act icon indicating copy to clipboard operation
act copied to clipboard

Published 20 hours ago verified publisher icon nektos

Error: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? on Ubuntu while docker commands are working

Open kintel opened this issue 2 years ago • 8 comments

Bug report info

gh act --bug-report
act version:            0.2.44
GOOS:                   linux
GOARCH:                 amd64
NumCPU:                 20
Docker host:            DOCKER_HOST environment variable is unset/empty.
Sockets found:
        /var/run/docker.sock
Config files:           
        /home/kintel/snap/gh/502/.actrc:
                -P ubuntu-latest=catthehacker/ubuntu:act-latest
                -P ubuntu-22.04=catthehacker/ubuntu:act-22.04
                -P ubuntu-20.04=catthehacker/ubuntu:act-20.04
                -P ubuntu-18.04=catthehacker/ubuntu:act-18.04
Build info:
        Go version:            go1.18.10
        Module path:           github.com/nektos/act
        Main version:          (devel)
        Main path:             github.com/nektos/act
        Main checksum:         
        Build settings:
                -compiler:            gc
                CGO_ENABLED:          0
                GOARCH:               amd64
                GOOS:                 linux
                GOAMD64:              v1
                vcs:                  git
                vcs.revision:         65088b8f28d44da128b95ec194a04277b8856be9
                vcs.time:             2023-01-20T18:39:07Z
                vcs.modified:         true

Error: permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/info": dial unix /var/run/docker.sock: connect: permission denied

Command used with act

gh act

Describe issue

Error: permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/info": dial unix /var/run/docker.sock: connect: permission denied

