[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: docker command run from containers got permission denied on /var/run/docker.sock





On Wed, Oct 2, 2019 at 1:38 PM Weiqiang Zhuang <wzhuang us ibm com> wrote:
On an Openshift 3.11 cluster, we tried to run docker commands but all returned following error:
 
```
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.39/version: dial unix /var/run/docker.sock: connect: permission denied
```
 
Has anyone run into similar situation and come up with a solution? I have searched past posts and googled and tried, but so far without luck to make it work.
 
Detailed info:
 
An example Pod yaml file is
 
```
apiVersion: v1
kind: Pod
metadata:
    name: dood
spec:
    securityContext:
      privileged: true
    containers:
      - name: docker-cmds
        image: argoproj/argoexec:v2.3.0
        command: ['sh', '-c', 'sleep 1d']
        resources:
            requests:
                cpu: 10m
                memory: 256Mi
        volumeMounts:
          - mountPath: /var/run
            name: docker-sock
    volumes:
      - name: docker-sock
        hostPath:
          path: /var/run
```
 
On the host (compute nodes) machine, the socket looks like
 
# ls -l /var/run/docker.sock
srw-rw----. 1 root docker 0 Sep 15 11:55 /var/run/docker.sock
 
Inside the container, the mounted path looks like
 
# ls -l /var/run/docker.sock
srw-rw----. 1 root 1001 0 Sep 15 18:55 /var/run/docker.sock
 
The serviceaccount running the container has been added to the `anyuid` and `hostmount-anyuid` scc.

can you confirm the pod container is running as uid 0/root?

 
 
Thanks.
 
Adrian

_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users


--
Ben Parees | OpenShift


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]