Unable to access Docker socket, please run like this

Question

Unable to access Docker socket, please run like this

g1ra opened this issue 9 years ago · 12 comments

I got this after making an alias and running dockviz images -t

# dockviz images -t
Usage of loopback devices is strongly discouraged for production use. Either use `--storage-opt dm.thinpooldev` or use `--storage-opt dm.no_warn_on_loop_devices=true` to suppress this warning.
Unable to access Docker socket, please run like this:
  docker run --rm -v /var/run/docker.sock:/var/run/docker.sock nate/dockviz images <args>
For more help, run 'dockviz help'

Answer 1 · 2015-08-28T17:05:08.000Z

Hm, that's odd. Have you tried running the full command:

docker run --rm -v /var/run/docker.sock:/var/run/docker.sock nate/dockviz images -t

What is your alias? Also, can you provide the output of docker version and docker info?

Thanks

Answer 2 · 2015-08-28T19:01:32.000Z

Hello, Thanks for the reply

my alias is

alias dockviz="docker run --rm -v /var/run/docker.sock:/var/run/docker.sock nate/dockviz"

[root@ip-host ~]# docker run --rm -v /var/run/docker.sock:/var/run/docker.sock nate/dockviz images -t
Usage of loopback devices is strongly discouraged for production use. Either use `--storage-opt dm.thinpooldev` or use `--storage-opt dm.no_warn_on_loop_devices=true` to suppress this warning.
Unable to access Docker socket, please run like this:
  docker run --rm -v /var/run/docker.sock:/var/run/docker.sock nate/dockviz images <args>
For more help, run 'dockviz help'
[root@ip-host ~]# docker version
Client version: 1.7.1
Client API version: 1.19
Package Version (client): docker-1.7.1-108.el7.centos.x86_64
Go version (client): go1.4.2
Git commit (client): 3043001/1.7.1
OS/Arch (client): linux/amd64
Server version: 1.7.1
Server API version: 1.19
Package Version (server): docker-1.7.1-108.el7.centos.x86_64
Go version (server): go1.4.2
Git commit (server): 3043001/1.7.1
OS/Arch (server): linux/amd64
[root@ip-host ~]# docker info
Containers: 9
Images: 8
Storage Driver: devicemapper
 Pool Name: docker-202:1-8701221-pool
 Pool Blocksize: 65.54 kB
 Backing Filesystem: xfs
 Data file: /dev/loop0
 Metadata file: /dev/loop1
 Data Space Used: 751.6 MB
 Data Space Total: 107.4 GB
 Data Space Available: 6.515 GB
 Metadata Space Used: 1.52 MB
 Metadata Space Total: 2.147 GB
 Metadata Space Available: 2.146 GB
 Udev Sync Supported: true
 Deferred Removal Enabled: false
 Data loop file: /var/lib/docker/devicemapper/devicemapper/data
 Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
 Library Version: 1.02.93-RHEL7 (2015-01-28)
Execution Driver: native-0.2
Logging Driver: json-file
Kernel Version: 3.10.0-229.11.1.el7.x86_64
Operating System: CentOS Linux 7 (Core)
CPUs: 1
Total Memory: 992.1 MiB
Name: ip-host.us-west-2.compute.internal
ID: RKLO:OFTL:RALD:WSJN:WQJ7:TGWG:YLO2:EJFM:FYN5:TWDU:2OYP:CJ2A
[root@ip-host ~]#

Answer 3 · 2015-08-29T08:38:54.000Z

Update solved the problem.

yum remove docker
curl -sSL https://get.docker.com/ | sh
docker version
systemctl start docker
systemctl status docker
systemctl enable docker
docker version
docker help
docker info
alias dockviz="docker run --rm -v /var/run/docker.sock:/var/run/docker.sock nate/dockviz"
dockviz images -t

Answer 4 · 2015-08-29T23:06:11.000Z

Wow, that's great. Glad it worked out.

Answer 5 · 2015-09-01T09:26:05.000Z

hello great thanks

Answer 6 · 2016-02-13T00:12:19.000Z

I get the same error message. I am not sure why. Other containers seem to work fine.

