Docker Desktop for Mac Commands for Getting a Shell Into The Local Docker VM

When using Docker Desktop for Mac, you're actually using a tiny (custom) Alpine Linux running in a special xhyve VM on macOS. There's so much cool stuff happening, you're meant to forget it's still running on a Linux kernel.

There are many articles telling you how to get into the Docker VM on Mac. This is just a short list of those commands for dealing with the VM tty. I have yet to have a reason for doing so, but I get asked how to do it, so here ya go. Copy/paste from below or star my Gist here.

Update: Easiest option is Justin Cormack's (former Docker CTO) image

Just run this from your Mac terminal and it'll drop you in a container with full permissions on the Docker VM. This also works for Docker for Windows for getting in Moby Linux VM (doesn't work for Windows Containers).

docker run -it --rm --privileged --pid=host justincormack/nsenter1

more info: github.com/justincormack/nsenter1

Option 1 (hard way): use netcat

nc -U ~/Library/Containers/com.docker.docker/Data/debug-shell.sock

Exit the shell with exit.

Option 2 (easier): Use nsenter in privileged container

docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i sh

Phil Estes (Docker Maintainer) says:

it’s running a container (using the debian image. nothing special about it other than it has nsenter installed), with pid=host (so you are in the process space of the mini VM running Docker), and then nsenter says “whatever is pid 1, use that as context, and enter all the namespaces of that, and run a shell there"

Option 3 (easiest): run nsenter from a pre-built image. From Justin Cormack

docker run -it --rm --privileged --pid=host justincormack/nsenter1