CentOS7: Are you trying to connect to a TLS-enabled daemon without TLS?

Question

I've installed Docker on CentOS7, now I try to launch the server in a Docker container.

 $ docker run -d --name "openshift-origin" --net=host --privileged \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /tmp/openshift:/tmp/openshift \
openshift/origin start

This is the output:

Post http:///var/run/docker.sock/v1.19/containers/create?name=openshift-origin: dial unix /var/run/docker.sock: permission denied. Are you trying to connect to a TLS-enabled daemon without TLS?

I have tried the same command with sudo and that works fine (I can also run images in OpenShift bash etc.) But it feels wrong to use it, am I right? What is a solution to let is work as normal user?

Docker is running (sudo service docker start). Restarting the CentOS did not help.

Answer 1

The error is:

/var/run/docker.sock: permission denied.

That seems pretty clear: the permissions on the Docker socket at /var/run/docker.sock do not permit you to access it. This is reasonably common, because handing someone acccess to the Docker API is effectively the same as giving them sudo privileges, but without any sort of auditing.

If you are the only person using your system, you can:

• Create a docker group or similar if one does not already exist.
• Make yourself a member of the docker group
• Modify the startup configuration of the docker daemon to make the socket owned by that group by adding -G docker to the options. You'll probably want to edit /etc/sysconfig/docker to make this change, unless it's already configured that way.

With these changes in place, you should be able to access docker from your user account with requiring sudo.