Bug 1121977

Summary: /var/run/docker.sock group is not docker
Product: [Fedora] Fedora Reporter: Yajo <yajo.sk8>
Component: systemdAssignee: systemd-maint
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 20CC: admiller, dwalsh, golang-updates, hushan.jia, johannbg, jperrin, lnykryn, lsm5, mattdm, mgoldman, msekleta, s, systemd-maint, vbatts, vpavlin, zbyszek
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-07-23 00:56:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Yajo 2014-07-22 09:16:39 UTC
Description of problem:
A user in docker group cannot use docker.

Version-Release number of selected component (if applicable):
docker-io-1.0.0-6.fc20.x86_64

How reproducible:
After install.

Steps to Reproduce:
1. sudo yum -y install docker-io
2. sudo usermod -aG docker $YOUR_USER
3. Log out and in again.
4. sudo systemctl start docker
5. docker pull fedora

Actual results:
2014/07/22 11:10:02 Post http:///var/run/docker.sock/images/create?fromImage=fedora&tag=: dial unix /var/run/docker.sock: permission denied

Expected results:
Should pull the fedora image.

Additional info:
Official docs (https://docs.docker.com/installation/fedora/#granting-rights-to-users-to-use-docker) say:

> Adding users to the docker group is not necessary for Docker versions 1.0 and above.

So maybe I am trying to solve a problem in the wrong direction, but:

$ grep SocketGroup /lib/systemd/system/docker.socket
SocketGroup=docker

So, I think Fedora stills wants that. However, socket group is root instead of docker:

$ ls -l /var/run/docker.sock 
srw-rw----. 1 root root 0 jul 22 11:08 /var/run/docker.sock

Workaround:
sudo chgrp docker /var/run/docker.sock

Comment 1 Daniel Walsh 2014-07-22 17:36:55 UTC
This is a bug in ssytemd

Comment 2 Daniel Walsh 2014-07-22 17:37:22 UTC
socket activation should assign the docker group to the docker socket.

Comment 3 Zbigniew Jędrzejewski-Szmek 2014-07-23 00:56:17 UTC
(In reply to Daniel Walsh from comment #1)
> This is a bug in ssytemd
No, not really, but we can help :)

*** This bug has been marked as a duplicate of bug 1119282 ***