No updates: Permission denied on unix socket #664

klausagnoletti · 2020-10-23T06:12:32Z

klausagnoletti
Oct 23, 2020

I run a handful of containers on my debian server. And somehow I can't get watchtower to behave. For some reason it does assume the right user so it doesn't have access to the unix socket as it should. I have no idea why - and also no idea how to fix it.

I have deployed the container using the standard docker run command from the docs. I want the container to run as uid 1000 and gid 1000. I tried adding that to the initial docker run '-u 1000:1000'. That didn't work. I tried looking through the docs to see if there was any mention of accomplishing this with environment variables (as with some containers). But no.

This is the error I get - so no containers gets updated:

time="2020-10-23T05:54:37Z" level=fatal msg="Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.25/containers/json?filters=%7B%22status%22%3A%7B%22running%22%3Atrue%7D%7D&limit=0": dial unix /var/run/docker.sock: connect: permission denied"

Any help is highly appreciated. I have tried anything I can think of so I am completely out of ideas.

/klaus

Answered by piksel

Oct 25, 2020

It might be caused by SELinux, in that case, you could try running it with:

$ docker run -d
--name watchtower
-v /var/run/docker.sock:/var/run/docker.sock:z
containrrr/watchtower

(note the added :z suffix to the volume mapping)

View full answer

piksel · 2020-10-23T14:35:15Z

piksel
Oct 23, 2020
Maintainer

Can you provide the docker command you use to run watchtower?

2 replies

klausagnoletti Oct 25, 2020
Author

Sure. As I said, I am doing exactly what the docs say:

$ docker run -d \
    --name watchtower \
    -v /var/run/docker.sock:/var/run/docker.sock \
    containrrr/watchtower

And this gives me the error I pasted above.

Thanks

piksel Oct 25, 2020
Maintainer

Sorry, I wasn't sure if you meant that you had altered it with uid/guid mapping since you mentioned:

I want the container to run as uid 1000 and gid 1000

piksel · 2020-10-25T10:13:48Z

piksel
Oct 25, 2020
Maintainer

It might be caused by SELinux, in that case, you could try running it with:

$ docker run -d
--name watchtower
-v /var/run/docker.sock:/var/run/docker.sock:z
containrrr/watchtower

(note the added :z suffix to the volume mapping)

0 replies

simskij · 2020-10-25T18:30:53Z

simskij
Oct 25, 2020
Maintainer

Hey!

What is the output if you run this command?

$ docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock docker docker ps

0 replies

klausagnoletti · 2020-10-26T17:46:04Z

klausagnoletti
Oct 26, 2020
Author

Hi Nils I understand. But no, I didn't change it. I tried but couldn't figure out how. /k

…

On Sun, Oct 25, 2020 at 11:15 AM nils måsén ***@***.***> wrote: Sorry, I wasn't sure if you meant that you had altered it with uid/guid mapping since you mentioned: I want the container to run as uid 1000 and gid 1000 — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#664 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AF3IKWNFT56ZJXHHONUN4DLSMP3D3ANCNFSM4S4D4WRA> .

-- Klaus Agnoletti

0 replies

klausagnoletti · 2020-10-26T21:05:52Z

klausagnoletti
Oct 26, 2020
Author

Hi Nils. That seems to do the trick. I don't get it since SELInux is disabled (getenforce tells me that).. But hey, at least there's no errors now :) Thanks a lot! /k

…

On Sun, Oct 25, 2020 at 11:14 AM nils måsén ***@***.***> wrote: It might be caused by SELinux <http://www.projectatomic.io/blog/2015/06/using-volumes-with-docker-can-cause-problems-with-selinux/>, in that case, you could try running it with: $ docker run -d --name watchtower -v /var/run/docker.sock:/var/run/docker.sock:z containrrr/watchtower (note the added :z suffix to the volume mapping) — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#664 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AF3IKWLWJPLKOFJTLGVTRHLSMP26RANCNFSM4S4D4WRA> .

-- Klaus Agnoletti

0 replies

klausagnoletti · 2020-10-26T21:07:39Z

klausagnoletti
Oct 26, 2020
Author

Hey That command lists all my current containers. I guess that's what it is supposed to do, right? Thanks /k

…

On Sun, Oct 25, 2020 at 7:31 PM Simon Aronsson ***@***.***> wrote: Hey! What is the output if you run this command? $ docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock docker docker ps — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#664 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AF3IKWKKHYXBXLUDMB7LPKLSMRVGRANCNFSM4S4D4WRA> .

-- Klaus Agnoletti

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

No updates: Permission denied on unix socket #664

{{title}}

Replies: 6 comments 2 replies

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

No updates: Permission denied on unix socket #664

klausagnoletti Oct 23, 2020

Replies: 6 comments · 2 replies

piksel Oct 23, 2020 Maintainer

klausagnoletti Oct 25, 2020 Author

piksel Oct 25, 2020 Maintainer

piksel Oct 25, 2020 Maintainer

simskij Oct 25, 2020 Maintainer

klausagnoletti Oct 26, 2020 Author

klausagnoletti Oct 26, 2020 Author

klausagnoletti Oct 26, 2020 Author

klausagnoletti
Oct 23, 2020

Replies: 6 comments 2 replies

piksel
Oct 23, 2020
Maintainer

klausagnoletti Oct 25, 2020
Author

piksel Oct 25, 2020
Maintainer

piksel
Oct 25, 2020
Maintainer

simskij
Oct 25, 2020
Maintainer

klausagnoletti
Oct 26, 2020
Author

klausagnoletti
Oct 26, 2020
Author

klausagnoletti
Oct 26, 2020
Author