It took me several hours of painful reading around to understand what works and what doesn't where the combo of macOS + Docker + X11 forwarding is concerned. So I am writing this down for my own future reference.
tl;dr: Follow the instructions in this gist.
open -a XQuartz && \
xhost +localhost && \
docker run --rm -it --platform=linux/amd64 -e DISPLAY=host.docker.internal:0 gns3/xeyes && \
xhost -localhost
- Mounting the unix socket doesn't work because of this WONTFIX Docker issue.
- Because mounting the socket doesn't work, you have to allow network client connections in XQuartz preferences > Security. Tedious. Setting up Little Snitch to deny incoming connections to port 6000 is probably a good idea.
- This comment suggests a more robust security solution using
xauth
that I haven't really looked into. host.docker.internal
is magic.