search

nestybox / sysbox

An open-source, next-generation "runc" that empowers rootless containers to run workloads such as Systemd, Docker, Kubernetes, just like VMs.
Apache License 2.0
2.78k stars 152 forks source link

Started system container as non-root, but not able to start the docker daemon and run any docker commands #575

Closed kokleong9406 closed 2 years ago

kokleong9406 commented 2 years ago

I have been struggling with this. I built a system image with this Dockerfile:

FROM ubuntu:18.04

RUN apt-get update && \
    apt-get install -y gcc build-essential wget curl nano ca-certificates curl gnupg lsb-release sudo && \
    mkdir -p /etc/apt/keyrings && \
    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg && \
    echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null && \
    echo "Installing docker-ce-cli" && \
    apt-get update && \
    apt-get -y install docker-ce docker-ce-cli containerd.io docker-compose-plugin

# COPY docker_pull_inner_image.sh /usr/bin
# RUN chmod +x /usr/bin/docker_pull_inner_image.sh && docker_pull_inner_image.sh && rm /usr/bin/docker_pull_inner_image.sh

RUN useradd -u 1003 -m kokleong
RUN usermod -a -G root kokleong
RUN echo 'root:docker' | chpasswd
RUN echo 'kokleong:docker' | chpasswd
USER kokleong

and started the container with command docker run -ti --rm --name sysbox-test sysbox:v1. By default I will appear as "kokleong" in the system container. Once I am inside the system container, I am not able to start the docker daemon by doing dockerd and use any docker commands at all. Anyone knows how to get around with this without starting the container with docker run -ti -u 0 --rm --name sysbox-test sysbox:v1 with the -u 0 flag

As can be seen in the Dockerfile, I even added "kokleong" to "root" group. Any help is appreciated.

rodnymolina commented 2 years ago

Hi @kokleong9406, have you tried to add your user to the docker group?

https://docs.docker.com/engine/install/linux-postinstall/

kokleong9406 commented 2 years ago

Hi @rodnymolina, thanks for the tips. I am now able to run docker commands after adding my user to the docker group

rodnymolina commented 2 years ago

Great @kokleong9406, let us know if any other questions. I am closing this issue now.