DockSTARTer icon indicating copy to clipboard operation
DockSTARTer copied to clipboard
verified publisher icon GhostWriters

[BUG] Rootless docker requires changes to /var/run/docker.sock binding

Open VaporwareII opened this issue 2 years ago • 5 comments

Bug report

Describe the bug Rootless docker works aside from things that rely on the docker.sock -v "/var/run/docker.sock:/var/run/docker.sock"

it can be fixed with the replacement (assuming the user is #1000) /run/user/1000/docker.sock -v "/run/user/1000/docker.sock:/var/run/docker.sock"

or volumes: - type: bind source: /run/user/1000/docker.sock target: /var/run/docker.sock bind: create_host_path: true

To Reproduce Steps to reproduce the behavior: install Docker rootless spin up a portainer instance. the Primary environment is down if I edit the portainer.yml to

services:
  portainer:
    command: "-H unix:///var/run/docker.sock"
    container_name: portainer
    environment:
      - TZ=${TZ}
    logging:
      driver: json-file
      options:
        max-file: ${DOCKERLOGGING_MAXFILE}
        max-size: ${DOCKERLOGGING_MAXSIZE}
    restart: ${PORTAINER_RESTART}
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /run/user/1000/docker.sock:/var/run/docker.sock
      - ${DOCKERCONFDIR}/portainer:/data
      - ${DOCKERSTORAGEDIR}:/storage

then it works fine.

Expected behavior Docker Rootless would act like root

Screenshots unmodified: image modified: image

System (please complete the following information):

  • OS: Armbian
  • Version Linux 6.1.21-v8+ #1642 SMP PREEMPT Mon Apr 3 17:24:16 BST 2023 aarch64 GNU/Linux

Additional context it's relatively easy to fix but I'm not sure how to properly override this, so I keep getting stepped on by re-running creation. This may require a new global variable to identify if the user is rootless and if so what their UID is.

VaporwareII avatar Aug 23 '23 20:08 VaporwareII

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

github-actions[bot] avatar Nov 22 '23 00:11 github-actions[bot]

Sorry for not responding sooner. I think the only way we could safely do this would be to make the host side of the docker socket volume a variable for the user to set. With that, if you know what to set, you could accomplish rootless, but I imagine many users might not know what to set the value to. The default value would be filled with the existing (root) docker socket.

nemchik avatar Nov 22 '23 20:11 nemchik

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

github-actions[bot] avatar Feb 22 '24 00:02 github-actions[bot]

Making the host side of the docker socket a variable for every container individually is being done in #1729 which is full of many other changes.

I don't know if it would be better to make it a global or individual (i'm assuming users probably wouldn't ever have some apps using root and some not, but i don't know) i may try to add some detection for the docker socket.

nemchik avatar Feb 22 '24 02:02 nemchik

Can you post the output of docker context inspect ?

nemchik avatar Feb 22 '24 03:02 nemchik

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

github-actions[bot] avatar May 23 '24 00:05 github-actions[bot]