Nsenter installed), with pid=host (so you are in the process space of the mini VM running Docker4Mac),Īnd then nsenter says “whatever is pid 1, use that as context, and enter all the namespaces of that, and run a shell there' Option 3 (easist): run nsenter from a pre-built image.

nothing special about it other than it apparently has It’s running a container (using the debian image. COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME anydesk 950 root 22u IPv4 39398 0t0. Option 2 (easier): Use nsenter in priviledged containerĭocker run -it -privileged -pid=host debian nsenter -t 1 -m -u -n -i sh This can be done by right clicking the Docker icon (looks like a ship) in the system tray. This is done by specifying the folder as shared. Nc -U ~/Library/Containers//Data/debug-shell.sockĮxit the shell with exit. In order for the volume to be mounted to the container, Docker must be granted access to do so. (If you're wondering where the '999' came from, see docker run -it -rm redis id, which provides uid999(redis) gid999(redis) groups999(redis).) When you bind-mount, Docker doesn't touch the permissions of the directory that's being mounted in, which I'm guessing is the problem here. This also works for Docker for Windows for getting in Moby Linux VM (doesn't work for Windows Containers).ĭocker run -it -rm -privileged -pid=host justincormack/nsenter1 Just run this from your Mac terminal and it'll drop you in a container with full permissions on the Docker VM. 2021 Update: Easiest option is Justin's repo and image