[Docker Desktop 4.13] Cannot bind mount new docker.sock location (user home) to /var/run/docker.sock

[gamerson]

• I have tried with the latest version of Docker Desktop
• I have tried disabling enabled experimental features
• I have uploaded Diagnostics
• Diagnostics ID:

Expected behavior

I can run docker run -it -v ${HOME}/.docker/run/docker.sock:/var/run/docker.sock [IMAGE] bash and then inside my container I can run a command like docker ps or k3d cluster list or some other CLI that tries to communicate with the docker daemon on my host.

Actual behavior

I get the following error:

docker run -it -v ${HOME}/.docker/run/docker.sock:/var/run/docker.sock [my-image-that-has-docker] docker ps
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

However, if I create a symlink from $HOME/.docker/run/docker.sock to /var/run/docker.sock and then execute this command

docker run -it -v /var/run/docker.sock:/var/run/docker.sock [my-image-that-has-docker] docker ps

It now works:

~/repos/liferay/liferay-cli on linuxOnlyUserUidAndGuidString ❯ docker run -it -v /var/run/docker.sock:/var/run/docker.sock localdev-server docker ps
CONTAINER ID   IMAGE                            COMMAND                  CREATED        STATUS                  PORTS                                                   NAMES
f2e4df7dc96b   localdev-server                  "/entrypoint.sh dock…"   1 second ago   Up Less than a second                                                           zen_galois
01ea87669ab3   ghcr.io/k3d-io/k3d-proxy:5.4.6   "/bin/sh -c nginx-pr…"   2 hours ago    Up 34 minutes           80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:64431->6443/tcp   k3d-localdev-serverlb
67e51c1543fc   rancher/k3s:v1.24.4-k3s1         "/bin/k3d-entrypoint…"   2 hours ago    Up 34 minutes                                                                   k3d-localdev-server-0
bdab4e16f0fe   registry:2                       "/entrypoint.sh /etc…"   2 hours ago    Up 34 minutes           0.0.0.0:50505->5000/tcp                                 registry.lfr.dev

Is there something different about setting up a bind map from ${HOME}/.docker/run/docker.sock and /var/run/docker.sock?

Thanks in advance!

[thaJeztah]

I think you should be able to use /var/run/docker.sock for the host part; docker desktop handles that path, and makes sure the container gets the socket mounted from within the VM (not the socket on the macOS host)

[gamerson]

Yes, that does work. I can create a symlink from /var/run/docker.sock to $HOME/.docker/run/docker.sock. Then I can run docker run -v /var/run/docker.sock:/var/run/docker.sock docker:dind docker ps
and that will work

But I want to eventually be able to support the new location for docker desktop ($HOME/.docker/run/docker.sock), but for clis running inside of dind (k3d) I want them to be able to use /var/run/docker.sock . I've installed Docker Desktop 4.13 and I have the new location available $HOME/.docker/run/docker.sock and I was hoping that i could do
docker run -it -v $HOME/.docker/run/docker.sock:/var/run/docker.sock docker:dind docker ps But currently that says that operation is not permitted.

[thaJeztah]

I don't think the path on the host is needed; docker desktop has special handling for /var/run/docker.sock (separate from whatever location it's accessible at on the host), as you'd want to mount it from within the VM into the container

[gamerson]

Hmm, interesting idea. Maybe I'm mis understanding something but I just tried these with no luck
docker run -it docker:dind docker ps
docker run -it -v :/var/run/docker.sock docker:dind docker ps
Maybe you could show me what you were thinking? Appreciate it.

[nicks]

docker run -it -v /var/run/docker.sock:/var/run/docker.sock docker:dind docker ps

The intuitive way to think about it is that there are three filesystems - the host and the vm and the container. Docker Desktop has some cleverness to mount the vm's docker socket.

We need to follow-up to figure out if you should be able to mount the ~/.docker/run/docker.sock ...

[gamerson]

Hey @nicks so the architecture of our dev experience for our customers is that we embed a bunch of "cluster tools" inside of a docker container, and those tools need access to the docker daemon on the host (so k3d can start a k3s cluster). We also run tilt (which we love btw!) inside that docker container. So our entire dev experience we are building for our customer is predicated on the fact that tools inside a docker container (k3d, kubectl, tilt, docker) will have access via /var/run/docker.sock to the outer docker daemon on the host. We do this by always launching our "tooling" containers with -v /var/run/docker.sock:/var/run/docker.sock. And when we tried to switch to -v $HOME/.docker/run/docker.sock:/var/run/docker.sock we ran into sharing issues.

I would love to get your feedback on our approach.

[nicks]

@gamerson That's a good approach! It's the exact approach we're trying to make easier. Please let us know if you run into any additional difficulties with it.

[gamerson]

hey @nicks I'm glad to hear our approach isn't "out of bounds". :) As long as we will have a supported/approved way going forward (mounting the host socket from containers) I'm happy and I'll mark this issue as closed.

[docker-robott]

Closed issues are locked after 30 days of inactivity.
This helps our team focus on active issues.

If you have found a problem that seems similar to this, please open a new issue.

/lifecycle locked