diff --git a/docs/faq/README.md b/docs/faq/README.md index 56ceb69631c76f18c78197fae489350d0cda62a0..e8684925cfd7463a01fc901d00fc3a2db0d5d4aa 100644 --- a/docs/faq/README.md +++ b/docs/faq/README.md @@ -34,3 +34,11 @@ detect it if it is available and automatically make use of it. ## 4. I'm seeing `x509: certificate signed by unknown authority` Please [See the self-signed certificates](../configuration/tls-self-signed.md) + +## 5. I get `Permission Denied` when accessing the `/var/run/docker.sock` + +If you want to use Docker executor, +and you are connecting to Docker Engine installed on server. +You can see the `Permission Denied` error. +The most likely cause is that your system uses SELinux (enabled by default on CentOS, Fedora and RHEL). +Check your SELinux policy on your system for possible denials. diff --git a/docs/install/docker.md b/docs/install/docker.md index 6c355907c3b9331960f46c8cebec7aea28d7f96c..538f06beba00d545c1cbb9adb9077ad9613625aa 100644 --- a/docs/install/docker.md +++ b/docs/install/docker.md @@ -115,3 +115,25 @@ gitlab/gitlab-runner alpine 7c431ac8f30f 13 hours ago **Alpine Linux image is designed to use only Docker as the method of spawning runners.** The original `gitlab/gitlab-runner:latest` is based on Ubuntu 14.04 LTS. + +### SELinux + +Some distributions (CentOS, RedHat, Fedora) use SELinux by default to enhance the security of the underlying system. + +The special care must be taken when dealing with such configuration. + +1. If you want to use Docker executor to run builds in containers you need to access the `/var/run/docker.sock`. +However, if you have a SELinux in enforcing mode, you will see the `Permission denied` when accessing the `/var/run/docker.sock`. +Install the `selinux-dockersock` and to resolve the issue: https://github.com/dpw/selinux-dockersock. + +1. Make sure that persistent directory is created on host: `mkdir -p /srv/gitlab-runner/config`. + +1. Run docker with `:Z` on volumes: + + docker run -d --name gitlab-runner --restart always \ + -v /var/run/docker.sock:/var/run/docker.sock \ + -v /srv/gitlab-runner/config:/etc/gitlab-runner:Z \ + gitlab/gitlab-runner:latest + +More information about the cause and resolution can be found here: +http://www.projectatomic.io/blog/2015/06/using-volumes-with-docker-can-cause-problems-with-selinux/