$ docker --version
Docker version 20.10.5, build 55c4c88
Solution
Via an entrypoint script, I set the needed permission on container startup.
chown root:docker /var/run/docker.sock
chmod g+w /var/run/docker.sock
It requires that the container starts as root, and only after setting the permission changes to the jenkins user.
This solution works independent of the gRPC FUSE setting of Docker Desktop/Docker for Mac.
Dead Ends
I gave up to solve the permission question with a bind-mount. Because:
Turns out, I overlooked that the host's /var/run/docker.sock is a symbolic link. I thought, due to that symbolic link, the permissions are not transferred as expected. But I could not find documentation about it, only hints
When bind-mounting the link target directly, when running a docker command I get
Error response from daemon: Mounts denied: approving /Users/(...)/docker.sock: file does not exist
Presumably because the file is a socket link (see ls' long format).
Turns out, this appears to be caused by the gRPC FUSE file sharing setting of my Docker Desktop. Disabling it made the error go away, and the socket link docker.sock gets mounted with the container user as owner and group automatically.
However, exeuting e.g. docker image ls inside the container results in an unexplainable error now:
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
