add Docker Desktop on macOS compatibility#2019
Merged
89luca89 merged 1 commit into89luca89:mainfrom Mar 19, 2026
Merged
Conversation
ericcurtin
changed the title
Owner
|
Thanks @ericcurtin I don't have a mac now, does this work with exports too? Can I say export a bin (as gui apps we already stated won't work) and launch it transparently from mac userland? |
Contributor
Author
|
Just tested export, works fine, trying to fix CI |
Owner
|
I think UBIs are broken unrelated to this |
Contributor
Author
|
They kinda all look unrelated, but you'd know better than me. the sed change is because macOS sed behaves differently than GNU sed on Linux, using the bash substitution makes it portable everywhere. |
Owner
Yea we can ignore those
As long as it is POSIX sh compliant we should be OK |
Contributor
|
Distrobox seems to already work with Podman? I am not sure if the errors can be ignored. I installed with % distrobox --version
distrobox: 1.8.0
% distrobox enter
Error: no such container "my-distrobox"
Create it now, out of image registry.fedoraproject.org/fedora-toolbox:latest? [Y/n]:
Creating the container my-distrobox
Creating 'my-distrobox' using image registry.fedoraproject.org/fedora-toolbox:latest [ OK ]
Distrobox 'my-distrobox' successfully created.
To enter, run:
distrobox enter my-distrobox
Error: 2 errors occurred:
* copying to host: copier: put: error resolving "/tmp": open /tmp: too many levels of symbolic links
* copying from container: io: read/write on closed pipe
% distrobox enter my-distrobox
Starting container... [ OK ]
Installing basic packages... [ OK ]
Setting up devpts mounts... [ OK ]
Setting up read-only mounts... [ OK ]
Setting up read-write mounts... [ OK ]
Setting up host's sockets integration... [ OK ]
Integrating host's themes, icons, fonts... [ OK ]
Setting up distrobox profile... [ OK ]
Setting up sudo... [ OK ]
Setting up user groups... [ OK ]
Setting up kerberos integration... [ OK ]
Setting up user's group list... [ OK ]
Setting up existing user... [ OK ]
Ensuring user's access... [ OK ]
Container Setup Complete!
📦[adminaccount@my-distrobox]~/Developer/git/distrobox% |
Contributor
Author
Wanna try this branch on your machine also? |
Contributor
I still get the same errors. But I can re-enter just as with Note: it is defaulting to Podman as backend % gh pr checkout 2019
Switched to branch 'macos'
% git branch
* macos
main
% ./install
Installation successful!
Shell scripts are located in /Users/adminaccount/.local/bin
Manpages are located in /Users/adminaccount/.local/share/man/man1
% distrobox enter
Error: no such container "my-distrobox"
Create it now, out of image registry.fedoraproject.org/fedora-toolbox:latest? [Y/n]:
Creating the container my-distrobox
Creating 'my-distrobox' using image registry.fedoraproject.org/fedora-toolbox:latest [ OK ]
Distrobox 'my-distrobox' successfully created.
To enter, run:
distrobox enter my-distrobox
Error: 2 errors occurred:
* copying to host: copier: put: error resolving "/tmp": open /tmp: too many levels of symbolic links
* copying from container: io: read/write on closed pipe
% distrobox enter my-distrobox
Starting container... [ OK ]
Installing basic packages... [ OK ]
Setting up devpts mounts... [ OK ]
Setting up read-only mounts... [ OK ]
Setting up read-write mounts... [ OK ]
Setting up host's sockets integration... [ OK ]
Integrating host's themes, icons, fonts... [ OK ]
Setting up distrobox profile... [ OK ]
Setting up sudo... [ OK ]
Setting up user groups... [ OK ]
Setting up kerberos integration... [ OK ]
Setting up user's group list... [ OK ]
Setting up existing user - username... [ OK ]
Setting up existing user - shell... [ OK ]
Setting up existing user - GID... [ OK ]
Setting up existing user - groups... [ OK ]
Setting up user home... [ OK ]
Ensuring user's access... [ OK ]
Container Setup Complete!
📦[adminaccount@my-distrobox]~/Developer/git/distrobox% |
Contributor
|
The error actually comes from % distrobox create -i ubuntu
Image ubuntu not found.
Do you want to pull the image now? [Y/n]:
Resolved "ubuntu" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull docker.io/library/ubuntu:latest...
Getting image source signatures
Copying blob sha256:86790fc5660dcd86928b849ae0826aba701bf9e005e92c8f9e06c917e82c87f7
Copying config sha256:e3847ac055b4ba872fb8926fbb9eda15e7f0a586dd4f1885639a3679732924fb
Writing manifest to image destination
e3847ac055b4ba872fb8926fbb9eda15e7f0a586dd4f1885639a3679732924fb
Creating 'ubuntu' using image ubuntu [ OK ]
Distrobox 'ubuntu' successfully created.
