choredocker): enhance local Docker socket access and error handling

- Added guidance for Docker socket group access in docker-compose files. - Introduced docker-compose.override.example.yml for supplemental group configuration. - Improved entrypoint diagnostics to include socket GID and group guidance. - Updated README with instructions for setting up Docker socket access. - Enhanced backend error handling to provide actionable messages for permission issues. - Updated frontend components to display troubleshooting information regarding Docker socket access. - Added tests to ensure proper error messages and guidance are rendered in UI. - Revised code coverage settings to include Docker service files for better regression tracking.
2026-02-25 03:42:01 +00:00
parent 9a683c3231
commit aa2e7a1685
14 changed files with 765 additions and 169 deletions
--- a/README.md
+++ b/README.md
@@ -94,6 +94,19 @@ services:
      retries: 3
      start_period: 40s
 ```
+> **Docker Socket Access:** Charon runs as a non-root user. If you mount the Docker socket for container discovery, the container needs permission to read it. Find your socket's group ID and add it to the compose file:
+>
+> ```bash
+> stat -c '%g' /var/run/docker.sock
+> ```
+>
+> Then add `group_add: ["<gid>"]` under your service (replace `<gid>` with the number from the command above). For example, if the result is `998`:
+>
+> ```yaml
+>     group_add:
+>       - "998"
+> ```
+
 ### 2️⃣ Generate encryption key:
 ```bash
 openssl rand -base64 32