How to fix docker-compose permission denial for rootless user while trying to connect to the Docker daemon socket ?

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 9
  • docker-compose
  • podman

Resolution

  • Rootless user is trying to access /var/run/docker.sock(/run/docker.sock which is a symlink to /run/podman/podman.sock) which is not accessible by a rootless user and only the root user can access it.
  • The socket a rootless user uses is $XDG_RUNTIME_DIR/podman/podman.sock.
  • /run/docker.sock can not be used as a rootless user, the users socket needs to be enabled with systemctl --user enable --now podman.socket, run it as the rootless user and then symlink /run/docker.sock to that socket.

  • The disadvantage is this can be done only for one user at a time. So if there are multiple users trying to use docker.sock when it's linked to another user's socket it will still fail.

  • Another option is to export DOCKER_HOST with export DOCKER_HOST="unix:$XDG_RUNTIME_DIR/podman/podman.sock".

    P.S: Please note that docker-compose is not supported by Red Hat. So any configuration/error on that part would be unsupported by Red Hat. This document is just guidance as a part of our best efforts.

Diagnostic Steps

  • Here we show the link from /run/docker.sock,
  $ ls -al /run/docker.sock
  lrwxrwxrwx. 1 root root 23 Mar 16 11:35 /run/docker.sock -> /run/podman/podman.sock
  • But podman.sock is not accessible by rootless user.
  $ ls -al /run/podman/podman.sock
  ls: cannot access '/run/podman/podman.sock': Permission denied
  • However if $XDG_RUNTIME_DIR/podman/podman.sock is used, it works fine.
  $ ls -al /run/user/1000/podman/podman.sock 
  srw-rw----. 1 podman podman 0 Mar 16 11:37 /run/user/1000/podman/podman.sock

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments