Skip to content

Run as root by default to fix docker socket access #58

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
umputun merged 2 commits into from
Mar 1, 2026
Merged

Run as root by default to fix docker socket access #58

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4f3474a
Run as root by default to fix docker socket access
paskal Feb 28, 2026
667d0ef
keep TIME_ZONE commented out in docker-compose.yml
umputun Feb 28, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 6 additions & 4 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM umputun/baseimage:buildgo-latest as build
FROM umputun/baseimage:buildgo-latest AS build

ARG GIT_BRANCH
ARG GITHUB_SHA
Expand All @@ -20,10 +20,12 @@ RUN \
FROM umputun/baseimage:app-latest
LABEL org.opencontainers.image.source="https://github.com/umputun/docker-logger"

# run as root by default because docker socket access requires it on most systems.
# to run as non-root, set APP_UID=1001 and DOCKER_GID to match the host's docker socket GID.
ENV APP_UID=0

COPY --from=build /build/docker-logger /srv/docker-logger
RUN \
chown -R app:app /srv && \
chmod +x /srv/docker-logger
RUN chmod +x /srv/docker-logger
WORKDIR /srv

VOLUME ["/srv/logs"]
Expand Down
23 changes: 22 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,28 @@ All changes can be done via container's environment in `docker-compose.yml` or w
- both `--exclude` and `--exclude-pattern` flags are optional and mutually exclusive, i.e. if `--exclude` defined `--exclude-pattern` not allowed, and vice versa.
- cross-kind combinations are also mutually exclusive: `--include` + `--exclude-pattern`, `--include-pattern` + `--exclude`, and `--include-pattern` + `--exclude-pattern` are not allowed.

## Build from the source
## Running as Non-Root

By default, the container runs as root because access to the Docker socket (`/var/run/docker.sock`) requires it on most systems. To run as a non-root user, set the following environment variables:

- `APP_UID` — the user ID for the application process (e.g., `1001`)
- `DOCKER_GID` — the group ID that owns the Docker socket on the host

To find the Docker socket GID on the host, run:

```shell
stat -c '%g' /var/run/docker.sock
```

Then configure the container accordingly:

```yaml
environment:
- APP_UID=1001
- DOCKER_GID=998 # use the value from the command above
```

## Build from the Source

- clone this repo - `git clone https://github.com/umputun/docker-logger.git`
- build the logger - `cd docker-logger && docker build -t umputun/docker-logger .`
Expand Down
9 changes: 5 additions & 4 deletions docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
version: '2'

services:
logger:
build: .
Expand All @@ -22,9 +20,12 @@ services:
- MAX_SIZE=50
- MAX_AGE=20
- DEBUG=false
# - TIME_ZONE=America/Chicago
# - TIME_ZONE=America/Chicago
## to run as non-root, set APP_UID to the desired user id and DOCKER_GID
## to the group id owning /var/run/docker.sock on the host (check with: stat -c '%g' /var/run/docker.sock)
# - APP_UID=1001
# - DOCKER_GID=999

volumes:
- ./logs:/srv/logs
- /var/run/docker.sock:/var/run/docker.sock