Share docker socket using user namespaces

is it possible to use docker socket mounted from host inside docker container when using user namespaces?

I have following configuration:

  • How to know when composer install finishes in docker container
  • Docker Connection Refused Between Nginx And PHP Containers
  • Cannot access files inside Vagrant Sync Folder
  • Intermittent slow response from Dockerized NodeJS app
  • Not able to connect to cassandra from host machine
  • Organization of pods in cluster in Google Container Engine
  • /etc/subuid

     user:100000:65536
    

    /etc/subgid

     user:100000:65536
    

    /etc/docker/daemon.json

    {                              
      "userns-remap": "ns-user" 
    }
    

    I’ve created user ns-user with UID 100000 and group ns-user with GID 100000. Additionality I’ve added ns-user to group docker. When I log in as ns-user on host machine then I can use docker via socket.

    The problem is that when I run container with docker socket mounted I’ve got permission denied on socket. Socket privileges inside docker container:

    srw-rw---- 1 nobody nogroup 0 Jun 26 15:00 /var/run/docker.sock
    

    EDIT 1:

    To clarify I thought that root (uid 0) inside container maps to ns-user (uid 100000) on host which has permission to docker socket. but in fact I get permission denied. Why?

    I do not want to use –userns=host parameter.

  • Apache/php return full php error track description
  • 404 error when Accessing from local host : NGINX uWSGI
  • How to access the docker-container-ip:docker-container-port from outside network
  • How to allow multiple '--insecure-registry' for docker registry
  • docker port forward bind/dns/udp not respond
  • How to wait till POST request is finished in GO?
  • Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.