Link to GitHub repository

No response

Workflow content

Any workflow

Relevant log output

DEBU[0000] Loading environment from /home/kintel/code/OpenSCAD/openscad-testing/.env 
DEBU[0000] Loading action inputs from /home/kintel/code/OpenSCAD/openscad-testing/.input 
DEBU[0000] Loading secrets from /home/kintel/code/OpenSCAD/openscad-testing/.secrets 
DEBU[0000] Evaluated matrix inclusions: map[]           
DEBU[0000] Loading workflows from '/home/kintel/code/OpenSCAD/openscad-testing/.github/workflows' 
DEBU[0000] Loading workflows recursively                
DEBU[0000] Found workflow 'codeql-analysis.yml' in '/home/kintel/code/OpenSCAD/openscad-testing/.github/workflows/codeql-analysis.yml' 
DEBU[0000] Found workflow 'linux.yml' in '/home/kintel/code/OpenSCAD/openscad-testing/.github/workflows/linux.yml' 
DEBU[0000] Found workflow 'macos-release.yml' in '/home/kintel/code/OpenSCAD/openscad-testing/.github/workflows/macos-release.yml' 
DEBU[0000] Found workflow 'macos-snapshot.yml.disabled' in '/home/kintel/code/OpenSCAD/openscad-testing/.github/workflows/macos-snapshot.yml.disabled' 
DEBU[0000] Found workflow 'macos-tests.yml' in '/home/kintel/code/OpenSCAD/openscad-testing/.github/workflows/macos-tests.yml' 
DEBU[0000] Found workflow 'windows.yml' in '/home/kintel/code/OpenSCAD/openscad-testing/.github/workflows/windows.yml' 
DEBU[0000] Reading workflow '/home/kintel/code/OpenSCAD/openscad-testing/.github/workflows/codeql-analysis.yml' 
DEBU[0000] Conditional GET for notices etag=f82d34a0-80c7-4533-902c-b80db8d0947f 
DEBU[0000] Reading workflow '/home/kintel/code/OpenSCAD/openscad-testing/.github/workflows/linux.yml' 
DEBU[0000] Reading workflow '/home/kintel/code/OpenSCAD/openscad-testing/.github/workflows/macos-release.yml' 
DEBU[0000] Reading workflow '/home/kintel/code/OpenSCAD/openscad-testing/.github/workflows/macos-tests.yml' 
DEBU[0000] Reading workflow '/home/kintel/code/OpenSCAD/openscad-testing/.github/workflows/windows.yml' 
DEBU[0000] Preparing plan with all jobs                 
DEBU[0000] Using default workflow event: push           
DEBU[0000] Planning jobs for event: push                
DEBU[0000] Loading revision from git directory          
DEBU[0000] Found revision: 21e66f1970e80f4220e52a833e7d651ba01137ff 
DEBU[0000] HEAD points to '21e66f1970e80f4220e52a833e7d651ba01137ff' 
DEBU[0000] using github ref: refs/heads/master          
DEBU[0000] Found revision: 21e66f1970e80f4220e52a833e7d651ba01137ff 
DEBU[0000] Loading revision from git directory          
DEBU[0000] Found revision: 21e66f1970e80f4220e52a833e7d651ba01137ff 
DEBU[0000] HEAD points to '21e66f1970e80f4220e52a833e7d651ba01137ff' 
DEBU[0000] using github ref: refs/heads/master          
DEBU[0000] Found revision: 21e66f1970e80f4220e52a833e7d651ba01137ff 
DEBU[0000] false                                        
DEBU[0000] Final matrix after applying user inclusions '[map[language:cpp]]' 
DEBU[0000] Loading revision from git directory          
DEBU[0000] Found revision: 21e66f1970e80f4220e52a833e7d651ba01137ff 
DEBU[0000] HEAD points to '21e66f1970e80f4220e52a833e7d651ba01137ff' 
DEBU[0000] using github ref: refs/heads/master          
DEBU[0000] Found revision: 21e66f1970e80f4220e52a833e7d651ba01137ff 
DEBU[0000] Loading revision from git directory          
DEBU[0000] Found revision: 21e66f1970e80f4220e52a833e7d651ba01137ff 
DEBU[0000] HEAD points to '21e66f1970e80f4220e52a833e7d651ba01137ff' 
DEBU[0000] using github ref: refs/heads/master          
DEBU[0000] Found revision: 21e66f1970e80f4220e52a833e7d651ba01137ff 
DEBU[0000] expression '${{ matrix.os }}' rewritten to 'format('{0}', matrix.os)' 
DEBU[0000] evaluating expression 'format('{0}', matrix.os)' 
DEBU[0000] expression 'format('{0}', matrix.os)' evaluated to '%!t(string=)' 
DEBU[0000] Loading revision from git directory          
DEBU[0000] Found revision: 21e66f1970e80f4220e52a833e7d651ba01137ff 
DEBU[0000] HEAD points to '21e66f1970e80f4220e52a833e7d651ba01137ff' 
DEBU[0000] using github ref: refs/heads/master          
DEBU[0000] Found revision: 21e66f1970e80f4220e52a833e7d651ba01137ff 
DEBU[0000] false                                        
DEBU[0000] Adding include values 'map[distro:focal os:ubuntu-20.04 qt5default:true]' to existing entry 
DEBU[0000] Adding include values 'map[distro:kinetic os:ubuntu-22.04 qt5default:false]' to existing entry 
DEBU[0000] Final matrix after applying user inclusions '[map[distro:focal os:ubuntu-20.04 qt5default:true] map[distro:kinetic os:ubuntu-22.04 qt5default:false]]' 
DEBU[0000] Loading revision from git directory          
DEBU[0000] Found revision: 21e66f1970e80f4220e52a833e7d651ba01137ff 
DEBU[0000] HEAD points to '21e66f1970e80f4220e52a833e7d651ba01137ff' 
DEBU[0000] using github ref: refs/heads/master          
DEBU[0000] Found revision: 21e66f1970e80f4220e52a833e7d651ba01137ff 
DEBU[0000] expression '${{ matrix.os }}' rewritten to 'format('{0}', matrix.os)' 
DEBU[0000] evaluating expression 'format('{0}', matrix.os)' 
DEBU[0000] expression 'format('{0}', matrix.os)' evaluated to '%!t(string=ubuntu-20.04)' 
DEBU[0000] Loading revision from git directory          
DEBU[0000] Found revision: 21e66f1970e80f4220e52a833e7d651ba01137ff 
DEBU[0000] HEAD points to '21e66f1970e80f4220e52a833e7d651ba01137ff' 
DEBU[0000] using github ref: refs/heads/master          
DEBU[0000] Found revision: 21e66f1970e80f4220e52a833e7d651ba01137ff 
DEBU[0000] expression '${{ matrix.os }}' rewritten to 'format('{0}', matrix.os)' 
DEBU[0000] evaluating expression 'format('{0}', matrix.os)' 
DEBU[0000] expression 'format('{0}', matrix.os)' evaluated to '%!t(string=ubuntu-22.04)' 
DEBU[0000] Final matrix after applying user inclusions '[map[]]' 
DEBU[0000] Loading revision from git directory          
DEBU[0000] Found revision: 21e66f1970e80f4220e52a833e7d651ba01137ff 
DEBU[0000] HEAD points to '21e66f1970e80f4220e52a833e7d651ba01137ff' 
DEBU[0000] using github ref: refs/heads/master          
DEBU[0000] Found revision: 21e66f1970e80f4220e52a833e7d651ba01137ff 
DEBU[0000] Final matrix after applying user inclusions '[map[]]' 
DEBU[0000] Loading revision from git directory          
DEBU[0000] Found revision: 21e66f1970e80f4220e52a833e7d651ba01137ff 
DEBU[0000] HEAD points to '21e66f1970e80f4220e52a833e7d651ba01137ff' 
DEBU[0000] using github ref: refs/heads/master          
DEBU[0000] Found revision: 21e66f1970e80f4220e52a833e7d651ba01137ff 
DEBU[0000] Final matrix after applying user inclusions '[map[]]' 
DEBU[0000] Loading revision from git directory          
DEBU[0000] Found revision: 21e66f1970e80f4220e52a833e7d651ba01137ff 
DEBU[0000] HEAD points to '21e66f1970e80f4220e52a833e7d651ba01137ff' 
DEBU[0000] using github ref: refs/heads/master          
DEBU[0000] Found revision: 21e66f1970e80f4220e52a833e7d651ba01137ff 
ERRO[0000] failed to obtain container engine info: permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/info": dial unix /var/run/docker.sock: connect: permission denied 
[CodeQL/Analyze                ] [DEBUG] evaluating expression 'success()'
[CodeQL/Analyze                ] [DEBUG] expression 'success()' evaluated to 'true'
[CodeQL/Analyze                ] 🚀  Start image=catthehacker/ubuntu:act-latest
[CodeQL/Analyze                ]   🐳  docker pull image=catthehacker/ubuntu:act-latest platform= username= forcePull=true
[CodeQL/Analyze                ] [DEBUG]   🐳  docker pull catthehacker/ubuntu:act-latest
[CodeQL/Analyze                ] [DEBUG] pulling image 'docker.io/catthehacker/ubuntu:act-latest' ()
[linux/ubuntu-20.04-1          ] [DEBUG] evaluating expression 'success()'
[linux/ubuntu-20.04-1          ] [DEBUG] expression 'success()' evaluated to 'true'
