Share docker socket using user namespaces

is it possible to use docker socket mounted from host inside docker container when using user namespaces?

I have following configuration:

  • Passing deployment files into docker container during starting
  • Does windows 7 supports docker daemon?
  • Docker creating a new image with an added Java application
  • docker reverse-proxy doesnt work when change network (by --net)
  • Managing container dependencies on startup
  • Passing binary data to callables on AWS
  • /etc/subuid

     user:100000:65536
    

    /etc/subgid

     user:100000:65536
    

    /etc/docker/daemon.json

    {                              
      "userns-remap": "ns-user" 
    }
    

    I’ve created user ns-user with UID 100000 and group ns-user with GID 100000. Additionality I’ve added ns-user to group docker. When I log in as ns-user on host machine then I can use docker via socket.

    The problem is that when I run container with docker socket mounted I’ve got permission denied on socket. Socket privileges inside docker container:

    srw-rw---- 1 nobody nogroup 0 Jun 26 15:00 /var/run/docker.sock
    

    EDIT 1:

    To clarify I thought that root (uid 0) inside container maps to ns-user (uid 100000) on host which has permission to docker socket. but in fact I get permission denied. Why?

    I do not want to use –userns=host parameter.

  • Creating BigInsights (IBM Hadoop) Docker image, sysctl issue
  • Unable to view rails app running in docker container from browser
  • Docker Machine vs Docker run
  • passing arguments to docker exec from bash prompt and script
  • Docker Cannot start container port has already been allocated
  • How to remote access(from out net) to jupyter notebook running on docker on ubuntu server
  • Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.