Bug 1146705

Summary: docker.sock owned by docker group but docker needs root
Product: [Fedora] Fedora Reporter: Lokesh Mandvekar <lsm5>
Component: docker-ioAssignee: Lokesh Mandvekar <lsm5>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: admiller, dwalsh, erich, golang-updates, hushan.jia, jperrin, lsm5, mattdm, mgoldman, s, thrcka, vbatts
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-10-24 20:43:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lokesh Mandvekar 2014-09-25 19:51:43 UTC 
Description of problem:

$ ls -al /var/run/docker.sock 
srw-rw----. 1 root docker 0 Sep 25 14:45 /var/run/docker.sock

$ docker pull fedora
2014/09/25 14:48:04 Post http:///var/run/docker.sock/images/create?fromImage=fedora&tag=: dial unix /var/run/docker.sock: permission denied

$ sudo docker pull fedora
Pulling repository fedora
f1515fbc671c: Download complete 
22499213da48: Download complete 
b5751574adac: Download complete 
511136ea3c5a: Download complete 
ff75b0852d47: Download complete

Version-Release number of selected component (if applicable):
docker-1.2.0-2.fc22

How reproducible:
always

Steps to Reproduce:
1. install docker
2. use docker

Expected results:
docker commands should work without need for root

Additional info:
systemd-216-6.fc22.x86_64
Comment 1 Daniel Walsh 2014-09-25 21:44:42 UTC 
Well I might consider this a good thing.

http://www.projectatomic.io/blog/2014/09/granting-rights-to-users-to-use-docker-in-fedora/

I have no idea why this is blowing up?  Can you try this in permissive mode?
Comment 4 Lokesh Mandvekar 2014-10-01 16:17:40 UTC 
Dan, sorry about the late reply.

I see the same situation in permissive mode too.
Comment 5 Daniel Walsh 2014-10-03 17:45:10 UTC 
I have no idea what this is, unless it is related to the docker.socket unit file.
Comment 7 Daniel Walsh 2014-10-24 20:43:42 UTC 

*** This bug has been marked as a duplicate of bug 1145270 ***
Comment 8 Lokesh Mandvekar 2014-10-24 23:51:25 UTC 
Dan,

Correct me if I'm wrong, but don't think this is a duplicate of Bug 1145270. /var/run/docker.sock does seem to be in docker group by default (systemd versions on fedora do have SocketUser and SocketGroup support too), but root is still needed to access docker commands.
Comment 9 Daniel Walsh 2014-10-25 10:47:34 UTC 
Not on my machine.

Can you Strace the docker command to see where you are getting permission denied?