以非root用户运行docker inside docker
[英]Run docker inside docker as non root user
问题描述
How can I run docker commands inside a docker container when the user is not root?
当用户不是 root 用户时,如何在 docker 容器内运行 docker 命令?
The reason behind this (running as non root) is that the (first) container creates some files on a mounted volume.这背后的原因(以非根用户身份运行)是(第一个)容器在已安装的卷上创建了一些文件。 If the user in the container is root then these files' owner is also root.如果容器中的用户是 root,那么这些文件的所有者也是 root。 If I run the container with the same user as on the host system then these files have the correct user and group.如果我使用与主机系统相同的用户运行容器,那么这些文件具有正确的用户和组。
docker run --rm -it -u $(id -u):$(id -g) -v /var/run/docker.sock:/var/run/docker.sock ubuntu /bin/bash
// inside container:
// assume docker binary is available
docker pull alpine
This will not work when run as a non root user giving following error:当以非 root 用户身份运行时出现以下错误,这将不起作用:
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.24/images/create?fromImage=alpine&tag=latest: dial unix /var/run/docker.sock: connect: permission denied
1 个解决方案
解决方案1
1 已采纳 2022-04-11 10:12:37
Docker: Docker:
docker run -it -u $(id -u):$(id -g) --group-add $(getent group docker | cut -d ':' -f 3) --rm -v /var/run/docker.sock:/var/run/docker.sock docker docker --version
For Docker Compose set group_add under your service and set the env variable:对于 Docker Compose 在您的服务下设置group_add并设置环境变量:
export DOCKER_GROUP_ID=$(getent group docker | cut -d ':' -f 3);
services:
myservice:
image: docker
group_add:
- ${DOCKER_GROUP_ID}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.