Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ec2 Centos7 + Docker 1.6 #13098

Closed
zaidiahmed opened this issue May 8, 2015 · 5 comments
Closed

Ec2 Centos7 + Docker 1.6 #13098

zaidiahmed opened this issue May 8, 2015 · 5 comments

Comments

@zaidiahmed
Copy link

Docker version 1.6.1, build 97cd073
CentOs7 in EC2
Packer + Chef

I am using packer to provision an AMI with a base Centos7 ami, I am using chef to setup my Image.

The issue I am running has to do with permissions on the docker.sock
srw-rw---- 1 root root 0 May 8 21:47 /var/run/docker.sock

I do not want to leave my instance wide open so I have created a user without sudo rights and added the user to the dockerroot group dockerroot:x:995:myuser. How do I handle docker.sock being owned by root user and root group?

I have tried to do a chown command through chef, I have tried adding a chown in the rc.local to handle this on every reboot.

I want to
chown root:dockerroot /var/run/docker.sock

you can reproduce this by running my chef script

when "rhel"
 package "docker"
 package "wget"

 execute 'get-docker-1.6' do
  command'wget https://get.docker.com/builds/Linux/x86_64/docker-latest -O /usr/bin/docker'
  user 'root'
  group 'dockerroot'
 end

 execute 'run-docker-service' do
  command 'systemctl enable docker.service'
  user 'root'
  group 'dockerroot'
 end

 execute 'start-docker-service' do
  command 'systemctl start docker.service'
  user 'root'
  group 'dockerroot'
 end

any help on the matter will be appreciated.
@GordonTheTurtle
Copy link

Hi!
If you are reporting a new issue, PLEASE make sure that does not have any duplicates already open.

We would like to take this time to remind you of the information we need to debug the problem you are seeing. This is an automated response so if this ticket is not about a bug, do not fret.

If you fail to provide this information within 7 days, we will close this because we cannot debug your issue. We can reopen whenever the information is provided.

Thank you.

Please see:
https://github.com/docker/docker/blob/master/CONTRIBUTING.md#reporting-other-issues

Description of problem:


`docker version`:


`docker info`:


`uname -a`:


Environment details (AWS, VirtualBox, physical, etc.):


How reproducible:


Steps to Reproduce:
1.
2.
3.


Actual Results:


Expected Results:


Additional info:

#ENEEDMOREINFO

@jessfraz
Copy link
Contributor

on centos you cannot use the static binary you need to use the dynamic binary, this is brought up in several other issues, the version of udev needs to be insync with the binary being used, so this will not work, we are going to have our rpms ready for 1.7 so you can use those

@zaidiahmed
Copy link
Author

Would you be so kind to link me to "several other issues" please.

@velichkov
Copy link

I do not want to leave my instance wide open so I have created a user without sudo rights and added the user to the dockerroot group dockerroot:x:995:myuser. How do I handle docker.sock being owned by root user and root group?

The solution that works for me on centos7 and docker-1.6.0 from CentOS-Extras repository is to add '-G dockerroot ' to OPTIONS in /etc/sysconfig/docker

$ grep OPTIONS /etc/sysconfig/docker
OPTIONS='--selinux-enabled -G dockerroot'

@nxadm
Copy link

nxadm commented Feb 18, 2016

@velichkov Thx, that did the trick.

C.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@zaidiahmed @velichkov @jessfraz @nxadm @GordonTheTurtle