You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've read a lot of posts but it is still unclear to me what the recommended way, to run self-hosted runners (on Ubuntu), is. I could not find anything in the GitHub docs regarding this topic. Its surprising, because I guess that all users using Docker containers in GitHub runners must have this issue.
The main problem is, that Docker by default runs as root. The checked-out files in the _work directory of the runner do have root:root ownership. This prevents subsequent workflows from modifying/deleting them.
My understanding is, that there are two ways to accomplish this. But each has some downsides.
Running everything as root.
Some guys are running everything as root. But from a security pov this is surely not ideal and I read that there are other issues. E.g. the script that installs the runner as a service refuses to run with sudo.
Running the docker daemon root-less (with a user account).
The problem here is that certain workflow actions do not take into account (and do not have a way to specify) that when running docker in root-less mode the docker.socket file is at /run/user/my-user-id/docker.sock instead of /var/run/docker.sock. Thus failing with error messages like:
"docker: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?"
So what is the recommended way to create such a setup?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I've read a lot of posts but it is still unclear to me what the recommended way, to run self-hosted runners (on Ubuntu), is. I could not find anything in the GitHub docs regarding this topic. Its surprising, because I guess that all users using Docker containers in GitHub runners must have this issue.
The main problem is, that Docker by default runs as root. The checked-out files in the _work directory of the runner do have root:root ownership. This prevents subsequent workflows from modifying/deleting them.
My understanding is, that there are two ways to accomplish this. But each has some downsides.
Running everything as root.
Some guys are running everything as root. But from a security pov this is surely not ideal and I read that there are other issues. E.g. the script that installs the runner as a service refuses to run with sudo.
Running the docker daemon root-less (with a user account).
The problem here is that certain workflow actions do not take into account (and do not have a way to specify) that when running docker in root-less mode the docker.socket file is at /run/user/my-user-id/docker.sock instead of /var/run/docker.sock. Thus failing with error messages like:
"docker: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?"
So what is the recommended way to create such a setup?
Beta Was this translation helpful? Give feedback.
All reactions