To enter, run:
distrobox enter ubuntu
Error: 2 errors occurred:
* copying to host: copier: put: error resolving "/tmp": open /tmp: too many levels of symbolic links
* copying from container: io: read/write on closed pipe |
Contributor
Author
|
@osalbahr maybe a fix for another PR, I don't have podman, doesn't occur via docker desktop |
Contributor
|
Ok. Just uninstalled Podman. It seems to work fine with Docker Desktop! Once this is merged, I can look into Podman integration. % podman
zsh: command not found: podman
% distrobox enter
Error response from daemon: No such container: my-distrobox
Create it now, out of image registry.fedoraproject.org/fedora-toolbox:latest? [Y/n]:
Creating the container my-distrobox
latest: Pulling from fedora-toolbox
cdd8a94ea1d3: Pull complete
Digest: sha256:f5a6fd49b00a5f75aa01c04faf1dc7673adae1626aad489981048d2c1566d445
Status: Downloaded newer image for registry.fedoraproject.org/fedora-toolbox:latest
registry.fedoraproject.org/fedora-toolbox:latest
Creating 'my-distrobox' using image registry.fedoraproject.org/fedora-toolbox:latest [ OK ]
Distrobox 'my-distrobox' successfully created.
To enter, run:
distrobox enter my-distrobox
Successfully copied 2.56kB to /tmp/my-distrobox.os-release
Starting container... [ OK ]
Installing basic packages... [ OK ]
Setting up devpts mounts... [ OK ]
Setting up read-only mounts... [ OK ]
Setting up read-write mounts... [ OK ]
Setting up host's sockets integration... [ OK ]
Integrating host's themes, icons, fonts... [ OK ]
Setting up distrobox profile... [ OK ]
Setting up sudo... [ OK ]
Setting up user groups... [ OK ]
Setting up user's group list... [ OK ]
Adding user... [ OK ]
Ensuring user's access... [ OK ]
Container Setup Complete!
📦[adminaccount@my-distrobox]~% |
89luca89
requested changes
Mar 18, 2026
On macOS, Docker Desktop mounts all paths as private (rprivate) in its
Linux VM via VirtioFS, so rslave/rshared bind propagation is rejected.
Strip these propagation options from the generated docker create command
when running on Darwin.
Also fix a bug in distrobox-init where the socket path prefix stripping
used `sed 's|/run/host||g'` with the global flag, causing paths like
`/run/host/run/host-services/ssh-auth.sock` (a Docker Desktop socket)
to be mangled into `-services/ssh-auth.sock`. The leading `-` was then
parsed as a flag by `rm`, crashing the init script. Replace with shell
parameter expansion `${host_socket#/run/host}` which strips the prefix
exactly once.
distrobox-init detects "rootful" mode by checking if /run/host/etc/shadow
is accessible and owned by root. On macOS with Docker Desktop, all containers
run as root inside the Linux VM, so this check always succeeds even for
containers created without --root, causing a spurious first-shell password
prompt.
Fix this by having distrobox-create mount /dev/null:/run/.distrobox.rootless:ro
for every rootless container. distrobox-init now checks for this marker first
and skips the shadow heuristic when it is present.
This is backward-compatible: existing containers without the marker continue
to use the shadow-file heuristic as before.
Signed-off-by: Eric Curtin <eric.curtin@docker.com>
89luca89
approved these changes
Mar 19, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
On macOS, Docker Desktop mounts all paths as private (rprivate) in its
Linux VM via VirtioFS, so rslave/rshared bind propagation is rejected.
Strip these propagation options from the generated docker create command
when running on Darwin.
Also fix a bug in distrobox-init where the socket path prefix stripping
used
sed 's|/run/host||g'with the global flag, causing paths like/run/host/run/host-services/ssh-auth.sock(a Docker Desktop socket)to be mangled into
-services/ssh-auth.sock. The leading-was thenparsed as a flag by
rm, crashing the init script. Replace with shellparameter expansion
${host_socket#/run/host}which strips the prefixexactly once.
distrobox-init detects "rootful" mode by checking if /run/host/etc/shadow
is accessible and owned by root. On macOS with Docker Desktop, all containers
run as root inside the Linux VM, so this check always succeeds even for
containers created without --root, causing a spurious first-shell password
prompt.
Fix this by having distrobox-create mount /dev/null:/run/.distrobox.rootless:ro
for every rootless container. distrobox-init now checks for this marker first
and skips the shadow heuristic when it is present.
This is backward-compatible: existing containers without the marker continue
to use the shadow-file heuristic as before.