Where is my 'docker-privilege' command?

alexhaydock · December 15, 2019, 8:47pm

Hi!

I’m currently running Docker via the stable canonical-maintained snap package.

According to the documentation on that page, and available through snap info docker, there is a specific command when using the snap, which replaces docker run --privileged:

Use the ‘docker-privilege’ command for ‘docker run --privileged’.

However, I can’t find this command on my system. Trying a docker-privilege command leads to:

docker-privilege: command not found

It’s not listed by which either. I checked snap info docker and it’s not one of the available commands:

[...]
commands:
- docker.compose
- docker
- docker.help
- docker.machine
[...]

In true desperation, even find / -iname docker-privilege found nothing on the system matching that name.

Through some searching, I found a public Google Doc that seems to be from the maintainers of the Docker Snap, which indicates that, in the past, the interface needed to be connected for docker:privilege.

It goes on to note that this isn’t needed since Ubuntu Core Series 16+, but I tried it anyway:

sudo snap connect docker:privileged :docker-support

None of this seemed to help. How do I run privileged containers when using the Docker snap?

Misc info: Ubuntu 19.10, latest/stable channel for Docker snap, AppArmor enforcing.

lucyllewy · December 16, 2019, 2:25pm

What happens if you use docker run --privileged? The docker:privileged interface should be automatically connected, so you don’t need to connect it yourself.

alexhaydock · December 16, 2019, 5:04pm

It does seem like the --privileged flag might be working as expected when I test:

$ docker run --rm -it alpine ls /dev
console  fd       mqueue   ptmx     random   stderr   stdout   urandom
core     full     null     pts      shm      stdin    tty      zero

vs

$ docker run --rm -it --privileged alpine ls /dev
autofs              ppp                 tty59
bsg                 psaux               tty6
btrfs-control       ptmx                tty60
bus                 ptp0                tty61
console             pts                 tty62
core                random              tty63
cpu                 rfkill              tty7
cpu_dma_latency     rtc0                tty8
cuse                sda                 tty9
dm-0                sda1                ttyS0
dm-1                sda2                ttyS1
dm-2                sda3                ttyS10
dm-3                sg0                 ttyS11
dri                 shm                 ttyS12
drm_dp_aux0         snapshot            ttyS13
drm_dp_aux1         snd                 ttyS14
drm_dp_aux2         stderr              ttyS15
ecryptfs            stdin               ttyS16
fb0                 stdout              ttyS17
fd                  tpm0                ttyS18
full                tty                 ttyS19
fuse                tty0                ttyS2
hpet                tty1                ttyS20
hwrng               tty10               ttyS21
i2c-0               tty11               ttyS22
i2c-1               tty12               ttyS23
i2c-2               tty13               ttyS24
i2c-3               tty14               ttyS25
i2c-4               tty15               ttyS26
i2c-5               tty16               ttyS27
i2c-6               tty17               ttyS28
i2c-7               tty18               ttyS29
i2c-8               tty19               ttyS3
i2c-9               tty2                ttyS30
input               tty20               ttyS31
kmsg                tty21               ttyS4
kvm                 tty22               ttyS5
lightnvm            tty23               ttyS6
loop-control        tty24               ttyS7
loop0               tty25               ttyS8
loop1               tty26               ttyS9
loop10              tty27               ttyprintk
loop11              tty28               udmabuf
loop12              tty29               uhid
loop13              tty3                uinput
loop14              tty30               urandom
loop15              tty31               userio
loop16              tty32               vcs
loop17              tty33               vcs1
loop18              tty34               vcs2
loop19              tty35               vcs3
loop2               tty36               vcs4
loop20              tty37               vcs5
loop21              tty38               vcs6
loop22              tty39               vcsa
loop3               tty4                vcsa1
loop4               tty40               vcsa2
loop5               tty41               vcsa3
loop6               tty42               vcsa4
loop7               tty43               vcsa5
loop8               tty44               vcsa6
loop9               tty45               vcsu
mapper              tty46               vcsu1
mcelog              tty47               vcsu2
mei0                tty48               vcsu3
mem                 tty49               vcsu4
memory_bandwidth    tty5                vcsu5
mmcblk0             tty50               vcsu6
mmcblk0p1           tty51               vfio
mqueue              tty52               vga_arbiter
net                 tty53               vhci
network_latency     tty54               vhost-net
network_throughput  tty55               vhost-vsock
null                tty56               zero
nvram               tty57               zfs
port                tty58

So perhaps this is an issue of outdated documentation and the docker-privilege command has been deprecated? I just can’t find any evidence of it existing.

ijohnson · January 9, 2020, 8:38pm

@tianon can you update the description of the snap to not mention this command? It is very old (from the very early days of the snap) AIUI and doesn’t exist anymore.

tianon · January 13, 2020, 8:45pm

Yep, great catch – updated.