Jenkins Docker Container can't access docker.sock

Question

I deployed the standard Jenkins Docker image with docker-compose and this configuration:

deployer:
  image: jenkins
  volumes:
    - "/mnt/jenkins:/var/jenkins_home"
    - "/var/run/docker.sock:/var/run/docker.sock"
  ports:
    - "2375:2375"
    - "8080:8080"
    - "50000:50000"

After reading numerous SO questions I tested added Root to the docker user group with gpasswd -a ${USER} docker and verified that the user inside the Container is Root with docker exec jenkins_deployer echo ${USER}.

When I try to add Docker access inside the Jenkins UI with "Docker URL = unix:///var/run/docker.sock" I get the error message "org.newsclub.net.unix.AFUNIXSocketException: Permission denied (socket: /run/docker.sock)"

How can I give Jenkins access to docker.sock to automatically deploy Docker Containers?

Answer 1

I know I'm two years late, but I ran into the same issue and having this solution would've save me several hours of work.

So I needed to deploy a Jenkins Container that automatically deploys Docker Containers. Here are the files I used to build and run :

Dockerfile

FROM jenkins/jenkins:latest

USER root
RUN apt-get update -qq \
    && apt-get install -qqy apt-transport-https ca-certificates curl gnupg2 software-properties-common
RUN curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
RUN add-apt-repository \
  "deb [arch=amd64] https://download.docker.com/linux/debian \
  $(lsb_release -cs) \
  stable"
RUN apt-get update  -qq \
    && apt-get install docker-ce=17.12.1~ce-0~debian -y

RUN usermod -aG docker jenkins

docker-compose.yml

version: '3'

services:
  jenkins:
    container_name: 'jenkins-container'
    privileged: true
    build: .
    ports:
      - '8080:8080'
      - '50000:50000'
    volumes:
      - jenkins-data:/var/jenkins_home
    restart: unless-stopped

volumes:
  jenkins-data:

Then, in the folder these files are, run the following command :

docker-compose up

When the container is up, use this to start Docker inside :

docker exec -it --user root <CONTAINER_ID>

service docker start

And voilà ! There might be some more optimized solutions, but this works great for me right now.

You can now visit <YOUR_IP>:8080 in a browser to have access to your brand new Jenkins that can run Docker Containers.