166

The command docker run -v /var/folders/zz/... produces the following error.

docker: Error response from daemon: Mounts denied: 
The paths /var/folders/zz/... and /var/folders/zz/...
are not shared from OS X and are not known to Docker.
You can configure shared paths from Docker -> Preferences... -> File Sharing.

When I do open File Sharing, I see that /private is listed already.

If I attempt to add /var/folder/, it resolves to /private/var/folders, which is a subset of /private and hence the addition is rejected.

To summarize, it looks to me like the directory /var/folders/.. is shared by OS X as a subdirectory of /private and hence must be known to Docker. Any help on resolving this would be appreciated.

As an experiment, I replaced the /private in File Sharing with /private/var/folders and restarted the docker but the result did not change.

Just for a more complete reference, this is the .sh script, which runs this python script, which in turn runs the docker command.

codeforester
  • 39,467
  • 16
  • 112
  • 140
Aayush
  • 1,790
  • 2
  • 11
  • 9
  • 4
    Did you try `-v /private/var/folders/zz/...` ? – Dan Lowe Jul 15 '17 at 20:34
  • @DanLowe: I had not, because the code went like `WORKING_DIR="$(mktemp -d)` and, `-v ${WORKING_DIR}`. But hacking that to `WORKING_DIR="/private"$(mktemp -d)`, seems to resolve the issue. Thank you so much :) – Aayush Jul 15 '17 at 21:05
  • I encounter the same error message. my situation is don't contain any space in your directory I change "server side" to "serverSide" then it solved. hope it can help some one. – andrew54068 Mar 25 '20 at 06:50
  • change /data to /private. /data is common in examples – Clode Morales Pampanga III Mar 22 '23 at 07:54

18 Answers18

183

Docker for Mac volume mounts behave differently than the base Docker system. This is mostly because Docker tries to comply with Apple's filesystem sandbox guidelines.

As shown in Docker's preferences, only certain paths are exported by macOS.

  • /Users
  • /Volumes
  • /tmp
  • /private

File Sharing preference panel

/var in macOS is a symbolic link into /private. That is also true for /tmp:

$ ls -ld /tmp /var
lrwxr-xr-x@ 1 root  wheel  11 Jan 26 16:18 /tmp -> private/tmp
lrwxr-xr-x@ 1 root  wheel  11 Jan 26 16:18 /var -> private/var

Why is /tmp listed in the sharing panel, but /var is not (even though both are a part of /private)? Docker for Mac's documentation about filesystem namespaces explains:

By default, you can share files in /Users/, /Volumes/, /private/, and /tmp directly. To add or remove directory trees that are exported to Docker, use the File sharing tab in Docker preferences whale menu -> Preferences -> File sharing. (See Preferences.)

All other paths used in -v bind mounts are sourced from the Moby Linux VM running the Docker containers, so arguments such as -v /var/run/docker.sock:/var/run/docker.sock should work as expected. If a macOS path is not shared and does not exist in the VM, an attempt to bind mount it will fail rather than create it in the VM. Paths that already exist in the VM and contain files are reserved by Docker and cannot be exported from macOS.

Note that /var/run is specifically mentioned here as a place that would be mounted from the Linux VM, instead of from macOS.

When you ask for a volume mount, macOS filesystem exports are checked first. If there is no match there, the Linux VM where Docker is running is checked next. If neither of them have the path you requested, then the mount fails.

In your case, /var is not exported by macOS. /var exists in the Linux VM, but /var/folders does not. Therefore, the path is not available, and the mount fails.

If you change the path to /private/var, then it will succeed, because macOS exports the entire /private filesystem tree for mounting.

In order to make things more portable, you may want to test which platform you are currently running on, and if it's macOS, prefix the mount path with /private.

Dan Lowe
  • 51,713
  • 20
  • 123
  • 112
  • 1
    Just to be sure: i have `-v /var/janus:/var/janus`. Should i change the path to start with `/private` in both paths (before and after `:`) or just the first one? – Samuel Méndez Sep 07 '17 at 08:54
  • 5
    @SamuelMéndez Just the first one. The format is `mac-path:container-path`, and `/private` would only exist on the Mac side of it. – Dan Lowe Sep 07 '17 at 13:33
  • 3
    I facing similar issue can anyone help me to resolve ("b'Mounts denied: \r\nThe path /etc/localtime\r\nis not shared from OS X and is not known to Docker.\r\nYou can configure shared paths from Docker -> Preferences... -> File Sharing.\r\nSee https://docs.docker.com/docker-for-mac/osxfs/#namespaces for more info.\r\n.'") tried adding /etc via Docker -> Preferences... -> File Sharing it says /etc is reserved for mac os any solutions guys? – Sandish Kumar H N Feb 13 '18 at 05:43
  • 1
    @SandishKumarHN On macOS, `/etc` is a link to `/private/etc`. And `/private` is already on the exports list in the Docker prefs. Try mounting `/private/etc/localtime` instead. – Dan Lowe Feb 13 '18 at 12:49
  • 1
    @DanLowe Thanks for the response. If I try to add /private/etc/localtime is throwing "The export path /private/etc/localtime overlaps with the export path /private." I tired adding "/etc/localtime" but got new error it says "APIError: 500 Server Error: Internal Server Error ("error while creating mount source path '/etc/localtime': mkdir /etc/localtime: file exists")" Any Idea?? – Sandish Kumar H N Feb 13 '18 at 15:40
  • @SandishKumarHN I didn't mean to add `/private/etc/localtime` to the Docker preferences, I meant to just mount that path when you are creating your container, e.g. `/private/etc/localtime:/etc/localtime` – Dan Lowe Feb 13 '18 at 15:44
  • @DanLowe I'm using this clusterdock https://github.com/clusterdock/clusterdock here they are doing mount /etc/localtime to match host and container time. https://github.com/clusterdock/clusterdock/blob/master/clusterdock/models.py#L197 Can you please suggest any idea why I'm getting this "b'Mounts denied: \r\nThe path /etc/localtime\r\nis not shared from OS X and is not known to Docker.\r\nYou can configure shared paths from Docker -> Preferences... -> File Sharing.\r\nSee https://docs.docker.com/docker-for-mac/osxfs/#namespaces for more info.\r\n.'" error – Sandish Kumar H N Feb 13 '18 at 16:18
  • @SandishKumarHN You should really post a question with all the pertinent details, this has gone a bit past the comments section already. – Dan Lowe Feb 13 '18 at 16:30
  • 2
    Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/165073/discussion-between-sandish-kumar-h-n-and-dan-lowe). – Sandish Kumar H N Feb 13 '18 at 16:56
  • 1
    @DanLowe Thank you for your kind answer. I understand you. When we develop on Mac OS, deploy on Ubuntu. We use docker-compose to volume /etc/localtime. Are we gonna check the system and set different path? Like `/private/etc/localtime` for mac os, `/etc/localtime` for ubuntu. How to tell the system info in Docker-compose.yml? Thank you! – hzwzw Sep 01 '18 at 17:58
  • Wow. If any Docker developers are here, can you LINK or Copy this excellent response? Searching the Docker documentation and Git issues you will -- years later and to this day -- not fully understand the above. – Scott Prive May 24 '19 at 11:52
  • This USED to work in Mac Docker Desktop. For example: there are people who need to run existing Python code (which uses "logger" module to `/val`log`) and where it is "NOT an option" to add OS-conditional loggint to the Python source. – Scott Prive May 24 '19 at 11:56
  • Thanks for this, would have been a loooong search otherwise ;-) – Stef Van Looveren Apr 05 '22 at 12:50
  • Same issue on Ubuntu 22.04.02 as well in 2022!!. I moved my code to /home/Documents and now I can mount bind volume without any issue. – learner Oct 09 '22 at 04:53
42

Pre-req : need to have 'docker desktop' installed, Follow steps mentioned in image: enter image description here

Govind
  • 483
  • 5
  • 8
  • 1
    This works with any version of Docker Desktop. I use it on Ubuntu 20.04. – Daisuke Aramaki May 07 '22 at 15:48
  • The steps from the image: 1) Click on Settings 2) Click on Resources to expand 3) Click on FILE SHARING 4) Click on the + icon to add a path 5) Once path is selected, click on Apply & Restart – Tracy Logan Aug 11 '22 at 18:54
  • This works for me on mac. – Pallawi.ds Feb 06 '23 at 07:31
  • After clicking on the "add" icon, press the "enter" key so that you can actually add to the list. (It took me a while to find this detail and it wasn't enough to just type the new folder and I couldn't add it to the list) – José Victor Mar 27 '23 at 12:56
31

With the new version 3.0.0 of Docker for mac, you need to disable use gRPC FUSE for file sharing in Preferences>Experimental Features.

François Alexandre COLOMBANI
  • 567
  • 5
  • 6
20

I had a similar problem where I had created a directory /var/tmp in my Mac which I wanted to mount in my docker container.

Solved it by adding the directory path to a file as follows:

$ cat ~/Library/Group\ Containers/group.com.docker/settings.json  
{
  "filesharingDirectories" : [
    "\/Users",
    "\/Volumes",
    "\/private",
    "\/tmp",
    "\/var\/tmp"
  ],
…

Now I could see the directory /var/tmp in Docker->preference->resources->file sharing. Then I restarted the docker.

It then solved my mounting problem.

Saum
  • 301
  • 2
  • 2
  • I had this problem on a project that for historical reasons needed to mount to a path at the root i.e. /product_name. I followed the MacOS synthetic.conf editing to map them to accessible folders and had shared these mapped folders using the docker settings file sharing. This was not enough, as the docker UI does not allow you to select a symlink using a finder file select dialog I had to edit the file path using the json file as described. – Rob Dec 13 '20 at 18:15
  • had to add both /private/var/tmp and /var/tmp in order for this to work – yaara4 Jul 22 '21 at 09:58
  • Yes, this. I don't want to change the location(s) of accessible folders based on whether I'm running on my Mac or a Unix server or whatever. This makes things work on the Mac consistently with other environments. – Erick G. Hagstrom Aug 02 '21 at 20:56
13

As an alternative solution:

Change the path from /private/instance1-data:/home to ./instance1-data:/home

In the *nix land and hence, