skip to Main Content

I have created a test container using the latest gitlab/gitlab-runner:latest image. I want to execute Docker commands within this container using the permissions of the gitlab-runner user.

Inside the container:

root@gitlab_runner:/# su gitlab-runner
gitlab-runner@gitlab_runner:/$ id
uid=999(gitlab-runner) gid=999(gitlab-runner) groups=999(gitlab-runner)

Executing docker info results in an error:

gitlab-runner@gitlab_runner:/$ docker info
Client:
 Version:    24.0.5
 Context:    default
 Debug Mode: false

Server:
ERROR: permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/info": dial unix /var/run/docker.sock: connect: permission denied
errors pretty printing info

When using root privileges, executing docker info works as expected.

Outside the container:

The UID 999 corresponds to the systemd-coredump user, which is a member of the docker group.

$ id systemd-coredump
uid=999(systemd-coredump) gid=999(systemd-coredump) groups=999(systemd-coredump),135(docker)

Docker socket permissions are as follows:

srw-rw----  1 root              docker    0  Oct 25 13:39 docker.sock=

Is there any additional configuration needed to allow the test container to correctly execute Docker commands with the permissions of the gitlab-runner user? Thank you very much!!

I have confirmed that outside the container, the user with UID 999 is indeed a member of the docker group.

2

Answers


  1. Chosen as BEST ANSWER

    I added docker:x:135:gitlab-runner to /etc/group, then I can now run Docker with gitlab-runner!


  2. This is because by default docker engine runs as root, actually there is an alternative to run docker containers as non root user ( rootless containers )

    learn more : https://docs.docker.com/engine/security/rootless/

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search