Bug 1214104
Summary: | /var/run/docker.sock permissions | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Tomas Dabašinskas <tdabasin> |
Component: | docker | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED WONTFIX | QA Contact: | Luwen Su <lsu> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.3 | CC: | lsm5 |
Target Milestone: | rc | Keywords: | Extras |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-07-15 20:55:30 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tomas Dabašinskas
2015-04-22 01:40:52 UTC
Please note /var/run/docker.sock is a socket (not regular file), creating it using f /var/run/docker.sock 0755 dockerroot dockerroot - - will not work, I can't find information on http://www.freedesktop.org/software/systemd/man/tmpfiles.d.html for changing permissions for sockets You may also add following to /usr/lib/systemd/system/docker.service: ExecStartPost=/usr/bin/chown dockerroot:dockerroot /var/run/docker.sock Please note, it uses default socket path, if in /etc/sysconfig/docker OPTIONS is changed to specify different path to the socket using -H flag, service won't start as it won't find the socket... We don't want to allow docker access from non privileged users since this is the equivalent of allowing these users root access with no logging. We would prefer that you set them up to use sudo. We will not fix this issue until we have proper logging and Access Control built into docker. |