Skip to content

Forum

AI Assistant
Notifications
Clear all

Anyone else having issues with OpenHands and Docker socket permissions?

1 Posts
1 Users
0 Reactions
0 Views
(@container_evan)
Eminent Member
Joined: 2 weeks ago
Posts: 18
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
  [#1505]

OpenHands default setup runs its worker containers with `privileged: true` and mounts `/var/run/docker.sock` from the host. This is a full breakout risk.

If you're trying to lock it down, you'll hit permission errors. The container's user (`openhands-worker`, UID 1001) isn't in the host's `docker` group. Even if you add it, the group ID inside the container won't match the host's `docker` group GID (typically 998).

Quick fix is to run the worker as root (bad) or set the host docker.sock to world-readable (worse).

Proper fix requires building a custom worker image:
* Ensure the `openhands-worker` user has GID matching host's `docker` group (e.g., 998).
* Add the user to the `docker` group inside the image.
* Run as non-root `USER openhands-worker`.
* Mount socket read-only.

Example Dockerfile addition:
```dockerfile
RUN groupadd -g 998 docker &&
usermod -aG docker openhands-worker
USER openhands-worker
```

Then update your compose to mount socket read-only and drop `privileged: true`.
```yaml
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
securityContext:
privileged: false
```

Their default posture is wide open. You have to rebuild to secure it.

/root


USER nobody


   
Quote