[GH-ISSUE #1798] Linux support for access to docker.socket #878

New issue

Open

opened 2026-03-01 21:47:06 +03:00 by kerem · 5 comments

kerem commented 2026-03-01 21:47:06 +03:00

Owner

Copy link

Originally created by @andrew-pickin-epi on GitHub (May 10, 2023).
Original GitHub issue: https://github.com/nektos/act/issues/1798

Act version

0.2.45-10

Feature description

Unless by some chance the gid of docker group on host machine and runner image coincide the docker.socket will give permissions denied error when attempting to run docker build or similar command.

There are ways round this,

• chown 1001 /var/run/docker.sock
• chmod a+rw /var/run/docker.sock

But these might conflict with other needs, not survive a reboot.

It should be possible to read the gid of /var/run/docker.sock on startup and add this value to the invocation of the runner image. (See docker run --group-add).

Originally created by @andrew-pickin-epi on GitHub (May 10, 2023). Original GitHub issue: https://github.com/nektos/act/issues/1798 ### Act version 0.2.45-10 ### Feature description Unless by some chance the gid of docker group on host machine and runner image coincide the docker.socket will give permissions denied error when attempting to run docker build or similar command. There are ways round this, - `chown 1001 /var/run/docker.sock` - `chmod a+rw /var/run/docker.sock` But these might conflict with other needs, not survive a reboot. It should be possible to read the `gid` of `/var/run/docker.sock` on startup and add this value to the invocation of the runner image. (See `docker run --group-add`).

kerem added the

kind/feature-request

label 2026-03-01 21:47:06 +03:00

kerem commented 2026-03-01 21:47:07 +03:00

Author

Owner

Copy link

@fabiobsantosprogrow commented on GitHub (Feb 2, 2024):

Got the same error today!
After searching one hour on issues and stack overflow found this post.
I have the same issue when using docker compose too but docker-compose was a optional as dependency.

<!-- gh-comment-id:1923693430 --> @fabiobsantosprogrow commented on GitHub (Feb 2, 2024): Got the same error today! After searching one hour on issues and stack overflow found this post. I have the same issue when using docker compose too but docker-compose was a optional as dependency.

kerem commented 2026-03-01 21:47:07 +03:00

Author

Owner

Copy link

@alexjball commented on GitHub (Apr 2, 2024):

In my setup, chown and chmoding the docker socket changes permissions on both the host and container, breaking docker on my host.

Instead, I was able to use --container-options to pass in --group-add to workflow containers, which does the trick:

act --container-options "--group-add $(stat -c %g /var/run/docker.sock)" ...

<!-- gh-comment-id:2030908166 --> @alexjball commented on GitHub (Apr 2, 2024): In my setup, `chown` and `chmod`ing the docker socket changes permissions on both the host and container, breaking docker on my host. Instead, I was able to use `--container-options` to pass in `--group-add` to workflow containers, which does the trick: ```bash act --container-options "--group-add $(stat -c %g /var/run/docker.sock)" ... ```

kerem commented 2026-03-01 21:47:07 +03:00

Author

Owner

Copy link

@mahula commented on GitHub (May 6, 2024):

act --container-options "--group-add $(stat -c %g /var/run/docker.sock)"

Thank you, that solved the docker access issue.

<!-- gh-comment-id:2096800652 --> @mahula commented on GitHub (May 6, 2024): > ```shell > act --container-options "--group-add $(stat -c %g /var/run/docker.sock)" > ``` Thank you, that solved the docker access issue.

kerem commented 2026-03-01 21:47:07 +03:00

Author

Owner

Copy link

@jonathanlinat commented on GitHub (Jun 21, 2024):

In my setup, chown and chmoding the docker socket changes permissions on both the host and container, breaking docker on my host.

Instead, I was able to use --container-options to pass in --group-add to workflow containers, which does the trick:

act --container-options "--group-add $(stat -c %g /var/run/docker.sock)" ...

