Docker in Docker permissions error

I have a docker in docker setup for CI. Essentially, the machine has a jenkins CI server on it that uses the same machines docker socket to create nodes for CI.

This was working great until I recently updated docker. I’ve identified the issue, but I can’t seem to figure out the right magic to get it working.

  • Snapshot Options When Unable to Set Up LVM
  • How to user docker exec with zsh
  • Queries about LoadBalancing in Kubernetes cluster
  • docker mysql on different port
  • docker-machine command fails on openstack
  • Docker image > google/cadvisor:latest
  • host $ docker exec -it myjenkins bash
    jenkins@container $ docker ps
    Got permission denied while trying to connect to the Docker daemon 
    socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.26/containers/json: dial unix /var/run/docker.sock: connect: permission denied
    
    host $ docker exec -it -u root -it myjenkins bash
    root@container $ docker ps 
    ... docker ps from host container yay! ...
    

    So here’s what I surmise. I have access to the host docker socket from within the container, but I can’t seem to give permission to the jenkins user.

    I’ve added the docker group, and also added the jenkins user to the docker group. But I still get the same error. I’ve restarted a whack of times so, I’m kind of at a loss for what to do next.

    Is there a way to force permissions for a user on a particular socket?

  • Spring Boot Array Environment Variables on Docker / Marathon
  • Unable to install chef-server on docker container
  • Repair/Uninstall Mesos after cleanup
  • Docker root access to host system
  • Set specify IP for a Docker container from docker-compose.yml
  • Gitlab docker and external_url
  • 2 Solutions collect form web for “Docker in Docker permissions error”

    You need to map the gid of the docker group on your host to the gid of a group that jenkins belongs to inside your container. Here’s a sample from my Dockerfile of how I’ve built a jenkins slave image:

    ARG DOCKER_GID=993
    
    RUN groupadd -g ${DOCKER_GID} docker \
      && curl -sSL https://get.docker.com/ | sh \
      && apt-get -q autoremove \
      && apt-get -q clean -y \
      && rm -rf /var/lib/apt/lists/* /var/cache/apt/*.bin 
    
    RUN useradd -m -d /home/jenkins -s /bin/sh jenkins \
      && usermod -aG docker jenkins
    

    The 993 happens to be the gid of docker on the host in this example, you’d adjust that to match your environment.


    Solution from the OP:
    If rebuilding isn’t a possibility you can set the docker group accordingly in using root and add the user. If you tried this before you may have to delete the group on the slave (groupdel docker):

    docker exec -it -u root myjenkins bash
    container $ groupadd -g 993 docker
    container $ usermod -aG docker jenkins
    

    Execute the command with your root user by including sudo in the start.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.