/var/run/docker.sock:在 Python CGI 脚本中运行 docker 时权限被拒绝

问题描述

我正在尝试运行 Python CGI 脚本,我需要在其中运行 docker 映像.我正在使用 Docker 版本 1.6.2.用户是www-data",添加到docker组中.

I am trying to run Python CGI script inside which I need to run docker image. I am using Docker version 1.6.2. user is "www-data", which is added in docker group.

www-data : www-data sudo docker 

在机器上,使用 www-data 我可以执行 docker 命令

On machine, with www-data I am able to execute docker commands

www-data@mytest:~/html/new$ docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES

从 Python CGI 脚本运行 docker 映像时出现以下错误:

I am getting following error while running docker image from Python CGI script:

fatal msg="Get http:///var/run/docker.sock/v1.18/images/json: dial unix /var/run/docker.sock: permission denied. Are you trying to connect to a TLS-enabled daemon without TLS?" 

这里有什么我遗漏的吗?

Is there anything I am missing here?


解决方案

Permission denied on a default install 表示您正在尝试从 root 以外的用户或不在 docker 组中的用户访问套接字.您应该能够运行:

Permission denied on a default install indicates you are trying to access the socket from a user other than root or that is not in the docker group. You should be able to run:

sudo usermod -a -G docker $username

在您想要的 $username 上将它们添加到组中.您需要注销并重新登录才能生效(在现有 shell 中使用 newgrp docker,或者如果这是访问 docker 的外部服务(如您的 cgi 脚本),则重新启动守护程序).

on your desired $username to add them to the group. You'll need to logout and back in for this to take effect (use newgrp docker in an existing shell, or restart the daemon if this is an external service accessing docker like your cgi scripts).

请注意,这样做可以有效地为该用户提供您主机上的完全 root 访问权限,因此请谨慎操作.

Note that doing this effectively gives that user full root access on your host, so do this with care.

相关文章