WSL /var/run/docker.sock permissions

[rgl]

Rancher Desktop Version

0.7.1

Rancher Desktop K8s Version

1.22.5

What operating system are you using?

Windows

Operating System / Build Version

Windows 10

What CPU architecture are you using?

x64

Windows User Only

No response

Actual Behavior

Cannot use docker as a regular ubuntu user.

Steps to Reproduce

• Install WSL 2
• Install Ubuntu 20.04
• Create the default Ubuntu user
• Install Rancher Desktop
• Enable Rancher Desktop integration with Ubuntu 20.04
• Open WSL inside Ubuntu 20.04
• Execute docker ps

Result

rgl@xxx:~$ docker ps
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/json": dial unix /var/run/docker.sock: connect: permission denied

rgl@xxx:~$ ll /var/run/docker.sock
srwxr-xr-x 1 root root 0 Dec 23 11:34 /var/run/docker.sock=

rgl@xxx:~$ id
uid=1000(rgl) gid=1000(rgl) groups=1000(rgl),4(adm),20(dialout),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),117(netdev)

Expected Behavior

To be able to use docker as a regular user.

Maybe put the docker socket in a docker group and set its permissions to rwxrwxr-x root docker.

Additional Information

Running docker ps from Windows (e.g. from a powershell session) works fine.

But running docker ps from within WSL Ubuntu does not work.

It also fails to work when I add my user to the root group:

rgl@xxx:~$ docker ps
request returned Bad Gateway for API route and version http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/json, check if the server supports the requested API version

rgl@xxx:~$ id
uid=1000(rgl) gid=1000(rgl) groups=1000(rgl),0(root),4(adm),20(dialout),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),117(netdev)

[mattfarina]

@rgl this is something we have discussed and trying to find the best experience is difficult. For example, if I use apt to install docker inside of WSL in Ubuntu and use it there I would get the same permission denied message. The expectation in that situation is to add the default user to the group or to be root/sudo.

Do follow the native Ubuntu pattern (which applies to other distros as well) or break from the native pattern? This is situation we face.

[mook-as]

Also, please note that if the docker group exists, then /var/run/docker.sock will be set to be group-writable by that group. However, we do not create that group.

[rgl]

After creating the docker group and adding me:

$ sudo groupadd --system docker
$ sudo usermod -aG docker rgl
$ exit
$ id
uid=1000(rgl) gid=1000(rgl) groups=1000(rgl),0(root),4(adm),20(dialout),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),116(admin),117(netdev),999(docker)

The socket now has the correct permissions:

$ ll /var/run/docker.sock
srwxrwxr-x 1 root docker 0 Dec 24 05:58 /var/run/docker.sock=

Thanks for pointing that out!

Though it still fails with the error that I've pointed before:

$ docker ps
request returned Bad Gateway for API route and version http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/json, check if the server supports the requested API version

[ericpromislow]

This looks like it'll work:

sudo addgroup --system docker
sudo adduser $USER docker
newgrp docker
# And something needs to be done so $USER always runs in group `docker` on the `Ubuntu` WSL
sudo chown root:docker /var/run/docker.sock
sudo chmod g+w /var/run/docker.sock

[ericpromislow]

It's a doc issue -- see rancher-sandbox/docs.rancherdesktop.io#5

[ericpromislow]

And merged into the docs repo at rancher-sandbox/docs.rancherdesktop.io#5 (comment)

[rgl]

Not sure what is going on; but like I've mentioned before, even after changing the socket file permissions, docker ps still does not work from within WSL. So maybe this issue should not be closed? Or a new open should be open?

This is how it fails:

$ docker ps
request returned Bad Gateway for API route and version http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/json, check if the server supports the requested API version

[ericpromislow]

Here's the sort of thing I would expect to see running the following commands (in my case, in an Ubuntu subsystem that has been checked on the WSL Integrations page):

$  ls -l /var/run/docker.sock
srwxrwxr-x 1 root docker 0 Jan 21 10:19 /var/run/docker.sock
$ grep docker /etc/group
docker:x:119:ericp
$ id -G |  | grep -Eo '\b119\b'
119
$ docker ps
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES
...

[krumware]

The docs currently have an incorrect command. They use sudo addgrp docker instead of sudo groupadd docker

[ikogan]

I'm also experiencing the request returned Bad gateway for API route and version error. Is it possible the Linux CLI and the docker daemon are somehow mismatched version-wise?

[ericpromislow]

Fixed by putting a solution in the FAQ

[Nick-Wunderdog]

For me, vanilla WSL default Ubuntu (wsl -v 2)

ll /var/run/docker.sock
srw-rw---- 1 root docker 0 Mar 23 16:49 /var/run/docker.sock=

[jandubois]

In Rancher Desktop 1.8.0+ the socket should be world readable/writable, so you don't need to create the docker group anymore:

$ ls -l /var/run/docker.sock
srwxrwxrwx 1 root root 0 Mar 23 21:19 /var/run/docker.sock