I have a container that needs to run other containers at some point.

I use group_add to add my container's user to the host's docker user group.

This works fine if I set the group id, but not with the group name. Documentation says it should work with both https://docs.docker.com/compose/compose-file/compose-file-v2/#group_add . Any ideas on this issue ?

Here is a simplified version of my docker-compose file :

version: '2.1'
services:
    my-worker:
        image: workers/data-handler:1.0.2
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock
        group_add:
            - 994 #docker group id
        command: run

asked Feb 4, 2020 at 11:25

Rafik Saad's user avatar

Rafik SaadRafik Saad

6261 gold badge5 silver badges10 bronze badges

It is likely that the docker group inside the image does not have the same group id as the host. Check the group id of docker inside the container:

$ getent group docker | cut -d: -f3

When you use group_add: docker it looks up the docker group inside the container, so your user won't have the right permissions. Since you are mounting the docker.sock file, it will use the host permissions (including ids), so you need to provide the correct id.

I have not got this to work in my environment in a workable fashion and resorted to a shell script instead of docker-compose since it worked in my use case and I am not using the extra functionality docker-compose provides.

#!/bin/bash

DOCKER_GROUP=$(getent group docker | cut -d: -f3)
docker run \
    -v /var/run/docker.sock:/var/run/docker.sock \
    --group-add $DOCKER_GROUP \
    workers/data-handler:1.0.2

answered Apr 11, 2020 at 17:34

clcto's user avatar

clctoclcto

9,59822 silver badges42 bronze badges

2