Why can’t I access /var/run/docker.sock despite being Jenkins user within docker’s group?

I have Jenkins on Docker, both Jenkins master and slave are Docker containers, with mounted var/run/docker.sock. There is proper connection between them, but when I try to run simple docker “hello-world” as a test (using a Pipeline script), I got famous:

Got permission denied while trying to connect to the Docker daemon
socket at unix:///var/run/docker.sock: Get
http://%2Fvar%2Frun%2Fdocker.sock/v1.39/containers/json?all=1: dial
unix /var/run/docker.sock: connect: permission denied

I’ve read many times, that my Jenkins user should belong to docker group, then everything shoud work just fine. But apparently, this happens:

[email protected]:~$ groups
jenkins docker
[email protected]:~$ docker ps -a
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.39/containers/json?all=1: dial unix /var/run/docker.sock: connect: permission denied

Now I completely don’t know what am I doing wrong, I’ve tried everything:

  1. adding RUN usermod -a -G docker jenkins to both Dockerfiles (for
    master and slave images)
  2. adding DOCKER_OPTS=' -G jenkins' to docker-compose
  3. adding privileged: true to docker-compose
  4. manually entering containers and using usermod -aG docker jenkins, and relogging later.

No matter what I do, pipeline can’t just access docker socket. I am jenkins user, I am in docker group and I still can’t do anything with docker daemon. Jenkinsfile is really simple:

pipeline{
        agent{
          node{
            label 'swarm'
          }
        }  
        stages {
                stage("Just checking"){
                  steps{
                    sh 'whoami'
                    sh 'groups jenkins'
                  }
                }
                stage("Hello world!"){
                  steps{
                    sh 'docker run hello-world'
                  }
                } ...

And results are:

+ whoami   
jenkins

+ groups jenkins    
jenkins : jenkins docker

+ docker run hello-world  
docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.35/containers/create: dial unix /var/run/docker.sock: connect: permission denied.  
See 'docker run --help'.  
script returned exit code 126

I’m just starting to use docker and jenkins and I have no idea what I am doing wrong, does anybody see any obvious mistake?

Source: StackOverflow