-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to run rootless docker in docker #6505
Labels
bug report
investigate
Collect additional information, like space on disk, other tool incompatibilities etc.
OS: Ubuntu
Comments
Hi @mrgrain, we will take a look and get back to you. |
igorboskovic3
added
investigate
Collect additional information, like space on disk, other tool incompatibilities etc.
OS: Ubuntu
and removed
needs triage
labels
Nov 2, 2022
Hey @mrgrain.
|
Thanks @al-cheb that's at least a consistent workaround. 👍🏻 |
Close as external. |
This was referenced Nov 19, 2022
mergify bot
pushed a commit
to cdklabs/cdk-enterprise-iac
that referenced
this issue
Nov 19, 2022
….ts (#106) Fixes #105 Fixes #88 - Update to use `.projenrc.ts` instead of `.projenrc.js` - Dynamically get docker group id from github actions container ([ref](actions/runner-images#6505 (comment)))
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
bug report
investigate
Collect additional information, like space on disk, other tool incompatibilities etc.
OS: Ubuntu
Description
When running in a rootless docker container, it is not easily possible to run Docker in Docker (or Docker out of Docker) commands. This is due to missing permissions of the rootless user to access the mounted
unix:///var/run/docker.sock
Platforms affected
Runner images affected
Image version and build link
https://github.com/mrgrain/repro-rootless-dind/actions/runs/3377152959
Is it regression?
No
Expected behavior
In order of preference:
container
property. e.g.options: --group-add
is a nice enough work around. However currently we have to specify the numeric id of the docker group to make this work. Furthermore this id appears to be different on various images. I also suspect it can change at any time.It seems that
options: --group-add docker
will use the group id from inside the container, which will be wrong. So I guess we would need a stable way to get the correct id. Maybe this could be something like{{ options: --group-add {{runner.docker-group-id}}
. Or even a documented id for the group that's fix and consistent across all images.Actual behavior
The docker command fails with the following error
Repro steps
https://github.com/mrgrain/repro-rootless-dind/blob/main/.github/workflows/rootless-dind.yml
The text was updated successfully, but these errors were encountered: