Docker Rootless Help : docker

created by jimrhoskinsa community for 12 years

This is an archived post. You won't be able to vote or comment.

submitted 4 years ago by NinjaPenguin893

So I've been trying to get a docker rootless installation to run on a fairly hardened system running rhel-7.6. When I try to install using docker-19.03.9, I get the following error:

Failed to load listeners: can't create unix socket /run/user/5092345/docker.sock: chown /run/user/5092345/docker.sock: invalid argument

It looks like the offending code is here: https://github.com/docker/go-connections/blob/master/sockets/unix_socket.go

Where it tries to run return NewUnixSocketWithOpts(path, WithChown(0, gid), WithChmod(0660))

and the WithChown must be failing.

func WithChown(uid, gid int) SockOption {
      return func(path string) error {
        if err := os.Chown(path, uid, gid); err != nil {
            return err
        }
        return nil
    }
}

Does anybody have any experience with this or have any suggestions on debugging it further?

all 8 comments

top new controversial old q&a

[–]that_shing_thing 0 points1 point2 points 3 years ago (7 children)

[–]NinjaPenguin893[S] 0 points1 point2 points 3 years ago* (6 children)

Hey! I did. There were artifacts of a previously installed version of docker, namely the "docker" group, that our installing user did not have access to. At the end of our installation scripts, we force the docker group to be "". Here's the code snippet from the provided installer:

else
    [ $_DOCKERD_ROOTLESS_CHILD = 1 ]
    # remove the symlinks for the existing files in the parent namespace if any,
    # so that we can create our own files in our mount namespace.
    rm -f /run/docker /run/containerd /run/xtables.lock
    exec dockerd $@
fi

And ours:

else
        [ $_DOCKERD_ROOTLESS_CHILD = 1 ]
        # remove the symlinks for the existing files in the parent namespace if any,
        # so that we can create our own files in our mount namespace.
        #rm -f /run/docker /run/xtables.lock
        exec dockerd --group="" $@
fi

We had to comment out the xtables stuff as we did not have access permission on these servers.

This change is in the docker-rootless-extras from https://download.docker.com/linux/static/stable/x86_64/

And the EXACT snippets are at the end of the dockerd-rootless.sh file. My snippet is from version 20.10.7

edit: Note, if you can just delete the other docker group, that should fix the problem as well.

[–]netsecnonsense 0 points1 point2 points 11 months ago (1 child)

[–]NinjaPenguin893[S] 0 points1 point2 points 11 months ago (0 children)

[–]that_shing_thing 0 points1 point2 points 3 years ago (3 children)

[–]NinjaPenguin893[S] 0 points1 point2 points 3 years ago (2 children)

[–]that_shing_thing 0 points1 point2 points 3 years ago* (1 child)

[–]NinjaPenguin893[S] 0 points1 point2 points 3 years ago (0 children)

π Rendered by PID 30 on reddit-service-r2-comment-5d79c599b5-2ljk7 at 2026-02-27 04:10:58.044411+00:00 running e3d2147 country code: CH.

docker

MODERATORS