Jenkins under Docker with -v /var/run/docker.sock:/var/run/docker.sock: permission denied

sprior · December 17, 2021, 5:31am

I’m trying to follow the instructions in the handbook to install Jenkins under Docker, but I want to be able to run Docker containers. The instructions at Docker say to use the docker:dind image, but when I went to the home page for that image it says to read this blog first: Using Docker-in-Docker for your CI or testing environment? Think twice.

That page says you probably don’t really want to run docker:dind, but rather connect back to the hosting Docker by using -v /var/run/docker.sock:/var/run/docker.sock.

I’m using my own Docker image which is FROM jenkins/jenkins:lts-jdk11 but then just installs docker-ce and some Jenkins plugins.

When I actually run this container and then enter it with docker exec -it jenkins bash and try to run the docker command I get:
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock

I feel like I’m so close. I assume this is because the jenkins userid created inside the container image does not map back to a userid on the host system that is a member of group docker users. Can someone tell me how to accomplish that last little bit?

Letizia · December 17, 2021, 8:26am

In Dockerfile of your docker jenkins container try to add:

USER root
RUN groupadd -g <groupid>  docker && usermod -aG docker jenkins
USER jenkins

where grouid is the id of docker group on your host.

you need either docker-plugin in order to use docker daemon on your host

halkeye · December 17, 2021, 8:57am

I don’t believe that does anything as UID and GID is set by docker and not actually fetched inside the container.

Theres a cli flag you can add to your docker run, --group-add which will add gids to the user running the container.

That being said, found the laziest way is to setup a ssh agent on the host running docker, that way you don’t have to mess with sockets and stuff, just give the user you ssh as access to docker in the standard ways

sprior · December 17, 2021, 7:12pm

Thanks, that seems to be working!

I wonder why the Jenkins handbook doesn’t do it this way, any idea?

Topic		Replies	Views
Jenkins group while in job is not the same as in terminal Ask a question	4	1493	November 6, 2021
java.io.IOException: error=13, Permission denied Ask a question question , docker , pipeline	0	165	June 24, 2024
Jenkins: Cannot connect to the Docker daemon on Mac Ask a question question , docker , jenkinsfile , pipeline	2	2605	August 27, 2023
Docker pipeline Using Jenkins question , docker	3	1547	November 17, 2022
Jenkinspipeline with docker build agent - Run docker container with custom user Ask a question	6	2726	January 24, 2022

Jenkins under Docker with -v /var/run/docker.sock:/var/run/docker.sock: permission denied

Related topics