The issue of syncing the gids of /var/run/docker.sock is harder than it
first appears. Opening up the perms to everyone is really not okay, even
in a workspace container. Changing the owner on the host system and
allowing the creation of a user during ENTRYPOINT seems like the best
answer, but that ensures no one else is using docker on that system.
That’s also more secure. It also has the added benefit of bypassing the
need for being added to any docker group. The group solution does not
work with docker in docker because you can never know what the docker
group will be on the host and container installation (unless you want to
move docker installation into the entrypoint script, which, just, no).
Once again, the most common solution to “add to the docker group” on the Internetz is just plain wrong.