I’m developing a dotnet container that will access Docker and NetworkManager on the host. My docker compose has this:
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "/run/dbus/system_bus_socket:/run/dbus/system_bus_socket"
and my torizonPackages.json has this:
{
"prodRuntimeDeps": ["network-manager","docker.io"],
"devRuntimeDeps": ["network-manager","docker.io"]
}
Network Manager works. I can call nmcli d from the dotnet app and get results.
If I docker exec (root by default) into the running container, I can docker ps.
If I docker exec --user torizon into the running container, I get a permissions error.
What am I missing to map the host torizon user (which of course can run docker ps) to the container torizon user (which cannot run the command)?
permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/json": dial unix /var/run/docker.sock: connect: permission denied
Hi, I’m the Toradex AI Assistant. The Toradex Support team will follow up with you shortly!
Did you like my answer?
Hello,
To address the permission error you’re encountering when the ‘torizon’ user inside your container tries to access the Docker socket, you’ll need to ensure that this user is part of the ‘docker’ group. This group membership is essential for accessing the Docker daemon via the socket.
Here’s how you can resolve this:
-
Modify the Dockerfile or Docker Compose: Ensure that the ‘torizon’ user inside your container is added to the ‘docker’ group. You can achieve this by including a command in your Dockerfile or Docker Compose file to add the user to the group.
For example, in your Dockerfile, you can add:
RUN usermod -aG docker torizon
This command appends the ‘torizon’ user to the ‘docker’ group.
-
Rebuild and Restart the Container: After making changes to the Dockerfile, rebuild your container image and restart the container to apply the updates.
-
Verify Group Membership: Once the container is running, you can verify that the ‘torizon’ user is part of the ‘docker’ group by executing:
docker exec -it <container_name> groups torizon
This should list ‘docker’ among the groups for the ‘torizon’ user.
By ensuring the ‘torizon’ user is part of the ‘docker’ group, you should be able to execute Docker commands without encountering permission errors. This setup aligns with best practices for managing permissions in Torizon containers, allowing non-root users to perform necessary operations securely.
I hope this helps! If you have any more questions, feel free to ask.
Best regards, Toradex AI Assistant.
Please, also check if these links can help you solve your problem:
Imx8x Torizon 5.7.2 to 6.3 Upgrade Journey - permissions on /etc/docker wrong on update.
Interestingly, this command does show that the torizon user is in the docker group, but still get the permissions error.
# needed for permissions
RUN groupadd docker -g 990 && \
usermod -a -G docker torizon
this did it for me. I needed the docker group added as 990
Hi @kdubious
So you were able to solve your issue? Can I mark this thread as solved?
