Skip to content

Instantly share code, notes, and snippets.

@BretFisher

BretFisher/docker-for-mac.md

Last active April 26, 2024 09:38
Show Gist options
  • Save BretFisher/5e1a0c7bcca4c735e716abf62afad389 to your computer and use it in GitHub Desktop.
Save BretFisher/5e1a0c7bcca4c735e716abf62afad389 to your computer and use it in GitHub Desktop.
Download ZIP
Getting a Shell in the Docker Desktop Mac VM
Raw
docker-for-mac.md

2021 Update: Easiest option is Justin's repo and image

Just run this from your Mac terminal and it'll drop you in a container with full permissions on the Docker VM. This also works for Docker for Windows for getting in Moby Linux VM (doesn't work for Windows Containers).

docker run -it --rm --privileged --pid=host justincormack/nsenter1

more info: https://github.com/justincormack/nsenter1

Option 1 (hard way): use netcat

nc -U ~/Library/Containers/com.docker.docker/Data/debug-shell.sock

Exit the shell with exit.

Option 2 (easier): Use nsenter in priviledged container

docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i sh

Phil Estes (Docker Maintainer) says:

it’s running a container (using the debian image. nothing special about it other than it apparently has nsenter installed), with pid=host (so you are in the process space of the mini VM running Docker4Mac), and then nsenter says “whatever is pid 1, use that as context, and enter all the namespaces of that, and run a shell there"

Option 3 (easist): run nsenter from a pre-built image. From Justin Cormack (Docker Maintainer)

docker run -it --rm --privileged --pid=host justincormack/nsenter1

@BretFisher
Copy link
Author

@rob-weiss that doesn't sound like the best way to set proxy ENVs. 1st, you should be setting those in the Docker Desktop settings under Resources. Then, you should change them in your docker CLI config: https://docs.docker.com/network/proxy/

@inieves
Copy link

inieves commented Sep 21, 2023

I am running with userns. It seems that as a result, none of the --privileged solutions work. I receive:
docker: Error response from daemon: privileged mode is incompatible with user namespaces. You must run the container in the host namespace when running privileged mode.

I tried all other solutions in this thread. None work.

Any thoughts on how to get into the underlying VM while in userns mode?

@lrtfm
Copy link

lrtfm commented Apr 18, 2024

Remove the control sequence like ^[[5;5R from the nc solution: (https://x.com/developerguyba/status/1458109231169691654)

stty -echo -icanon && nc -U ~/Library/Containers/com.docker.docker/Data/debug-shell.sock && stty sane

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment