-
Notifications
You must be signed in to change notification settings - Fork 18.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dockerd ignores sssd docker group #27741
Comments
i think this issue can be closed. the OP's issue appears to be fixed by 6cb8392 |
Seems so, thanks! |
I ran into this problem on a server running an old version of docker before this was fixed. Specifying the dockergid=$(getent group docker | cut -d: -f3)
sudo sed -i /etc/sysconfig/docker -e "s/other_args=.*/other_args=--group=$dockergid/g" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Previously on 1.11, there was a systemd implementation of docker.socket that defined the socket to run as root:docker (SocketGroup=docker).
With the 1.12 implementation of dockerd, --group=docker seems to be is ignored if the group isn't explicitly defined in /etc/group.
On site here, we manage user accounts and groups with FreeIPA - this uses sssd, rather than local accounts. As such, there is no entry for docker in /etc/group, meaning the upgrade to 1.12 knocked out non-root user access to the docker socket. The temporary fix for this was to manually add an entry for docker with the correct GID into /etc/group.
Looking at the source, I suspect the existence of group docker is being checked using:
grep docker /etc/group
rather than:
getent group docker
The text was updated successfully, but these errors were encountered: