sockets - /var/run/docker.sock unaccessible in container running on centos 7 -

-

i'm launching container runs bash script docker build internally using docker 1.3.2 on centos 7.0.1406 . files/commands @ https://gist.github.com/wrabbit-revisited/1d70d0f1805be1848c08 .

the docker build needs access docker socket use common trick, per http://nathanleclaire.com/blog/2014/07/12/10-docker-tips-and-tricks-that-will-make-you-sing-a-whale-song-of-joy/ :

-v /var/run/docker.sock:/var/run/docker.sock

prior build run check in script:

if [ -e "/var/run/docker.sock" ];   echo "docker.sock found" else   echo "docker.sock not found" fi

and "echo" shows docker.sock not found. found if check done outside container using sudo.

i tried adding "--permissive=true" "docker run" command line, no apparent change.

there reference similar problem here: https://github.com/dpw/selinux-dockersock . targets fedora/rhel, doesn't resolve issue, either. if use "setenforce permissive" , sestatus ensure selinux in permissive mode issue remains unresolved.

i've tried adding "--security-opt=label:type:docker_t" docker command line, per https://github.com/jwilder/nginx-proxy/issues/40 . no apparent effect.

the selinux policy docker described here: http://www.unix.com/man-page/centos/8/docker_selinux/ .

lots of information, i'm not sure if selinux contributing problem. if edit /etc/selinux/config disable selinux reboot , run sestatus says selinux disabled, issue remains.

looking about, may related this: https://github.com/docker/compose/issues/983 . using trick run docker inside container quite common perhaps there better way or workaround. considered dind, that's work , widely-used, simple (on surface), approach running docker build inside container. there simple solution.

any appreciated! thanks

i think problem might due misunderstanding of -v option docker run. did

-v /var/run/docker:/var/run/docker

this creates bind mount in container file or directory /var/run/docker. in case, there no such file or directory. want file /var/run/docker.sock. need do

-v /var/run/docker.sock:/var/run/docker.sock

to bind mount file container.

as /var/run/docker didn't exist, might wonder why docker didn't tell error. -v option has surprising behaviour if path not exist on host, docker create directory. end useless empty /var/run/docker directory on host , container.

in principle, -v /var/run:/var/run bind mount containing directory. it's bad idea give container access host's /var/run directory tree.

and on centos, need use https://github.com/dpw/selinux-dockersock access /var/run/docker.sock work selinux in enforcing mode.


Comments

Post a Comment

Popular posts from this blog

node.js - Mongoose: Cast to ObjectId failed for value on newly created object after setting the value -

-
this question has answer here: what's mongoose error cast objectid failed value xxx @ path “_id”? 7 answers even though has been asked many times because entity has no valid objectid field. i came across situation objectid set value can casted objectid still error. the schema: var serviceschema = parammongoose.schema({ servicename:{ type: parammongoose.schema.types.objectid , ref: 'servicenames',required:true } }); pseudo code: servicefromdb=new service({servicename:'some name'}); servicefromdb.servicename='000000000000000000000001'; servicefromdb.save(function(paramerror,paramdata){ if(paramerror){ console.log('but but...',servicefromdb,paramerror) } }); the output of code is: but but... { servicename: 000000000000000000000001, _id: 55079a90286f49280364f78b } { [casterror: cast objectid faile...
Read more

gradle error "Cannot convert the provided notation to a File or URI" -

-
i have defined 2 system properties in gradle.properties: systemprop.builddir=build systemprop.cfgdir=build\\cfg and have following task defined in build.gradle: task clean(group:'clean',description:'clean project') << { ant.sequential { delete(dir: system.properties.builddir) mkdir(dir: system.properties.builddir) delete(dir: system.properties.cfgdir) mkdir(dir: system.properties.cfgdir) } } this generates following error: execution failed task ':clean'. > cannot convert provided notation file or uri: {dir=build}. following types/formats supported: - string or charsequence path, e.g 'src/main/java' or '/usr/include' - string or charsequence uri, e.g 'file:/usr/include' - file instance. - uri or url instance. but equivalent block of code not generate error , works expected: task clean(group:'clean',description:'clean project') << { ...
Read more

python - NameError: name 'subprocess' is not defined -

-
i'm trying make rng website: http://jamesdotcom.com/?p=417 . when run following code: captureimage = subprocess.popen( [ "fswebcam", "-r", "356x292", "-d", "/dev/video0", "static.jpg", "--skip", "10" ], stdout=devnull, stderr=devnull) captureimage.communicate() i following error message: nameerror: name 'subprocess' not defined what should do? thanks have imported first? import subprocess captureimage = subprocess.popen(["fswebcam", ...) subprocess included in python standard library since python 2.4. should not necessary install it.
Read more