1146705 – docker.sock owned by docker group but docker needs root

Bug 1146705 - docker.sock owned by docker group but docker needs root

Summary: docker.sock owned by docker group but docker needs root

Keywords:
Status:	CLOSED DUPLICATE of bug 1145270
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	docker-io
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Lokesh Mandvekar
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-09-25 19:51 UTC by Lokesh Mandvekar
Modified:	2014-10-25 10:47 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-10-24 20:43:42 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1145270	0	unspecified	CLOSED	updating Docker cause users in docker group to not be able to use docker service	2021-02-22 00:41:40 UTC
Red Hat Bugzilla	1149882	0	unspecified	CLOSED	docker socket not found errors	2021-02-22 00:41:40 UTC

Internal Links: 1145270 1149882

Description Lokesh Mandvekar 2014-09-25 19:51:43 UTC

Description of problem:

$ ls -al /var/run/docker.sock 
srw-rw----. 1 root docker 0 Sep 25 14:45 /var/run/docker.sock

$ docker pull fedora
2014/09/25 14:48:04 Post http:///var/run/docker.sock/images/create?fromImage=fedora&tag=: dial unix /var/run/docker.sock: permission denied

$ sudo docker pull fedora
Pulling repository fedora
f1515fbc671c: Download complete 
22499213da48: Download complete 
b5751574adac: Download complete 
511136ea3c5a: Download complete 
ff75b0852d47: Download complete

Version-Release number of selected component (if applicable):
docker-1.2.0-2.fc22

How reproducible:
always

Steps to Reproduce:
1. install docker
2. use docker

Expected results:
docker commands should work without need for root

Additional info:
systemd-216-6.fc22.x86_64

Comment 1 Daniel Walsh 2014-09-25 21:44:42 UTC

Well I might consider this a good thing.

http://www.projectatomic.io/blog/2014/09/granting-rights-to-users-to-use-docker-in-fedora/

I have no idea why this is blowing up?  Can you try this in permissive mode?

Comment 4 Lokesh Mandvekar 2014-10-01 16:17:40 UTC

Dan, sorry about the late reply.

I see the same situation in permissive mode too.

Comment 5 Daniel Walsh 2014-10-03 17:45:10 UTC

I have no idea what this is, unless it is related to the docker.socket unit file.

Comment 7 Daniel Walsh 2014-10-24 20:43:42 UTC


*** This bug has been marked as a duplicate of bug 1145270 ***

Comment 8 Lokesh Mandvekar 2014-10-24 23:51:25 UTC

Dan,

Correct me if I'm wrong, but don't think this is a duplicate of Bug 1145270. /var/run/docker.sock does seem to be in docker group by default (systemd versions on fedora do have SocketUser and SocketGroup support too), but root is still needed to access docker commands.

Comment 9 Daniel Walsh 2014-10-25 10:47:34 UTC

Not on my machine.

Can you Strace the docker command to see where you are getting permission denied?

Note You need to log in before you can comment on or make changes to this bug.