just use the docker in docker , image from docker for this kind of use case.

    https://asciinema.org/a/24707

    https://hub.docker.com/_/docker/

    0 讨论(0)
  • 2021-01-31 23:59

    The permission matching happens only on numeric user ID and group ID. If the socket file is mode 0660 and owned by user ID 0 and group ID 32, and you're calling it as a user with user ID 1000 and group IDs 1000 and 16, it doesn't matter if one /etc/group file names gid 32 as docker and the other one names gid 16 the same; the numeric gids are different and you can't access the file. Also, since the actual numeric gid of the Docker group will vary across systems, this isn't something you can bake into the Dockerfile.

    Many Docker images just run as root; if they do, they can access a bind-mounted Docker socket file regardless of its permissions.

    If you run as a non-root user, you can use the docker run --group-add option to add a (numeric) gid to the effective user; it doesn't specifically need to be mentioned in the /etc/groups file. On a Linux host you might run:

    docker run --group-add $(getent group docker | cut -d: -f3) ...
    

    You wouldn't usually install sudo in a Dockerfile (it doesn't work well for non-interactive programs, you usually don't do a whole lot in interactive shells because of the ephemeral nature of containers, and you can always docker exec -u 0 to get a root shell) though installing some non-root user is often considered a best practice. You could reduce the Dockerfile to

    FROM node:8
    RUN apt-get update
    # Trying to use the host's `docker` binary may not work well
    RUN apt-get install -y docker.io
    # Install the single node tool you need
    RUN npm install -g gulp
    # Get your non-root user
    RUN adduser myusername
    # Normal Dockerfile bits
    WORKDIR ...
    COPY ...
    RUN gulp
    USER myusername
    CMD ["npm", "run", "start"]
    

    (That Docker base image has a couple of things that don't really match Docker best practices, and doesn't seem to be updated routinely; I'd just use the standard node image as a base and add the one build tool you need on top of it.)

    0 讨论(0)
提交回复
热议问题