Jenkins under Docker with -v /var/run/docker.sock:/var/run/docker.sock: permission denied

I’m trying to follow the instructions in the handbook to install Jenkins under Docker, but I want to be able to run Docker containers. The instructions at Docker say to use the docker:dind image, but when I went to the home page for that image it says to read this blog first: Using Docker-in-Docker for your CI or testing environment? Think twice.

That page says you probably don’t really want to run docker:dind, but rather connect back to the hosting Docker by using -v /var/run/docker.sock:/var/run/docker.sock.

I’m using my own Docker image which is FROM jenkins/jenkins:lts-jdk11 but then just installs docker-ce and some Jenkins plugins.

When I actually run this container and then enter it with docker exec -it jenkins bash and try to run the docker command I get:
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock

I feel like I’m so close. I assume this is because the jenkins userid created inside the container image does not map back to a userid on the host system that is a member of group docker users. Can someone tell me how to accomplish that last little bit?

In Dockerfile of your docker jenkins container try to add:

USER root
RUN groupadd -g <groupid>  docker && usermod -aG docker jenkins
USER jenkins

where grouid is the id of docker group on your host.

you need either docker-plugin in order to use docker daemon on your host

I don’t believe that does anything as UID and GID is set by docker and not actually fetched inside the container.

Theres a cli flag you can add to your docker run, --group-add which will add gids to the user running the container.

That being said, found the laziest way is to setup a ssh agent on the host running docker, that way you don’t have to mess with sockets and stuff, just give the user you ssh as access to docker in the standard ways

1 Like

Thanks, that seems to be working!

I wonder why the Jenkins handbook doesn’t do it this way, any idea?