> docker run --rm -v /var/run/docker.sock:/var/run/docker.sock nate/dockviz images -t
Unable to access Docker socket, please run like this:
  docker run --rm -v /var/run/docker.sock:/var/run/docker.sock nate/dockviz images <args>
For more help, run 'dockviz help'

> docker info
Containers: 4
Images: 182
Storage Driver: devicemapper
 Pool Name: docker-8:3-796870-pool
 Pool Blocksize: 65.54 kB
 Backing Filesystem: extfs
 Data file: /dev/loop0
 Metadata file: /dev/loop1
 Data Space Used: 5.594 GB
 Data Space Total: 107.4 GB
 Data Space Available: 4.055 GB
 Metadata Space Used: 10.17 MB
 Metadata Space Total: 2.147 GB
 Metadata Space Available: 2.137 GB
 Udev Sync Supported: true
 Deferred Removal Enabled: false
 Data loop file: /var/lib/docker/devicemapper/devicemapper/data
 Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
 Library Version: 1.02.109 (2015-09-22)
Execution Driver: native-0.2
Logging Driver: json-file
Kernel Version: 4.2.8-300.fc23.x86_64
Operating System: Fedora 23 (Twenty Three)
CPUs: 4
Total Memory: 15.58 GiB
Name: cessna
ID: NSSN:J2Y3:NCTJ:22AC:BM6U:BC3A:CYDA:GRTG:CX52:L5PG:ZXCV:LBB2

> docker version
Client:
 Version:      1.8.2.fc21
 API version:  1.20
 Package Version: docker-io-1.8.2-2.gitcb216be.fc21.x86_64
 Go version:   go1.5.1
 Git commit:   3abcea7-dirty
 Built:        Tue Oct 13 14:39:50 UTC 2015
 OS/Arch:      linux/amd64

Server:
 Version:      1.8.2.fc21
 API version:  1.20
 Package Version: 
 Go version:   go1.5.1
 Git commit:   3abcea7-dirty
 Built:        Tue Oct 13 14:39:50 UTC 2015
 OS/Arch:      linux/amd64

Answer 7 · 2016-02-13T05:19:21.000Z

Hm... That is odd. How is docker installed? Is it listening on the /var/run/docker.sock socket or the tcp port? Are any of the DOCKER_ environment variables set (like DOCKER_HOST)?

Answer 8 · 2016-02-13T17:55:04.000Z

@rvernica the cause of this problem may be access not permitted. may be. try your action with sudo

Answer 9 · 2016-02-16T17:48:06.000Z

There are no DOCKER_* environment variables:

> printenv | grep DOCKER
>

Docker is installed from the default RPM package coming from Fedora:

> sudo dnf info docker
Last metadata expiration check performed 3 days, 20:31:59 ago on Fri Feb 12 13:09:48 2016.
Available Packages
Name        : docker
Arch        : x86_64
Epoch       : 1
Version     : 1.9.1
Release     : 6.git6ec29ef.fc23
Size        : 9.0 M
Repo        : updates
Summary     : Automates deployment of containerized applications
URL         : https://github.com/projectatomic/docker
License     : ASL 2.0
Description : Docker is an open-source engine that automates the deployment of
            : any application as a lightweight, portable, self-sufficient
            : container that will run virtually anywhere.
            : 
            : Docker containers can encapsulate any payload, and will run
            : consistently on and between virtually any server. The same
            : container that a developer builds and tests on a laptop will run
            : at scale, in production*, on VMs, bare-metal servers, OpenStack
            : clusters, public instances, or combinations of the above.

I believe, it is listening on the socket as the file exists:

> ll /var/run/docker.sock
srw-rw----. 1 root root 0 Feb 12 16:01 /var/run/docker.sock

I am using sudo, I have an alias (alias docker='sudo docker'), or:

> sudo docker run --rm -v /var/run/docker.sock:/var/run/docker.sock nate/dockviz images -t                                                           [1]
Unable to access Docker socket, please run like this:
  docker run --rm -v /var/run/docker.sock:/var/run/docker.sock nate/dockviz images <args>
For more help, run 'dockviz help'

Answer 10 · 2016-02-16T18:18:58.000Z

That is interesting. I'll try to spin up a Fedora VM and see if I can reproduce the problem.

Answer 11 · 2016-02-20T21:07:53.000Z

Hey, got a chance to try this out. Looks like Fedora and RHEL use SELinux to restrict access to the docker socket in containers. I found two ways of working around it:

Use the --privileged flag:

$ sudo docker run --privileged --rm -v /var/run/docker.sock:/var/run/docker.sock nate/dockviz images -t

Add an SELinux policy to allow access from containers to the docker socket with this repo.

I'll work on adding to the error message if the socket exists but permission is denied.

Hope that helps.

Answer 12 · 2016-02-23T00:26:59.000Z

--privileged did the trick. Thanks for looking into it!