-
Notifications
You must be signed in to change notification settings - Fork 118
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Regression in file sharing /var/run/docker.sock permissions in releases after v2.3 #5072
Comments
This setup is described in the Linux postinstall instructions, but no longer appear to work. |
It appears at some point the permissions on the docker.sock was change from: The difference is that write permissions were removed from the
|
I think this may be a duplicate of #4755 |
I realize I'm also already doing this in my installation, so it looks like there is a couple things that need addressing with docker-for-mac. Maybe this has never been officially supported on docker-for-mac.
|
This is my total work around:
Ref: https://github.com/leighmcculloch/devenv/blob/0dc3229/entrypoint.sh#L3-L5 |
Bind-mounting the socket should be supported; it's worth noting though that Linux won't care about the name of the group, but will purely look at the numeric UID/GID for user and group, so if the |
Thanks for the diagnosis, I agree it's a dupe, I'm going to close this copy in favour of #4755. We've raised the internal ticket up our backlog too. |
Closed issues are locked after 30 days of inactivity. If you have found a problem that seems similar to this, please open a new issue. Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows. |
or Edge)C73521FC-7E76-4207-90CD-BBA843533B07/20201116202322
Expected behavior
Mounting the
/var/run/docker.sock
into a container, where the container's user has thedocker
group should allow that user to rundocker
commands against the hosts docker daemon. This was possible with Docker for Mac v2.3.Actual behavior
After upgrading to Docker for Mac v2.5.0.1 interacting with the host's
/var/run/docker.sock
requires sudo / root.Information
Diagnostic logs
See diagnostic ID above.
Steps to reproduce the behavior
Using this
Dockerfile
:Build the image:
Run a container and mount the
/var/run/docker.sock
into the container:You should be at a console as
theuser
. That user should be in thedocker
group. In v2.3 that user would be able to issue commands likedocker ps
, but with v2.5 the user sees the following error. The error can be overcome by eleviating the user with sudo, but that was not required for v2.3.Note: Disabling the GRPC Fuse for file sharing experimental feature appears to have no affect on the behavior above.
The text was updated successfully, but these errors were encountered: