support run docker container as a different user/group

XMLWordPrintable

      I'd like to propose new feature for running docker container as different linux user/group

       

      Motivation

      There are permission issues when using mounted /var/run/docker.sock to allow docker access from within the container.

       

       

      Currently jenkins fetches user and group using org.jenkinsci.plugins.docker.workflow.client.DockerClient#whoAmI by executing commands

      • id -u
      • id -g

       

      Jenkins slave agent runs under this user

      $ id 
uid=1005(jenkins) gid=1009(jenkins) groups=1009(jenkins),27(sudo),108(lxd),113(docker)

       

      Jenkinsfile

       pipeline {
    agent {
        dockerfile {
            dir './some-folder/'
            args '-v /var/run/docker.sock:/var/run/docker.sock'
        }
    }

       

      which results into following docker run command

      docker run -t -d -u 1005:1009 -v /var/run/docker.sock:/var/run/docker.sock ...

      but from within this container I get permission denied when accessing docker socket.

       

      Running the same command and changing the user group from jenkins to docker fixes the permission issue

      docker run -t -d -u 1005:113 -v /var/run/docker.sock:/var/run/docker.sock ...

       

      I'd like to propose new option to specify user to start container such as

      pipeline {
    agent {
        dockerfile {
            dir './some-folder/' 
            args '-v /var/run/docker.sock:/var/run/docker.sock'
            user 'jenkins:docker'
        }
    }

      and let this plugin resolve the user/group name to their IDs so that run command looks like

      docker run -t -d -u 1005:113 -v /var/run/docker.sock:/var/run/docker.sock ...

            Assignee:
            Unassigned
            Reporter:
            Josef
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: