Docker in Docker permissions error

I have a docker in docker setup for CI. Essentially, the machine has a jenkins CI server on it that uses the same machines docker socket to create nodes for CI.

This was working great until I recently updated docker. I’ve identified the issue, but I can’t seem to figure out the right magic to get it working.

  • Getting ember to run under docker on Windows Quickstart
  • Why is virtualbox running so slowly under docker?
  • Trying to run php-fpm on Docker
  • Multiple dockers and multiple domains on elastic beanstalk
  • Connecting local psql db with web app inside the docker container
  • Docker seems to ignore DOCKER_HOST and other vars set from `eval $(docker-machine env)`
  • host $ docker exec -it myjenkins bash
    jenkins@container $ docker ps
    Got permission denied while trying to connect to the Docker daemon 
    socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.26/containers/json: dial unix /var/run/docker.sock: connect: permission denied
    host $ docker exec -it -u root -it myjenkins bash
    root@container $ docker ps 
    ... docker ps from host container yay! ...

    So here’s what I surmise. I have access to the host docker socket from within the container, but I can’t seem to give permission to the jenkins user.

    I’ve added the docker group, and also added the jenkins user to the docker group. But I still get the same error. I’ve restarted a whack of times so, I’m kind of at a loss for what to do next.

    Is there a way to force permissions for a user on a particular socket?

  • Bitbucket API version 1
  • Docker-machine - IP address conflict
  • docker container: add symlink to /Users/www/[project] in /var/www to access and serve local files
  • Using docker-compose to start web and backend. How can I get the IP of backend from web?
  • Installing sensu, sensu-dashboard does not install
  • How can I extend unregistered docker images or dockerfiles?
  • 2 Solutions collect form web for “Docker in Docker permissions error”

    You need to map the gid of the docker group on your host to the gid of a group that jenkins belongs to inside your container. Here’s a sample from my Dockerfile of how I’ve built a jenkins slave image:

    RUN groupadd -g ${DOCKER_GID} docker \
      && curl -sSL | sh \
      && apt-get -q autoremove \
      && apt-get -q clean -y \
      && rm -rf /var/lib/apt/lists/* /var/cache/apt/*.bin 
    RUN useradd -m -d /home/jenkins -s /bin/sh jenkins \
      && usermod -aG docker jenkins

    The 993 happens to be the gid of docker on the host in this example, you’d adjust that to match your environment.

    Solution from the OP:
    If rebuilding isn’t a possibility you can set the docker group accordingly in using root and add the user. If you tried this before you may have to delete the group on the slave (groupdel docker):

    docker exec -it -u root myjenkins bash
    container $ groupadd -g 993 docker
    container $ usermod -aG docker jenkins

    Execute the command with your root user by including sudo in the start.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.