linux - Docker In Docker Jenkins on Ubuntu - Permission issue with docker.sock

I'm trying to set up a Jenkins docker image similar to the approach described in

My Dockerfile looks like this:

FROM jenkins/jenkins:lts
USER root
RUN apt-get update && apt-get -y install sudo
RUN echo "jenkins ALL=NOPASSWD: ALL" >> /etc/sudoers
RUN apt-get install -y apt-transport-https ca-certificates \ 
    curl gnupg2 software-properties-common
RUN curl -fsSL | sudo apt-key add -
RUN add-apt-repository "deb [arch=amd64] \ stretch stable"
RUN apt-get update
RUN apt-get install -y docker-ce docker-ce-cli
RUN usermod -aG docker jenkins
USER jenkins

And I'm starting the container like so:

docker run -d -v jenkins_home:/var/jenkins_home \
    -p 8080:8080 -p 50000:50000 \
    -v /var/run/docker.sock:/var/run/docker.sock customjenkins

However when I run a build (or exec into the container and do docker ps) I get the following:

Got permission denied while trying to connect to the Docker daemon socket 
at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.40/
containers/json: dial unix /var/run/docker.sock: connect: permission denied

The only way I've been able to get this to work is to chmod 777 the docker.sock file, which seems wrong to me. Is there some other step I am missing or other solution I can follow?

Host OS is Ubuntu 19.04, Docker version 19.03.0-beta2, build c601560

1 Answer

  1. Mars- Reply


    You need to run the command with sudo:

    sudo docker run -d -v jenkins_home:/var/jenkins_home \
        -p 8080:8080 -p 50000:50000 \
        -v /var/run/docker.sock:/var/run/docker.sock customjenkins

    Otherwise you don't have permissions to read/write to the socket, which is completely normal and expected. Using chmod 777 is indeed a bad idea, as it poses a security issue.

    Besides using sudo there are two other suggested ways to use docker:

    1. Add your user to the docker group:

    sudo gpasswd -a $USER docker

    Note: if the group docker does not exist, you can create it first:

    sudo groupadd docker

    2. Use ACL to add permission to your user to use the docker socket:

    sudo setfacl -m user:$USER:rw /var/run/docker.sock

    You can replace $USER with your username if you'd like.

Leave a Reply

Your email address will not be published. Required fields are marked *

You can use these HTML tags and attributes <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>