It still does not work, unfortunately.

jonathan@work-pc:~/Projects/Professional/my-project$ gh act --container-options "--group-add $(stat -c %g /var/run/docker.sock)" pull_request
INFO[0000] Using docker host 'unix:///var/run/docker.sock', and daemon socket 'unix:///var/run/docker.sock' 
[Continuous Deployment - Content Migrations/Set the environment outputs] 🚀  Start image=catthehacker/ubuntu:act-latest
[Continuous Deployment - Docs/Set the environment outputs              ] 🚀  Start image=catthehacker/ubuntu:act-latest
[Continuous Deployment - Storybook/Set the environment outputs         ] 🚀  Start image=catthehacker/ubuntu:act-latest
[Continuous Integration/Lint the source code                           ] 🚀  Start image=catthehacker/ubuntu:act-latest
[Continuous Deployment - Storefront/Set the environment outputs        ] 🚀  Start image=catthehacker/ubuntu:act-latest
[Continuous Deployment - Content Migrations/Set the environment outputs]   🐳  docker pull image=catthehacker/ubuntu:act-latest platform= username= forcePull=true
[Continuous Deployment - Terraform/Set the environment outputs         ] 🚀  Start image=catthehacker/ubuntu:act-latest
[Continuous Integration/Lint the source code                           ]   🐳  docker pull image=catthehacker/ubuntu:act-latest platform= username= forcePull=true
[Continuous Integration/Unit test the packages                         ] 🚀  Start image=catthehacker/ubuntu:act-latest
[Continuous Deployment - Docs/Set the environment outputs              ]   🐳  docker pull image=catthehacker/ubuntu:act-latest platform= username= forcePull=true
[Continuous Deployment - Storybook/Set the environment outputs         ]   🐳  docker pull image=catthehacker/ubuntu:act-latest platform= username= forcePull=true
[Continuous Integration/Unit test the packages                         ]   🐳  docker pull image=catthehacker/ubuntu:act-latest platform= username= forcePull=true
[Continuous Deployment - Storefront/Set the environment outputs        ]   🐳  docker pull image=catthehacker/ubuntu:act-latest platform= username= forcePull=true
[Continuous Deployment - Terraform/Set the environment outputs         ]   🐳  docker pull image=catthehacker/ubuntu:act-latest platform= username= forcePull=true
Error: permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/images/create?fromImage=catthehacker%2Fubuntu&tag=act-latest": dial unix /var/run/docker.sock: connect: permission denied

---

Update

It worked using the following command instead:

gh act -P ubuntu-latest=-self-hosted

<!-- gh-comment-id:2183291657 --> @jonathanlinat commented on GitHub (Jun 21, 2024): > In my setup, `chown` and `chmod`ing the docker socket changes permissions on both the host and container, breaking docker on my host. > > Instead, I was able to use `--container-options` to pass in `--group-add` to workflow containers, which does the trick: > > ```shell > act --container-options "--group-add $(stat -c %g /var/run/docker.sock)" ... > ``` It still does not work, unfortunately. ```bash jonathan@work-pc:~/Projects/Professional/my-project$ gh act --container-options "--group-add $(stat -c %g /var/run/docker.sock)" pull_request INFO[0000] Using docker host 'unix:///var/run/docker.sock', and daemon socket 'unix:///var/run/docker.sock' [Continuous Deployment - Content Migrations/Set the environment outputs] 🚀 Start image=catthehacker/ubuntu:act-latest [Continuous Deployment - Docs/Set the environment outputs ] 🚀 Start image=catthehacker/ubuntu:act-latest [Continuous Deployment - Storybook/Set the environment outputs ] 🚀 Start image=catthehacker/ubuntu:act-latest [Continuous Integration/Lint the source code ] 🚀 Start image=catthehacker/ubuntu:act-latest [Continuous Deployment - Storefront/Set the environment outputs ] 🚀 Start image=catthehacker/ubuntu:act-latest [Continuous Deployment - Content Migrations/Set the environment outputs] 🐳 docker pull image=catthehacker/ubuntu:act-latest platform= username= forcePull=true [Continuous Deployment - Terraform/Set the environment outputs ] 🚀 Start image=catthehacker/ubuntu:act-latest [Continuous Integration/Lint the source code ] 🐳 docker pull image=catthehacker/ubuntu:act-latest platform= username= forcePull=true [Continuous Integration/Unit test the packages ] 🚀 Start image=catthehacker/ubuntu:act-latest [Continuous Deployment - Docs/Set the environment outputs ] 🐳 docker pull image=catthehacker/ubuntu:act-latest platform= username= forcePull=true [Continuous Deployment - Storybook/Set the environment outputs ] 🐳 docker pull image=catthehacker/ubuntu:act-latest platform= username= forcePull=true [Continuous Integration/Unit test the packages ] 🐳 docker pull image=catthehacker/ubuntu:act-latest platform= username= forcePull=true [Continuous Deployment - Storefront/Set the environment outputs ] 🐳 docker pull image=catthehacker/ubuntu:act-latest platform= username= forcePull=true [Continuous Deployment - Terraform/Set the environment outputs ] 🐳 docker pull image=catthehacker/ubuntu:act-latest platform= username= forcePull=true Error: permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/images/create?fromImage=catthehacker%2Fubuntu&tag=act-latest": dial unix /var/run/docker.sock: connect: permission denied ``` --- **Update** It worked using the following command instead: ```bash gh act -P ubuntu-latest=-self-hosted ```

kerem commented 2026-03-01 21:47:07 +03:00

Author

Owner

Copy link

@piotrpdev commented on GitHub (Jun 23, 2025):

@jonathanlinat
It still does not work, unfortunately.

