3/18/2018 - 8:31 AM

Getting a Shell in the Docker for Mac Moby VM

Getting a Shell in the Docker for Mac Moby VM

2018 Update: Easiest option is Justin's repo and image

Just run this from your Mac terminal and it'll drop you in a container with full permissions on the Moby VM. This also works for Docker for Windows for getting in Moby Linux VM (doesn't work for Windows Containers).

docker run -it --rm --privileged --pid=host justincormack/nsenter1

more info: https://github.com/justincormack/nsenter1

Option 1: use Screen (not as easy as nsenter)

Note this isn't a list of commands to run in order. The first one gets you in the VM (hit return twice to see a prompt). Then other commands are for managing that connection. Not a great CLI expirence but gets the job done. Using the ctrl- options prevents garbled text on reconnect.

connect to tty on Docker for Mac VM

screen ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty

disconnect that session but leave it open in background

Ctrl-a d

list that session that's still running in background

screen -ls

reconnect to that session (don't open a new one, that won't work and 2nd tty will give you garbled screen)

screen -r

kill this session (window) and exit

Ctrl-a k

Option 2 (easier): Use nsenter in priviledged container

docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i sh

Phil Estes (Docker Maintainer) says:

it’s running a container (using the debian image..nothing special about it other than it apparently has nsenter installed), with pid=host (so you are in the process space of the mini VM running Docker4Mac), and then nsenter says “whatever is pid 1, use that as context, and enter all the namespaces of that, and run a shell there"

Or even easier, from Justin Cormack (Docker Maintainer)

docker run -it --rm --privileged --pid=host justincormack/nsenter1

Justin Says:

Personally I mostly use screen, but then I also use the above too. That's my minimal nsenter image.