[linux/ubuntu-20.04-1          ] [DEBUG] expression '${{ matrix.os }}' rewritten to 'format('{0}', matrix.os)'
[linux/ubuntu-20.04-1          ] [DEBUG] evaluating expression 'format('{0}', matrix.os)'
[linux/ubuntu-20.04-1          ] [DEBUG] expression 'format('{0}', matrix.os)' evaluated to '%!t(string=ubuntu-20.04)'
[linux/ubuntu-20.04-1          ] [DEBUG] expression '${{ matrix.os }}' rewritten to 'format('{0}', matrix.os)'
[linux/ubuntu-20.04-1          ] [DEBUG] evaluating expression 'format('{0}', matrix.os)'
[linux/ubuntu-20.04-1          ] [DEBUG] expression 'format('{0}', matrix.os)' evaluated to '%!t(string=ubuntu-20.04)'
[linux/ubuntu-20.04-1          ] [DEBUG] expression '${{ matrix.os }}' rewritten to 'format('{0}', matrix.os)'
[linux/ubuntu-20.04-1          ] [DEBUG] evaluating expression 'format('{0}', matrix.os)'
[linux/ubuntu-20.04-1          ] [DEBUG] expression 'format('{0}', matrix.os)' evaluated to '%!t(string=ubuntu-20.04)'
[linux/ubuntu-20.04-1          ] 🚀  Start image=catthehacker/ubuntu:act-20.04
[linux/ubuntu-22.04-2          ] [DEBUG] evaluating expression 'success()'
[linux/ubuntu-22.04-2          ] [DEBUG] expression 'success()' evaluated to 'true'
[linux/ubuntu-22.04-2          ] [DEBUG] expression '${{ matrix.os }}' rewritten to 'format('{0}', matrix.os)'
[linux/ubuntu-22.04-2          ] [DEBUG] evaluating expression 'format('{0}', matrix.os)'
[linux/ubuntu-22.04-2          ] [DEBUG] expression 'format('{0}', matrix.os)' evaluated to '%!t(string=ubuntu-22.04)'
[linux/ubuntu-22.04-2          ] [DEBUG] expression '${{ matrix.os }}' rewritten to 'format('{0}', matrix.os)'
[linux/ubuntu-20.04-1          ]   🐳  docker pull image=catthehacker/ubuntu:act-20.04 platform= username= forcePull=true
[linux/ubuntu-20.04-1          ] [DEBUG]   🐳  docker pull catthehacker/ubuntu:act-20.04
[linux/ubuntu-20.04-1          ] [DEBUG] pulling image 'docker.io/catthehacker/ubuntu:act-20.04' ()
[linux/ubuntu-22.04-2          ] [DEBUG] evaluating expression 'format('{0}', matrix.os)'
[linux/ubuntu-22.04-2          ] [DEBUG] expression 'format('{0}', matrix.os)' evaluated to '%!t(string=ubuntu-22.04)'
[linux/ubuntu-22.04-2          ] [DEBUG] expression '${{ matrix.os }}' rewritten to 'format('{0}', matrix.os)'
[linux/ubuntu-22.04-2          ] [DEBUG] evaluating expression 'format('{0}', matrix.os)'
[linux/ubuntu-22.04-2          ] [DEBUG] expression 'format('{0}', matrix.os)' evaluated to '%!t(string=ubuntu-22.04)'
[linux/ubuntu-22.04-2          ] 🚀  Start image=catthehacker/ubuntu:act-22.04
[linux/ubuntu-22.04-2          ]   🐳  docker pull image=catthehacker/ubuntu:act-22.04 platform= username= forcePull=true
[linux/ubuntu-22.04-2          ] [DEBUG]   🐳  docker pull catthehacker/ubuntu:act-22.04
[linux/ubuntu-22.04-2          ] [DEBUG] pulling image 'docker.io/catthehacker/ubuntu:act-22.04' ()
[macos-release/macos-11-release] [DEBUG] evaluating expression 'success()'
[macos-release/macos-11-release] [DEBUG] expression 'success()' evaluated to 'true'
[macos-release/macos-11-release] 🚧  Skipping unsupported platform -- Try running with `-P macos-11=...`
[macos-tests/macos-latest      ] [DEBUG] evaluating expression 'success()'
[macos-tests/macos-latest      ] [DEBUG] expression 'success()' evaluated to 'true'
[macos-tests/macos-latest      ] 🚧  Skipping unsupported platform -- Try running with `-P macos-latest=...`
[windows/windows-latest        ] [DEBUG] evaluating expression 'success()'
[windows/windows-latest        ] [DEBUG] expression 'success()' evaluated to 'true'
[windows/windows-latest        ] 🚧  Skipping unsupported platform -- Try running with `-P windows-latest=...`
Error: permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/images/create?fromImage=catthehacker%2Fubuntu&tag=act-latest": dial unix /var/run/docker.sock: connect: permission denied

