mirror/container-census
1
0
Fork 0
mirror of https://github.com/selfhosters-cc/container-census.git synced 2025-12-30 18:39:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix Docker socket permission issue with dynamic GID detection

Browse Source 
The entrypoint now dynamically detects the Docker socket's GID at runtime
and adds the census user to that group. This ensures compatibility across
different hosts where the Docker socket may have different group IDs.

Previously, the container was built with DOCKER_GID=999, but hosts may
have different Docker socket GIDs (e.g., 990). The docker-compose group_add
directive added the GID, but su-exec didn't preserve supplementary groups,
causing permission denied errors when accessing the socket.

This fix:
- Detects Docker socket GID at container startup
- Creates group if needed (named docker_host)
- Adds census user to the socket's group
- Ensures process runs with correct supplementary groups

Tested and verified on host with Docker socket GID 990.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Self Hosters
2025-11-06 09:00:15 -05:00
parent 4bde4cc30c
commit 2a50058304
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
docker-entrypoint.sh
View File

@@ -14,6 +14,26 @@ if [ "$(id -u)" = "0" ]; then
# This is idempotent - safe to run even if already correct
chown -R census:census /app/data
# Detect Docker socket GID and add census user to that group
# This handles cases where the host's Docker GID differs from build-time DOCKER_GID
if [ -S /var/run/docker.sock ]; then
SOCK_GID=$(stat -c '%g' /var/run/docker.sock 2>/dev/null || true)
if [ -n "$SOCK_GID" ] && [ "$SOCK_GID" != "0" ]; then
echo "Detected Docker socket GID: $SOCK_GID"
# Check if group exists, create if not
if ! getent group "$SOCK_GID" > /dev/null 2>&1; then
echo "Creating group for GID $SOCK_GID..."
addgroup -g "$SOCK_GID" "docker_host" 2>/dev/null || true
fi
# Add census user to the group
SOCK_GROUP=$(getent group "$SOCK_GID" | cut -d: -f1)
if [ -n "$SOCK_GROUP" ]; then
echo "Adding census user to group $SOCK_GROUP (GID $SOCK_GID)..."
adduser census "$SOCK_GROUP" 2>/dev/null || true
fi
fi
fi
# Create default config.yaml if it doesn't exist
if [ ! -f /app/config/config.yaml ]; then
echo "Creating default config.yaml..."