Docker in Docker permissions error

I have a docker in docker setup for CI. Essentially, the machine has a jenkins CI server on it that uses the same machines docker socket to create nodes for CI.

This was working great until I recently updated docker. I’ve identified the issue, but I can’t seem to figure out the right magic to get it working.

  • What is the standard way to move docker volume around servers?
  • Deleting files inside docker container not freeing up space on host system
  • Running PHPUnit within a Docker container with PhpStorm
  • Screen within Docker from ssh
  • Mongodb replica set with Docker 1.12 services
  • How to connect to the external server from docker container?
  • host $ docker exec -it myjenkins bash
    jenkins@container $ docker ps
    Got permission denied while trying to connect to the Docker daemon 
    socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.26/containers/json: dial unix /var/run/docker.sock: connect: permission denied
    host $ docker exec -it -u root -it myjenkins bash
    root@container $ docker ps 
    ... docker ps from host container yay! ...

    So here’s what I surmise. I have access to the host docker socket from within the container, but I can’t seem to give permission to the jenkins user.

    I’ve added the docker group, and also added the jenkins user to the docker group. But I still get the same error. I’ve restarted a whack of times so, I’m kind of at a loss for what to do next.

    Is there a way to force permissions for a user on a particular socket?

  • Connect to vagrant from docker via php
  • I found an image on docker hub that I like but doesn't meet my needs. How do I update it and make it my own?
  • Connection Refused Error 61: Scrapy+splash Docker
  • Connect to mysql in a docker container from the host
  • I started a docker container with --rm Is there an easy way to keep it, without redoing everything?
  • Where are the docker daemon logs stored on ubuntu 16.04 xenial xerus?
  • 2 Solutions collect form web for “Docker in Docker permissions error”

    You need to map the gid of the docker group on your host to the gid of a group that jenkins belongs to inside your container. Here’s a sample from my Dockerfile of how I’ve built a jenkins slave image:

    RUN groupadd -g ${DOCKER_GID} docker \
      && curl -sSL | sh \
      && apt-get -q autoremove \
      && apt-get -q clean -y \
      && rm -rf /var/lib/apt/lists/* /var/cache/apt/*.bin 
    RUN useradd -m -d /home/jenkins -s /bin/sh jenkins \
      && usermod -aG docker jenkins

    The 993 happens to be the gid of docker on the host in this example, you’d adjust that to match your environment.

    Solution from the OP:
    If rebuilding isn’t a possibility you can set the docker group accordingly in using root and add the user. If you tried this before you may have to delete the group on the slave (groupdel docker):

    docker exec -it -u root myjenkins bash
    container $ groupadd -g 993 docker
    container $ usermod -aG docker jenkins

    Execute the command with your root user by including sudo in the start.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.