[Docker Desktop] Get into the Docker VM on Mac or Windows

Posted on 2021-06-19 Edited on 2024-09-12 In Cloud-Native , Container , Docker , Docker Desktop Views: Word count in article: 1.9k Reading time ≈ 2 mins.

Get into the Docker VM

When using Docker Desktop for Mac and Windows | Docker - https://www.docker.com/products/docker-desktop, you’re actually using a tiny (custom) Alpine Linux running in a special xhyve VM on macOS or Windows. There’s so much cool stuff happening, you’re meant to forget it’s still running on a Linux kernel.

There are some ways to get into the Docker VM on Mac.

Usages

2021 Update: Easiest option is Justin’s repo and image

Just run this from your Mac terminal and it’ll drop you in a container with full permissions on the Docker VM. This also works for Docker for Windows for getting in Moby Linux VM (doesn’t work for Windows Containers).

1	$ docker run -it --rm --privileged --pid=host justincormack/nsenter1

more info: GitHub - justincormack/nsenter1: simple nsenter to namespaces of pid 1 - https://github.com/justincormack/nsenter1

Option 1 (hard way): use netcat

1	$ nc -U ~/Library/Containers/com.docker.docker/Data/debug-shell.sock

Exit the shell with exit.

Option 2 (easier): Use nsenter in priviledged container

1	$ docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i sh

Phil Estes (Docker Maintainer) says:

it’s running a container (using the debian image. nothing special about it other than it apparently has nsenter installed), with pid=host (so you are in the process space of the mini VM running Docker4Mac), and then nsenter says “whatever is pid 1, use that as context, and enter all the namespaces of that, and run a shell there"