Compatibility Issue with Rootless Docker Mode: Unable to Connect to Docker Daemon

[Evgeny105]

Hello,

First of all, thank you for creating and maintaining this Webmin Docker module.

I am encountering an issue when trying to use the module with Docker installed in rootless mode. The module fails to connect to the Docker daemon and returns the following error:

Error!  Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

The root cause appears to be that, in rootless mode, Docker uses a different Unix socket path (e.g., ~/.docker/run/docker.sock or /run/user/$(id -u)/docker.sock) rather than the default /var/run/docker.sock. This deviation from the default path seems to prevent the Webmin Docker module from successfully connecting to the Docker daemon.

Steps to Reproduce:

1. Install Docker in rootless mode.
2. Configure Webmin to use the Docker module.
3. Attempt to connect to the Docker service via Webmin.

Expected Behavior: The Webmin Docker module should recognize and connect to the Docker daemon using the correct Unix socket path in rootless mode.

Actual Behavior: The module fails to connect to the Docker daemon, displaying the error mentioned above.

Possible Solutions:

• Allow users to configure the path to the Docker socket in the module settings.
• Automatically detect whether Docker is running in rootless mode and adjust the socket path accordingly.
• Provide guidance in the documentation on how to configure the module for use with rootless Docker.

System Information:

• Webmin Version: 2.202
• Docker Version: 27.1.1, build 6312585
• Operating System: Ubuntu Linux 22.04.4

Thank you for your attention to this issue. I would greatly appreciate any guidance or solutions you can provide.

Best regards,
Evgeny

[dave-lang]

Hi, Thanks for the report.

The module uses the Docker CLI and does not pass any config of its own.

Could you try running docker info as the webmin user?

[Evgeny105]

Hi, thanks for your quick response. I ran the suggested command, and here are the results:

My Webmin is running under the root user, as confirmed by the following output from ps aux | grep webmin:

root        3402  0.0  1.0  44436 37624 ?        Ss   Aug13   0:19 /usr/bin/perl /usr/share/webmin/miniserv.pl --nofork /etc/webmin/miniserv.conf
root      132071  0.8  1.1  50148 44808 ?        S    Aug13  18:35 /usr/bin/perl /usr/share/webmin/authentic-theme/stats.pl 555

When I execute sudo docker info under root, I get the following output:

Client: Docker Engine - Community
 Version:    27.1.1
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.16.1
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.29.1
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
ERROR: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
errors pretty printing info

It seems that Docker is not accessible under the root user, likely due to it being installed in rootless mode. However, when I run docker info under the user who is actually running Docker, I get the expected output:

Client: Docker Engine - Community
 Version:    27.1.1
 Context:    rootless
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.16.1
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.29.1
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 2
  Running: 2
  Paused: 0
  Stopped: 0
 Images: 3
 Server Version: 27.1.1
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: true
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 8fc6bcff51318944179630522a095cc9dbf9f353
 runc version: v1.1.13-0-g58aa920
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  rootless
  cgroupns
 Kernel Version: 5.15.0-118-generic
 Operating System: Ubuntu 22.04.4 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 2
 Total Memory: 3.571GiB
 Name: servername
 ID: 6e801e69-5ecb-4aa9-99a3-f51c218507ea
 Docker Root Dir: /home/username/.local/share/docker
 Debug Mode: false
 Username: ___
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

This confirms that Docker is running properly under the rootless user. Given this situation, how would you suggest proceeding? Is there a way to configure Webmin to recognize and interact with the rootless Docker instance? Any guidance or suggestions you have would be greatly appreciated.

[dave-lang]

Hi, I've taken a couple of looks at this but haven't had the time to progress it.

The easiest option looks to be adding a config for the user to run the docker commands as and requiring the Webmin user to have sudo permissions to run the command as that user.

Hopefully will get time in the next 1-2 weeks to make and test the changes

[Evgeny105]

Hi, unfortunately I won't have a chance to test how it will work right now, as I have reinstalled the system and now have docker running there in a normal configuration. But solving this issue can of course be useful for someone else.

[webnoob]

Assuming I can get this module installed correctly, I'll be able to help debug this as I run Docker in rootless and will continue to do so.

[dave-lang]

I'm doing some testing and using contexts to handle rootless docker looks like the correct way to handle this. I'll add a module config to set the context to use and if set use that for all commands.

[dave-lang]

Preview release with rootless docker support: https://github.com/dave-lang/webmin-docker/releases/tag/1.1.0-rootless

This will require you to have a context configured for rootless docker https://github.com/dave-lang/webmin-docker/tree/11-compatibility-issue-with-rootless-docker-mode-unable-to-connect-to-docker-daemon?tab=readme-ov-file#rootless-docker

[webnoob]

Thanks for this!

I've installed and set my context to "rootless":

It's failing with this error:

Result of ps -al:

Result of create context:

Result of docker context inspect:

Is there something else I am missing?

[dave-lang]

What method have you used to install rootless docker? I'll have to copy it and see what the differences are to the DIND rootless container.

One option to try is running the context create command as the root/webmin user instead of the docker user.

[webnoob]

I followed the instructions as per this page: https://docs.docker.com/engine/install/linux-postinstall/#manage-docker-as-a-non-root-user

I then made the following adjustments to my ~/.config/systemd/user/docker.service file:

1. Add in Environment=DOCKERD_ROOTLESS_ROOTLESSKIT_FLAGS="-p 0.0.0.0:2375:2375/tcp" below the existing Environment line under [Service]
2. Below this, add Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=slirp4netns" (for client IP to be seen in NGINX)
3. Change ExecStart to ExecStart=/usr/bin/dockerd-rootless.sh -H tcp://0.0.0.0:2375 -H unix:///run/user/1000/docker.sock

[dave-lang]

Did you do the full rootless install? https://docs.docker.com/engine/security/rootless/

It looks like the contexts created as your docker user aren't available to the root user - dropping the context and recreating it as root may help