Did you try this?

act --container-options="--privileged"

<!-- gh-comment-id:2996766552 --> @piotrpdev commented on GitHub (Jun 23, 2025): > @jonathanlinat > It still does not work, unfortunately. Did you try this? ```bash act --container-options="--privileged" ```

kerem referenced this issue 2026-03-01 21:52:09 +03:00

[PR #878] [MERGED] feat: add option for docker image rebuild #1663

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

dependabot/go_modules/github.com/go-git/go-git/v5-5.18.0

dependabot/go_modules/dependencies-08815e2262

mergify/configuration-deprecated-update

dependabot/github_actions/dependencies-a3a104477f

chore/simplify-ci-and-makefile

dependabot/go_modules/golang.org/x/crypto-0.45.0

dependabot/go_modules/github.com/go-viper/mapstructure/v2-2.4.0

panekj/ci/improve-jobs

fix-skip-non-yaml-files-in-dir

normalize-pull-rebuild-flags

fix-no-recurse-by-default

2517-poor-error-for-incomplete-action-step

2472-make-use-new-action-cache-the-new-default-for-downloading-actions

act-tart

act-lxc

act-oidc

act-dind

avoid-slash-in-actor

dependabot/go_modules/github.com/docker/docker-26.1.4incompatible

meta-keep-filetime

local-repository-action-cache

pr-merger

update-docker-deps

follow_local_action_symlink

boltdb-lock-in-handler

use-socket-path

no-pull-no-rebuild

path-issues

fix/env

feat/podman

refactor/testdata

v0.2.87

v0.2.86

v0.2.85

v0.2.84

v0.2.83

v0.2.82

v0.2.81

v0.2.80

v0.2.79

v0.2.78

v0.2.77

v0.2.76

v0.2.75

v0.2.74

v0.2.73

v0.2.72

v0.2.71

v0.2.70

v0.2.69

v0.2.68

v0.2.67

v0.2.66

v0.2.65

v0.2.64

v0.2.63

v0.2.62

v0.2.61

v0.2.60

v0.2.59

v0.2.58

v0.2.57

v0.2.56

v0.2.55

v0.2.54

v0.2.53

v0.2.52

v0.2.51

v0.2.50

v0.2.49

v0.2.48

v0.2.47

v0.2.46

v0.2.45

v0.2.44

v0.2.43

v0.2.42

v0.2.41

v0.2.40

v0.2.39

v0.2.38

v0.2.37

v0.2.36

v0.2.35

v0.2.34

v0.2.33

v0.2.32

v0.2.31

v0.2.30

v0.2.29

v0.2.28

v0.2.27

v0.2.26

v0.2.25

v0.2.24

v0.2.23

v0.2.22

v0.2.21

v0.2.20

v0.2.19

v0.2.18

v0.2.17

v0.2.16

v0.2.15

v0.2.14

v0.2.13

v0.2.12

v0.2.11

v0.2.10

v0.2.9

v0.2.8

v0.2.7

v0.2.6

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.3

v0.1.2

v0.1.1

v0.1.0

v0.0.5

v0.0.4

v0.0.3

v0.0.2

v0.0.1

Labels

Clear labels   

area/action

  

area/cli

  

area/docs

  

area/image

  

area/runner

  

area/workflow

  

backlog

  

confirmed/not-planned

  

kind/bug

  

kind/discussion

  

kind/external

  

kind/feature-request

  

kind/question

  

meta/duplicate

  

meta/invalid

  

meta/need-more-info

  

meta/resolved

  

meta/wontfix

  

meta/workaround

  

needs-work

  

pull-request

Mirrored from GitHub Pull Request

  

review/not-planned

  

size/M

  

size/XL

  

size/XXL

  

stale

  

stale-exempt

No labels

area/action

area/cli

area/docs

area/image

area/runner

area/workflow

backlog

confirmed/not-planned

kind/bug

kind/discussion

kind/external

kind/feature-request

kind/question

meta/duplicate

meta/invalid

meta/need-more-info

meta/resolved

meta/wontfix

meta/workaround

needs-work

pull-request

review/not-planned

size/M

size/XL

size/XXL

stale

stale-exempt

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/act#878

No description provided.