https://bugzilla.redhat.com/show_bug.cgi?id=1195525
Bug ID: 1195525 Summary: Docker socket permissions prevent Cockpit integration Product: Fedora Version: 21 Component: docker-io Severity: medium Assignee: lsm5@redhat.com Reporter: Benjamin@BGRoberts.id.au QA Contact: extras-qa@fedoraproject.org CC: adimania@gmail.com, admiller@redhat.com, golang@lists.fedoraproject.org, hushan.jia@gmail.com, jchaloup@redhat.com, jperrin@centos.org, lsm5@redhat.com, mattdm@redhat.com, mgoldman@redhat.com, miminar@redhat.com, s@shk.io, thrcka@redhat.com, vbatts@redhat.com
Description of problem: The removal of docker.socket and the docker user/group mean that docker cannot be used as part of the cockpit console anymore (using non-root accounts). This is because, although users can be added to the dockerroot group, the permissions of the sockets are reset upon docker restart.
Version-Release number of selected component (if applicable): docker-io-1.5.0-1.fc21.x86_64 cockpit-0.27-3.fc21.x86_64 / cockpit-head
Steps to Reproduce: 1. Add user to dockerroot 2. chown docker socket to root:dockerroot 3. Call a docker command from user (succeeds from CLI and cockpit) 4. restart docker 5. Call a docker command from user (fails from CLI and cockpit)
Actual results: Ownership of docker socket are reset to root:root
Expected results: Ownership of docker socket should be configurable and compatible with cockpit
Additional info: related to https://bugzilla.redhat.com/show_bug.cgi?id=1192848
Relevant change in the rpm spec: "* Fri Jan 16 2015 Lokesh Mandvekar lsm5@fedoraproject.org - 1.4.1-7 - docker group no longer used or created - no socket activation - config file updates to include info about docker_transition_unconfined boolean"