Need sudo to use clairctl with ssl registry

[jgsqware]

clairctl --log-level debug pull registry.mydomain.net/core/custom-nginx:latest
DEBU[0000] Using config file: /home/core/clairctl.yml
DEBU[0000] Downloading manifest for registry.mydomain.net/core/custom-nginx:latest
DEBU[0000] Retrieving repository client
DEBU[0000] hostDir: /etc/docker/certs.d/registry.mydomain.net
DEBU[0000] registry.LookupPullEndpoints error: open /etc/docker/certs.d/registry.mydomain.net: permission denied
client quit unexpectedly
FATA[0000] retrieving manifest for "registry.mydomain.net/core/custom-nginx:latest": open /etc/docker/certs.d/registry.mydomain.net: permission denied

[jgsqware]

need to add some log for permission files

[ehaselwanter]

2017-05-11 10:35:28.087096 D | dockerdist: registry.LookupPushEndpoints error: open /etc/docker/certs.d/aaa.bbb.com: permission denied
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x4f4ce0]

goroutine 1 [running]:
net/url.(*URL).String(0x0, 0x1a, 0x0)
	/usr/local/Cellar/go/1.8.1/libexec/src/net/url/url.go:726 +0x40
github.com/jgsqware/clairctl/clair.insertRegistryMapping(0xc420019317, 0x40, 0xc4203460f0, 0x1a)
	/Users/ehaselwanter/gocode/src/github.com/jgsqware/clairctl/clair/push.go:93 +0x7a
github.com/jgsqware/clairctl/clair.(*layering).pushAll(0xc420019770, 0xc42001af40, 0x4)

[daanemanz]

I think this happens because for many docker installations, /etc/docker has very restricted permissions. On my machine it was 0700 which explains why a pull / push does work with sudo?

Anyway, was able to work around this by relaxing the permissions on /etc/docker to 0755 which is far from ideal but at least it worked...

[TreverW]

I am also running into this problem. Is it possible to configure clair or clairctl to avoid having to open up permissions on /etc/docker?