Additional information

No response

kintel avatar Apr 19 '23 20:04 kintel

dial unix /var/run/docker.sock: connect: permission denied you don't have permissions to access the socket

catthehacker avatar Apr 19 '23 21:04 catthehacker

That doesn't seem to be the problem:

$ curl --unix-socket /var/run/docker.sock http://localhost/version
{"Platform":{"Name":"Docker Engine - Community"},"Components":[{"Name":"Engine","Version":"23.0.2","Details":{"ApiVersion":"1.42", [...]

kintel avatar Apr 19 '23 23:04 kintel

You can check answers here as well

Cannot connect to the docker daemon at linux

dataheadless avatar May 08 '23 05:05 dataheadless

@dataheadless The docker daemon runs, and can be talked to from Linux without problems (see above). Yet, when running nektos, it fails to connect to the daemon.

kintel avatar May 09 '23 01:05 kintel

There are solutions posted here and elsewhere which may fix this issue for a while (but are unlikely to survive a reboot).

  • chown 1001 /var/run/docker.sock
  • chmod a+rw /var/run/docker.sock Neither of these are ideal, as you are changing what the system has defined the ownership/permissions to be (and it requires sudo/root which some folk might not have). Slightly better might be
  • setfacl -m runner:rw /var/run/docker.sock

Normally one would add the user to the docker group but the problem we have here is there is no guarantee that the gid for the docker group inside the container matches that of the host. If we were invoking the container ourselves the --group-add could pass in the host's docker group gid. There is a feature request https://github.com/nektos/act/issues/1798.

In the meantime we can create a bespoke image with the appropriate group added (change name/version to suit).

Create a Dockerfile:

ARG ACT_VERSION=act-20.04
FROM catthehacker/ubuntu:$ACT_VERSION as base
ARG DOCKER_GID=0
RUN sudo groupadd -g $DOCKER_GID host-docker && sudo usermod -aG host-docker runner

Build the image:

docker build --build-arg DOCKER_GID=$(awk -F: '$1=="docker" {print $3}' /etc/group) --tag my/ubuntu:act-20.04 .

Use this image in act:

act -P ubuntu-20.04=my/ubuntu:act-20.04 --pull=false

A bit long-winded, but you only have to do it once (for each version), it doesn't require sudo/root or changing the system permissions and will survive a reboot. YMMV.

andrew-pickin-epi avatar May 11 '23 13:05 andrew-pickin-epi

@dataheadless The docker daemon runs, and can be talked to from Linux without problems (see above). Yet, when running nektos, it fails to connect to the daemon.

Hi, I'm having the same issue. Any news about this topic?

I also used the command act --pull=false, but it said it is unable to determine if the image exists because it can't access to docker daemon socket. Error: unable to determine if image already exists for image 'catthehacker/ubuntu:act-latest' (): permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/images/catthehacker/ubuntu:act-latest/json": dial unix /var/run/docker.sock: connect: permission denied

giosava94 avatar Nov 06 '23 14:11 giosava94

I have a similar issue on Fedora 39 using Podman (using the official packages podman & podman-docker) and act installed as an extension for the GitHub CLI (official package gh):

$ gh act
[Continuous Integration/code-style   ]   🐳  docker pull image=catthehacker/ubuntu:act-latest platform= username= forcePull=true
Error: permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/images/create?fromImage=catthehacker%2Fubuntu&tag=act-latest": dial unix /var/run/docker.sock: connect: permission denied

