Valkey socket bind permission denied
Opened this issue · 4 comments
It seems to be there is a permission issue when trying to use a socket for valkey server container:
$ docker run -it --rm valkey/valkey valkey-server --unixsocket /run/valkey.sock
1:C 07 Oct 2024 07:24:29.919 # WARNING Memory overcommit must be enabled! Without it, a background save or replication may fail under low memory condition. Being disabled, it can also cause failures without low memory condition, see https://github.com/jemalloc/jemalloc/issues/1328. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
1:C 07 Oct 2024 07:24:29.920 * oO0OoO0OoO0Oo Valkey is starting oO0OoO0OoO0Oo
1:C 07 Oct 2024 07:24:29.921 * Valkey version=8.0.1, bits=64, commit=00000000, modified=0, pid=1, just started
1:C 07 Oct 2024 07:24:29.921 * Configuration loaded
1:M 07 Oct 2024 07:24:29.921 * monotonic clock: POSIX clock_gettime
.+^+.
.+#########+.
.+########+########+. Valkey 8.0.1 (00000000/0) 64 bit
.+########+' '+########+.
.########+' .+. '+########. Running in standalone mode
|####+' .+#######+. '+####| Port: 6379
|###| .+###############+. |###| PID: 1
|###| |#####*'' ''*#####| |###|
|###| |####' .-. '####| |###|
|###| |###( (@@@) )###| |###| https://valkey.io
|###| |####. '-' .####| |###|
|###| |#####*. .*#####| |###|
|###| '+#####| |#####+' |###|
|####+. +##| |#+' .+####|
'#######+ |##| .+########'
'+###| |##| .+########+'
'| |####+########+'
+#########+'
'+v+'
1:M 07 Oct 2024 07:24:29.922 # Failed opening Unix socket: bind: Permission denied/run/valkey.sock is the current default suggestion.
We need to mount a volume and use a valkey.conf file to run the server with the configs and the also a valkey.soc file with the right permissions to use a socket for valkey server container:
I make a tmp/valkey.conf file like
unixsocket valkey.sock
unixsocketperm 700
also created tmp/valkey.soc and change file permission to 700
chmod 700 tmp/valkey.soc
you can run the following commands
docker run -d \
-v /tmp:/usr/local/etc/valkey \
valkey/valkey valkey-server /usr/local/etc/valkey/valkey.conf;
valkey-server logs:
1:C 07 Oct 2024 19:36:27.390 * oO0OoO0OoO0Oo Valkey is starting oO0OoO0OoO0Oo
1:C 07 Oct 2024 19:36:27.390 * Valkey version=8.0.1, bits=64, commit=00000000, modified=0, pid=1, just started
1:C 07 Oct 2024 19:36:27.390 * Configuration loaded
1:M 07 Oct 2024 19:36:27.390 * monotonic clock: POSIX clock_gettime
1:M 07 Oct 2024 19:36:27.390 * Running mode=standalone, port=6379.
1:M 07 Oct 2024 19:36:27.391 * Server initialized
1:M 07 Oct 2024 19:36:27.391 * Ready to accept connections tcp
1:M 07 Oct 2024 19:36:27.391 * Ready to accept connections unix
Let me know if it helps
hi @roshkhatri, thanks for clarification! I was actually planning to put the file in a named volume rather than the host machine:
docker run --rm --volume valkey-socket:/run/valkey -it valkey/valkey:alpine valkey-server --unixsocket /run/valkey.sock --unixsocketperm 777So, I could access it from a different container without networking and TCP:
docker run --rm --volume valkey-socket:/run/valkey -it valkey/valkey:alpine valkey-cli -s /run/valkey/valkey.sock pingBut the above won't work, because the valkey user defined inside valkey/valkey:alpine image doesn't have write access to /run or /var/run directories.
Alternatively, for the sake of example, the following works:
# console session 1
docker run --rm --volume valkey-socket:/home/valkey -it valkey/valkey:alpine valkey-server --unixsocket /home/valkey/valkey.sock --unixsocketperm 777
...
# console session 2
docker run --rm --volume valkey-socket:/run/valkey -it valkey/valkey:alpine valkey-cli -s /run/valkey/valkey.sock ping
PONGNote that, in the alternative example I use /home/valkey directory as a destination for valkey.sock, where valkey user has write access.
For reference, per Linux FHS /run directory is meant for socket files (among other things). I'm no expert on this topic, but if I understand it correctly, there should be /run/valkey directory writable by user valkey.
I will also have to look into it. If you are willing to take a look that would be amazing too.