Skip to content
Latchkey

Dagger "permission denied /var/run/docker.sock" in CI

The Dagger Engine reaches Docker through /var/run/docker.sock. If the CI user is not in the docker group or the mounted socket has restrictive permissions, the connection is refused with "permission denied".

What this error means

dagger fails with "permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock".

dagger
Error: failed to connect to engine: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/...": dial unix /var/run/docker.sock: connect: permission denied

Common causes

The CI user is not in the docker group

The socket is owned by the docker group. A user outside it cannot read or write the socket.

A restrictively mounted socket

When the socket is mounted into a container, its ownership may not match the in-container user, so access is denied.

How to fix it

Grant socket access to the user

  1. Add the CI user to the docker group, or run the step with sufficient privileges.
  2. Confirm docker info succeeds as that user before dagger.
  3. Re-run dagger once the socket is accessible.
Terminal
sudo usermod -aG docker "$USER"
docker info

Fix socket ownership in a container

When mounting the socket into a container, run as a user that matches the socket group so access is permitted.

How to prevent it

  • Run dagger as a user with Docker socket access.
  • Match container user to the mounted socket group.
  • Verify docker info before invoking dagger.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →