Sharing unix socket via docker volume - permission denied

I try to share my php5-fpm socket via a volume with my nginx webserver. Fpm and nginx are running in different containers and I want to get them working via a shared volume where I place the socket file from fpm.

2014/04/13 10:53:35 [crit] 33#0: *1 connect() to unix:/container/fpm/run/php5-fpm.sock failed (13: Permission denied) while connecting to upstream, client: 192.168.8.2, server: docker.dev, request: "GET /test.php HTTP/1.1", upstream: "fastcgi://unix:/container/fpm/run/php5-fpm.sock:", host: "docker.dev"

I already tried setting permissions to 777 and changing the group of php5-fpm.socket to www-data.

Dockerfile of fpm container

FROM ubuntu:13.10

RUN apt-get update
RUN apt-get upgrade -y
RUN apt-get install -y php5-cli php5-common
RUN apt-get install -y php5-fpm php5-cgi

ADD ./php-fpm.conf /etc/php5/fpm/php-fpm.conf
ADD ./pool.d/www.conf /etc/php5/fpm/pool.d/www.conf
ADD ./php.ini /etc/php5/fpm/php.ini

CMD ["/usr/sbin/php5-fpm"]

Dockerfile of nginx container

FROM ubuntu:13.10

RUN apt-get update
RUN apt-get upgrade -y
RUN apt-get install -y nginx

ADD ./test.php /var/test/test.php
ADD ./test.html /var/test/test.html
ADD ./nginx.conf /etc/nginx/nginx.conf
ADD ./site /etc/nginx/sites-enabled/test

EXPOSE 80

CMD ["/usr/sbin/nginx"]

I can access the test.html but when accessing test.php I get 502 Bad Gateway.

Is there anything else I have to care about permissions when sharing stuff via volumes?

Its now 2015 and I assume the kernel patch the Michael mentions has now made it's way into the stable kernel. I have a working example of 2 docker containers one with php-fpm and the other with nginx talking to each other via a unix socket.

See: https://github.com/brad-jones/conductor/tree/master/example-project

The key to it working though was to open up the permissions on the socket.

Eg: listen.mode = 0777 in /etc/php-fpm.d/www.conf

It didn't seem to matter what listen.owner & listen.group were set to. The socket needed to be completely unrestricted, I guess because a user in one container, even if it has the same name in another container is still considered a different user.

Different containers cannot talk to each other via UNIX domain sockets when they are in different network namespaces. There is an unofficial kernel patch that allows this, but you're on your own if you use it.

ADD ./test.php /var/test/test.php in the fpm container

Php must be interpreted to be displayed, right?

How are you starting these containers?

Check the permissions on the containing directory.