I'm suddenly having issues after an update of Ubuntu 18.04: previously I've used docker without issue on the system, but suddenly I cannot. As far as I can tell, the permissions look correct:
$ docker run hello-world
docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.35/containers/create: dial unix /var/run/docker.sock: connect: permission denied.
See 'docker run --help'.
$ ls -last /var/run/docker.sock
0 srw-rw---- 1 root docker 0 Jul 14 09:10 /var/run/docker.sock
$ whoami
brandon
$ cat /etc/group | grep docker
docker:x:995:brandon
nvidia-docker:x:994:
EDIT:
Group information:
$ groups
brandon
$ groups brandon
brandon : brandon adm cdrom sudo dip plugdev games lpadmin sambashare docker
$ whoami
brandon
Update
Since the original post where I upgraded a system from 17.04 to 18.04, I've done two upgrades from 16.04 to 18.04, and neither of the later systems had the issue. So it might be something to do with the 17.04 to 18.04 upgrade process. I've yet to perform a fresh 18.04 installation.
sudo setfacl -m user:brandon:rw /var/run/docker.sock
doesn't require a restart and is more secure than usermod or chown
add the user to the docker group.
sudo usermod -aG docker $USER
sudo reboot
I did the quick fix and it worked immediately.
sudo chmod 777 /var/run/docker.sock
Specific to Ubuntu, there is a known issue with lightdm that removes secondary groups from the user as part of the GUI login. You can follow that issue here: https://bugs.launchpad.net/lightdm/+bug/1781418
You can try switching off of lightdm or apply the workaround mentioned in the bug report:
[Comment out the below lines from /etc/pam.d/lightdm:]
auth optional pam_kwallet.so auth optional pam_kwallet5.so
Temporary options include logging into your machine with something like an ssh or su -l command, or running the newgrp docker command. These will only affect the current shell and would need to be done again with each new terminal.
Outside of this issue, the general commands to give a user direct access to the docker socket (and therefore root access to the host) are:
sudo usermod -aG docker $(id -un) # you can often use $USER in place of the id command
newgrp docker # affects the current shell, logging out should affect all shells
I run:
sudo docker run -it -p 8889:8888 -v /home/Documents/pa1:/home/ucsddse230/work ucsddse230/cse255-dse230 /bin/bash
and it work for me, given:
ucsddse230@50f69cc7cb0a:~/work$
来源:https://stackoverflow.com/questions/51342810/how-to-fix-dial-unix-var-run-docker-sock-connect-permission-denied-when-gro