Docker socket location in /run/user?

NixOS / nixpkgs

Nix Packages collection & NixOS

MIT License

17.3k stars 13.54k forks source link

Docker socket location in /run/user? #265419

Open joser93 opened 10 months ago

joser93 commented 10 months ago

I don't know exactly how this happen, but it's an interesting thing to look up, maybe I mess up something that I shouldn't do.

For some reason, after trying to allow linger my personal user using loginctl enable-linger, the root user gets this message when trying use docker cli

Cannot connect to the Docker daemon at unix:///run/user/0/docker.sock. Is the docker daemon running?

But, the /var/run/docker.sock still available and works just fine

Technical details

Please run nix-shell -p nix-info --run "nix-info -m" and paste the result.

system: "x86_64-linux"

host os: Linux 6.1.60, NixOS, 23.05 (Stoat), 23.05.4662.34bdaaf1f0b7
multi-user?: yes
sandbox: yes
version: nix-env (Nix) 2.13.6
nixpkgs: /nix/var/nix/profiles/per-user/root/channels/nixos

Any clue on this and how to fix it? Is it a bug on docker package or loginctl side?

I tried to reproduce it also on a VM, but no sucess.

NickCao commented 10 months ago

Maybe docker is running in rootless mode (as root, ironically), see https://docs.docker.com/engine/security/rootless/. Also check your DOCKER_HOST environment variable.

joser93 commented 9 months ago

@NickCao Thanks for the reply.

Indeed, I wanted to use rootless configuration using the official documentation https://nixos.wiki/wiki/Docker, and checking the DOCKER_HOST variable, I find out that actually signs it incorrectly.

echo $DOCKER_HOST
unix:///run/user/0/docker.sock

Still, this configuration I had it since gen 1, didn't encounter this issue on that time and can't find a way to rollback the situation. The only clue that I have, is that loginctl might do something or I might did something wrong with my user configuration that for some reason, the docker_host that wants to reach, is not properly assigned.

NickCao commented 9 months ago

You may take a look at nixos/modules/virtualisation/docker-rootless.nix, so docker rootless does not support being run as, root, which causes the issue.

joser93 commented 9 months ago

Checking this line https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/docker-rootless.nix#L66 makes me think, with adding a conditional that checks if user is root, sets DOCKER_HOST with /var/run/docker.sock, will solve this?

Because, with rootless config, the docker.sock for root still available and still can be used, because as a workaround I create a symbolic link to /run/user/0/docker.sock to fix it.

NickCao commented 9 months ago

with adding a conditional that checks if user is root, sets DOCKER_HOST with /var/run/docker.sock

Or just don't set it.

Because, with rootless config, the docker.sock for root still available and still can be used

I also think so.

fin444 commented 1 month ago

Accessing via root works fine when virtualisation.docker.rootless.setSocketVariable = false; so setting that is also an option