clairctl: Got permission denied while trying to connect to the Docker daemon socket

In the clairctl service, I executed the commands:

$ clairctl pull ubuntu:16.04
$ clairctl --log-level debug push ubuntu:16.04 --local

The pull request works fine, but the push request fails and produces the following error message:

2017-07-06 19:15:21.850610 C | cmd: retrieving manifest for "ubuntu:16.04": cannot save image ubuntu:16.04: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.24/images/get?names=ubuntu%3A16.04: dial unix /var/run/docker.sock: connect: permission denied

I get a similar error if, in the clairctl service, I execute the command docker run hello-world; not a good sign. Clairctl needs to add user(s) to the docker group to avoid this error.

About this issue

Original URL
State: open
Created 7 years ago
Comments: 32 (5 by maintainers)

Links to this issue

How to fix docker: Got permission denied issue - Stack Overflow

Most upvoted comments

This is what worked for me:

sudo chmod 666 /var/run/docker.sock

+180

Olshansk on Jan 18, 2018

seems you are running docker on user mode than root. I had faced the same problem earlier.

Run chmod for /var/run/docker.sock. for ex chmod 777 /var/run/docker.sock. This should solve ur problem .

+27

manav007mishra on Jan 11, 2018

I got the same issue on Ubuntu 17.10. The fix was simple: add yourself to the docker group:

sudo usermod -aG docker [your_user_name]

Then, you need to reboot, because group membership is somehow cached on linux.

+12

jeroendeswaef on Nov 26, 2017

While sudo chmod 666 /var/run/docker.sock is helping, you need to be aware that this allows any user/non-root-process access the docker socket which can completely compromise your system.

I suggest using this flag instead: --group-add=$(getent group docker | cut -d: -f3)

This will work when the following conditions are met:

docker group is created;
/var/run/docker.sock socket file is owned by the docker group;
/var/run/docker.sock socket file has rw flag for the group;

arno01 on Jul 9, 2018

If relogin after adding to docker group was unsuccessful, its not necessary to reboot your system or changing /var/run/docker.sock file mod, try sudo service docker restart to restart docker service

ivishnevs on Jul 4, 2018

I find as well that I can run

$ docker-compose exec clairctl clairctl analyze nginx -l

Image: /nginx:latest
 3 layers found
 
  ➜ Analysis [50e1755fce44] found 46 vulnerabilities.
  ➜ Analysis [d294b139a05e] found 46 vulnerabilities.
  ➜ Analysis [1aa0a35a3417] found 25 vulnerabilities.

But with a colon in the image name:

$ docker-compose exec clairctl clairctl analyze nginx:stable-alpine -l
client quit unexpectedly
2017-07-24 22:48:42.694477 C | cmd: pushing image "nginx:stable-alpine": receiving http error: 400
$ docker-compose exec clairctl clairctl analyze nginx:stable-alpine -l --log-level debug
2017-07-24 22:49:01.077846 D | config: Using config file: /home/clairctl/clairctl.yml
2017-07-24 22:49:01.078056 D | dockercli: docker image to save: nginx:stable-alpine
2017-07-24 22:49:01.078064 D | dockercli: saving in: /tmp/nginx/blobs
2017-07-24 22:49:01.303681 I | config: retrieving interface for local IP
2017-07-24 22:49:01.303700 D | config: no interface provided, looking for docker0
2017-07-24 22:49:01.303770 D | config: docker0 not found, looking for first connected broadcast interface
2017-07-24 22:49:01.303984 I | server: Starting Server on 172.18.0.4:44480
2017-07-24 22:49:01.308925 I | config: retrieving interface for local IP
2017-07-24 22:49:01.308934 D | config: no interface provided, looking for docker0
2017-07-24 22:49:01.308977 D | config: docker0 not found, looking for first connected broadcast interface
2017-07-24 22:49:01.309043 I | clair: using http://172.18.0.4:44480/local as local url
2017-07-24 22:49:01.309054 I | clair: Pushing Layer 1/4 [d831b16adf84]
2017-07-24 22:49:01.309091 D | clair: Saving d831b16adf846838fa53902157a3e12beb9f5195df98e2c18ee1b18218163f61[https://registry-1.docker.io/v2]
2017-07-24 22:49:01.311376 I | clair: adding layer 1/4 [d831b16adf84]: receiving http error: 400
client quit unexpectedly
2017-07-24 22:49:01.311397 C | cmd: pushing image "nginx:stable-alpine": receiving http error: 400

starchy on Jul 24, 2017