minikube - Why The "docker" driver should not be used with root privileges

Question

When trying to start minikube with docker driver, as a root user I get:

$ minikube start --driver=docker
* minikube v1.16.0 on Ubuntu 18.04
* Using the docker driver based on user configuration
* The "docker" driver should not be used with root privileges.
* If you are running minikube within a VM, consider using --driver=none:
*   https://minikube.sigs.k8s.io/docs/reference/drivers/none/

X Exiting due to DRV_AS_ROOT: The "docker" driver should not be used with root privileges.

What is the problem to use docker driver as a root user?

https://github.com/kubernetes/minikube/issues/7903#issuecomment-619465709 — DannyB, Aug 30 '21 at 13:59

Dipto Mondal · Answer 1 · 2021-08-30T14:38:17.057

This is a question of security. In official docker documentation written clearly about the risks.

As per documentation -

Docker allows you to share a directory between the Docker host and a guest container; and it allows you to do so without limiting the access rights of the container. This means that you can start a container where the /host directory is the / directory on your host; and the container can alter your host filesystem without any restriction.

To solve your problem you can follow these steps:

Add new User

adduser newUser
usermod -aG sudo newUser
su - newUser

Login to the newly created User

su - newUser

Add User to the Docker Group

sudo groupadd docker
sudo usermod -aG docker $USER

Relogin and the start minikube with this following commands

minikube start --driver=docker

Verify minikube is running

docker ps

Here is a github issue you may have a look.

Updating my answer as it is causing confusion if this steps will solve the security issues

This steps will solve the error you were facing when you were trying to start minikube. But this steps won't solve the security issues because docker group grants privileges equivalent to the root user. To run docker without root privilege aka rootless mode you need to follow this documentation.

When you run those steps to add your user to the docker group, you gave that user passwordless access to the root account on the host. So I'm not sure what that solved. — BMitch, Aug 30 '21 at 14:16
This steps will solve the error @RafaelJan is facing. But this steps won't solve the security issues because docker group grants privileges equivalent to the root user. To run docker as without root privilege he needs to follow this documentation https://docs.docker.com/engine/security/rootless/ — Dipto Mondal, Aug 30 '21 at 14:32
To add user to docker group , below work for me: "sudo chmod 777 /var/run/docker.sock sudo chown ${USER}:docker /var/run/docker.sock. link :"https://stackoverflow.com/questions/47854463/docker-got-permission-denied-while-trying-to-connect-to-the-docker-daemon-socke — Shubham Jain, Feb 02 '23 at 08:59

score 4 · Answer 2 · answered Dec 19 '21 at 03:44

4

Login to root user and run below commands.

useradd testuser
usermod -aG docker testuser

su - testuser (or open another terminal and login to testuser)

minikube start --driver=docker

its works!

answered Dec 19 '21 at 03:44

Anil Singh

333
3
7

useradd does not create user folders. This is creating issues while running minikube; trying it on ubuntu:20.04 – pravin May 24 '22 at 15:21

score 0 · Answer 3 · answered Feb 22 '23 at 10:20

0

Which User are you using now? Type on the terminal.

whoami

or

echo $USER

Then you can see your username. But This is not mandatory.

Just Add the User to the Docker Group with below cmd

sudo usermod -aG docker $USER

answered Feb 22 '23 at 10:20

Anjan Biswas

701
1
10
23