Docker in Docker permissions error

I have a docker in docker setup for CI. Essentially, the machine has a jenkins CI server on it that uses the same machines docker socket to create nodes for CI.

This was working great until I recently updated docker. I’ve identified the issue, but I can’t seem to figure out the right magic to get it working.

  • Unable to install packages using Docker on Mac
  • Docker add warfile to official Tomcat image
  • Docker network with AWS VPC
  • Can't deploy artifact to KIE-server via Drools workbench because of “ConversationId not valid - missing releaseId”
  • Nextcould 11 docker “config.php” not working
  • Version error when installing docker toolbox on OSX
  • host $ docker exec -it myjenkins bash
    jenkins@container $ docker ps
    Got permission denied while trying to connect to the Docker daemon 
    socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.26/containers/json: dial unix /var/run/docker.sock: connect: permission denied
    
    host $ docker exec -it -u root -it myjenkins bash
    root@container $ docker ps 
    ... docker ps from host container yay! ...
    

    So here’s what I surmise. I have access to the host docker socket from within the container, but I can’t seem to give permission to the jenkins user.

    I’ve added the docker group, and also added the jenkins user to the docker group. But I still get the same error. I’ve restarted a whack of times so, I’m kind of at a loss for what to do next.

    Is there a way to force permissions for a user on a particular socket?

  • Docker tool or feature to define per-project container aliases?
  • Localhost doesn't forward requests to oracle docker container
  • Spring Boot app with eureka server and docker
  • Minor change in ansible playbook does not get updated in target host
  • Kitematic spins up new containers, but none of them showing up in Terminal
  • GitLab CI ERROR: Preparation failed: Post https…docker%3Adind: net/http: timeout awaiting response headers
  • 2 Solutions collect form web for “Docker in Docker permissions error”

    You need to map the gid of the docker group on your host to the gid of a group that jenkins belongs to inside your container. Here’s a sample from my Dockerfile of how I’ve built a jenkins slave image:

    ARG DOCKER_GID=993
    
    RUN groupadd -g ${DOCKER_GID} docker \
      && curl -sSL https://get.docker.com/ | sh \
      && apt-get -q autoremove \
      && apt-get -q clean -y \
      && rm -rf /var/lib/apt/lists/* /var/cache/apt/*.bin 
    
    RUN useradd -m -d /home/jenkins -s /bin/sh jenkins \
      && usermod -aG docker jenkins
    

    The 993 happens to be the gid of docker on the host in this example, you’d adjust that to match your environment.


    Solution from the OP:
    If rebuilding isn’t a possibility you can set the docker group accordingly in using root and add the user. If you tried this before you may have to delete the group on the slave (groupdel docker):

    docker exec -it -u root myjenkins bash
    container $ groupadd -g 993 docker
    container $ usermod -aG docker jenkins
    

    Execute the command with your root user by including sudo in the start.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.