1

I have a master container instance (Node.js) that runs some tasks in a temporary worker docker container.

The base image used is node:8-alpine and the entrypoint command executes with user node (non-root user).

I tried running my container with the following command:

docker run \
-v /tmp/box:/tmp/box \
-v /var/run/docker.sock:/var/run/docker.sock \
ifaisalalam/ide-taskmaster

But when the nodejs app tries running a docker container, permission denied error is thrown - the app can't read /var/run/docker.sock file.

Accessing this container through sh and running ls -lha /var/run/docker.sh, I see that the file is owned by root:412. That's why my node user can't run docker container.

The /var/run/docker.sh file on host machine is owned by root:docker, so I guess the 412 inside the container is the docker group ID of the host machine.

I'd be glad if someone could provide me an workaround to run docker from docker container in Container-optimized OS on GCE.

The source Git repository link of the image I'm trying to run is - https://github.com/ifaisalalam/ide-taskmaster

Faisal Alam
  • 53
  • 7
  • Possible duplicate of [docker.sock permission denied](https://stackoverflow.com/questions/48568172/docker-sock-permission-denied) – Mustafa Salih ASLIM Jul 31 '19 at 19:33
  • @ASLIM I don't think so. I am facing this issue on GCP only. On my machine, everything is working as a charm. My question is related with running docker from within a docker. – Faisal Alam Jul 31 '19 at 19:55

1 Answers1

2

Adding the following command into my start-up script of the host machine solves the problem:

sudo chmod 666 /var/run/docker.sock

I am just not sure if this would be a secure workaround for an app running in production.

EDIT:

This answer suggests another approach that might also work - https://stackoverflow.com/a/47272481/11826776

Also, you may read this article - https://denibertovic.com/posts/handling-permissions-with-docker-volumes/

Faisal Alam
  • 53
  • 7