Problems with this setup (Fedora 39 + Podman)

After some digging, I've identified several issues:

  1. /var/run/docker.sock is a broken link to /run/podman/podman.sock. The file /run/podman/podman.sock doesn't exist because by default Podman works in daemonless mode, so there's no daemon and therefore no socket. For the file /run/podman/podman.sock to exist, I've had to start/enable the systemd service for Podman (on Fedora: podman.socket & podman.service).
  2. My unprivileged user has permissions for /var/run/docker.sock, but not for /run/podman/podman.sock. To solve this, I've decided to enable the systemd service as an unprivileged user rather than as root, and set the environment variable DOCKER_HOST to point to /run/user/$EUID/podman/podman.sock.
  3. act seems to use the DOCKER_HOST environment variable for some steps of the process, but not all of them. When I set DOCKER_HOST=unix:///run/user/$EUID/podman/podman.sock, pulling the Docker image works, but creating the container still fails. In the end, I've decided to overwrite the symbolic link at /var/run/docker.sock to point to /run/user/$EUID/podman/podman.sock.

How to diagnose the root cause

Here are the steps I've used to find out the root cause:

  1. Check that the socket files exist and have the right permissions:

    sudo ls -l /var/run/docker.sock
sudo ls -l /run/podman/podman.sock

  2. Create the socket if it doesn't exist:

    sudo systemctl start podman.socket podman.service

  3. Check that your user can read the sockets:

    curl --unix-socket /var/run/docker.sock http://localhost/version
curl --unix-socket /run/podman/podman.sock http://localhost/version

  4. Enable the socket/service as an unprivileged user instead of root:

    sudo systemctl stop podman.socket podman.service
systemctl start --user --now podman.socket podman.service

  5. Verify again using the user socket:

    curl --unix-socket /run/user/$EUID/podman/podman.sock http://localhost/version
DOCKER_HOST=unix:///run/user/$EUID/podman/podman.sock gh act -v

  6. Overwrite the symbolic link at /var/run/docker.sock if act/podman is still trying to access /var/run/docker.sock instead of using the DOCKER_HOST environment variable:

    sudo ln -sf /run/user/$EUID/podman/podman.sock /var/run/docker.sock

    and check again:

    curl --unix-socket /var/run/docker.sock http://localhost/version
gh act -v

Solution for Fedora 39 + Podman

In the end, these are the commands that I've used to fix the problem on Fedora 39 using Podman:

systemctl enable --user --now podman.socket podman.service
sudo ln -sf /run/user/$EUID/podman/podman.sock /var/run/docker.sock

Notice that this is an acceptable workaround for me, since I'm the only user who uses act & podman on my computer, but it may not work if multiple unprivileged users need to use act & podman on the same computer, because the user socket only has permissions for that specific user.

jonancm avatar Jan 01 '24 13:01 jonancm

I had a similar issue with Docker Desktop on Ubuntu; in my case, the problem was the missing /var/run/docker.sock. I fixed it by creating a symlink to the sock file in the docker desktop folder.

  1. Check docker context:
docker context ls
NAME                TYPE                DESCRIPTION                               DOCKER ENDPOINT                                KUBERNETES ENDPOINT   ORCHESTRATOR
default             moby                Current DOCKER_HOST based configuration   unix:///var/run/docker.sock
desktop-linux *     moby                Docker Desktop                            unix:///home/mmv/.docker/desktop/docker.sock
  1. Verify it doesn't exist
ls -l /var/run/docker.sock
ls: cannot access '/var/run/docker.sock': No such file or directory
  1. Add a symlink
sudo ln -s $HOME/.docker/desktop/docker.sock /var/run/docker.sock

The solution is taken from this thread on the docker forum: https://forums.docker.com/t/is-a-missing-docker-sock-file-a-bug/134351

mmv08 avatar Mar 06 '24 15:03 mmv08