Implementing Docker Group using Centrify


Why Privilege Access For Docker Container?

Taken from Centrify HOWTO: Secure container/docker environments by managing privileges for admins and users

“To perform any docker operation, you need to either be root or part of a local group, ‘docker’, on your Linux machine. Why is that? Because access into a docker container is via a UNIX socket and any socket related operations require the user to have privileged access. ‘Docker’ group membership is sufficient for all container operations, exception is starting the docker daemon itself, which must always run as the root user.”

Step 1:

We need to create a group called Docker and put in the necessary members

Step 2: Verify the permission of the Linux Server

# ls -lZ /var/run/docker.sock
srw-rw----. root root system_u:object_r:container_var_run_t:s0 /var/run/docker.sock
# getenforce
Permissive

Step 3: Change Owner of the Docker

# chown root:docker /var/run/docker.sock

Step 4: Test the change permission issues

[user1@node1 ~]$ docker search openfoam
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
docker.io docker.io/openfoamplus/of_v30plus_rhel66 Offical image of OpenFOAM+ (v3.0+) provide... 8
docker.io docker.io/openfoamplus/of_v1606plus_centos66 Offical image of OpenFOAM+ (v1606+) provid... 6
docker.io docker.io/openfoam/openfoam5-paraview54 Image of OpenFOAM v5 and ParaView 5.4.0 on... 5
docker.io docker.io/openfoam/openfoam6-paraview56 Image of OpenFOAM v6 and ParaView 5.6.0 on... 5
docker.io docker.io/openfoamplus/of_v1612plus_centos66 Offical image of OpenFOAM+ (v1612+) provid... 5
docker.io docker.io/openfoam/openfoam7-paraview56 Image of OpenFOAM v7 and ParaView 5.6.0 on... 4
docker.io docker.io/openfoamplus/of_v1706_centos73 Offical image of OpenFOAM(v1706) provided ... 4
docker.io docker.io/openfoamplus/of_v1712_centos73 Offical docker image of OpenFOAM(v1712) pr... 4
docker.io docker.io/openfoam/openfoam6-paraview54 Image of OpenFOAM v6 and ParaView 5.4.0 on... 3
docker.io docker.io/openfoamplus/of_v1812_centos73 Offical docker image of OpenFOAM(v1806) pr... 3
docker.io docker.io/openfoamplus/of_v1806_centos73 Offical docker image of OpenFOAM(v1806) pr... 2
docker.io docker.io/openfoamplus/of_v1906_centos73 Official docker image of OpenFOAM(v1906 ve... 2
docker.io docker.io/dicehub/openfoam OpenFOAM image for use in DICE (Dynamic In... 1
docker.io docker.io/openfoam/openfoam-dev-graphical-apps OpenFOAM-dev on Ubuntu 16.04 using the ope... 1
docker.io docker.io/openfoam/openfoam-dev-paraview54 OpenFOAM-dev and ParaView 5.4.0 on Ubuntu ... 1
docker.io docker.io/openfoam/openfoam-dev-paraview56 Image of OpenFOAM-dev and ParaView 5.6.0 o... 1
docker.io docker.io/openfoam/openfoam4-paraview50 Image of OpenFOAM v4 and ParaView 5.0.1 on... 1
docker.io docker.io/openfoam/openfoam5-graphical-apps Image of OpenFOAM v5 on Ubuntu 16.04 from ... 1
docker.io docker.io/openfoam/openfoam6-graphical-apps Image of OpenFOAM v6 on Ubuntu 18.04 from ... 1
docker.io docker.io/unifem/openfoam-ccx Docker Image for OpenFOAM and Calculix 1 [OK]
docker.io docker.io/nerdalize/openfoam This image makes it easy to run OpenFOAM o... 0 [OK]
docker.io docker.io/openfoam/openfoam-dev-paraview50 OpenFOAM-dev and ParaView 5.0.1 on Ubuntu ... 0
docker.io docker.io/parallelworks/openfoam OpenFOAM 0
docker.io docker.io/parallelworks/openfoam240_pvpython OpenFOAM240 with Python Paraview 0
docker.io docker.io/parallelworks/openfoam4 OpenFOAM Base Container 0

References:

  1. HOWTO: Secure container/docker environments by managing privileges for admins and users
  2. How to fix docker: Got permission denied while trying to connect to the Docker daemon socket

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.