Share docker socket using user namespaces

is it possible to use docker socket mounted from host inside docker container when using user namespaces?

I have following configuration:

  • cronjob not executed on docker swarm deployment
  • Docker: setctty operation not permitted
  • Docker Container Command cannot locate shell script
  • Docker: Setting up dns for containers
  • Seeding data in a Mongo db within a linked Docker container
  • CentOS image is not running?
  • /etc/subuid





      "userns-remap": "ns-user" 

    I’ve created user ns-user with UID 100000 and group ns-user with GID 100000. Additionality I’ve added ns-user to group docker. When I log in as ns-user on host machine then I can use docker via socket.

    The problem is that when I run container with docker socket mounted I’ve got permission denied on socket. Socket privileges inside docker container:

    srw-rw---- 1 nobody nogroup 0 Jun 26 15:00 /var/run/docker.sock

    EDIT 1:

    To clarify I thought that root (uid 0) inside container maps to ns-user (uid 100000) on host which has permission to docker socket. but in fact I get permission denied. Why?

    I do not want to use –userns=host parameter.

  • Confluent Platform : Update Schema Registry to use Avro 1.8.1 and use new build in docker and host
  • docker automatically commit and push
  • How to tell a docker container that is deployed to a random machine in a cluster to use DNS on its own host?
  • Docker-compose linking service into dockerfile
  • How do I combine several images into one?
  • Docker FATA[0000] on Mac
  • Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.