Docker Daemon Socket Errors — Why Disk Full Crashes CI/CD
100% disk usage silently crashes dockerd and blocks all CI/CD builds.
20+ years shipping production infrastructure and CI/CD at scale. Drawn from code that ran under real load.
- ✓Basic programming fundamentals
- ✓A computer with internet access
- ✓Willingness to follow along with examples
- Error: 'Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?' means the Docker CLI cannot reach the daemon process
- The daemon listens on a Unix socket at /var/run/docker.sock by default
- Common causes: daemon not running, permission denied, socket missing, WSL2 issues
- Fix: start the daemon, add user to docker group, or check socket permissions
- On Linux, run: sudo systemctl start docker
- Biggest mistake: running everything with sudo instead of fixing group permissions
Docker has two parts: the command-line tool you type commands into, and a background service (the daemon) that actually does the work. This error means the command-line tool tried to talk to the background service, but the line was dead. Either the service is not running, your user does not have permission to pick up the phone, or the phone line (socket file) is missing entirely.
The error 'Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?' occurs when the Docker CLI cannot communicate with the Docker daemon process. The daemon is the background service that manages containers, images, networks, and volumes.
This error blocks all Docker operations — every docker command will fail until the connection is restored. The root cause varies across environments: the daemon may not be running, the user may lack socket permissions, or the socket file may be missing entirely. This guide covers every cause, the exact fix for each, and prevention strategies for production systems.
What Causes This Error?
The error 'Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?' occurs when the Docker CLI cannot establish a connection to the Docker daemon process through the Unix socket.
The Docker architecture has two components: the Docker CLI (the command you type) and the Docker daemon (the background service that manages containers). The CLI communicates with the daemon through a Unix socket at /var/run/docker.sock. When this socket is unavailable, inaccessible, or the daemon process is not running, every Docker command fails with this error.
There are five primary causes: the daemon is not running, the user lacks socket permissions, the socket file is missing, the disk is full, or the environment is misconfigured (WSL2, remote Docker hosts). Each cause requires a different fix.
- Docker CLI = the command you type (docker run, docker ps, etc.)
- Docker daemon = the background service (dockerd) that does the actual work
- Unix socket = the communication channel between CLI and daemon at /var/run/docker.sock
- If the socket is missing, broken, or permission-denied, all docker commands fail
- The daemon is a system service managed by systemd on Linux or Docker Desktop on macOS
Fixing on Linux
Linux is the most common environment for this error because Docker runs as a systemd service and socket permissions depend on group membership. The fix depends on whether the daemon is running, the socket exists, and the user has the correct permissions.
The most frequent cause on Linux is that the Docker daemon service is not running — either it was never started, it crashed, or it was not enabled to start on boot. The second most common cause is permission denied on the socket, which happens when the user is not in the docker group.
- Running docker with sudo every time is a security risk — fix group permissions instead
- Group changes require a new login session — newgrp docker or log out and back in
- SELinux or AppArmor can block socket access even with correct group membership
- Snap-installed Docker uses a different socket path — check /var/run/snap.docker.socket
- systemd socket activation means the daemon starts on first docker command — check socket unit
Fixing on macOS and Windows (WSL2)
On macOS and Windows, Docker runs inside a lightweight path is ~/.docker/run/docker.sock (not /var/run/docker.sock). Docker Desktop symlinks this to the standard location. On Windows with WSL2, the socket is provided by Docker Desktop's WSL integration — if Docker Desktop is not running on Windows, the WSL2 environment cannot connect.
- Docker Desktop must be running — it manages the VM that hosts the Docker daemon
- On macOS, the socket is at ~/.docker/run/docker.sock — Docker Desktop symlinks it
- On WSL2, Docker Desktop provides the daemon — do not install Docker Engine inside WSL2
- If WSL integration breaks, toggle it off and on in Docker Desktop Settings
- Docker Desktop uses significant RAM (2-4GB) — check if the VM has enough memory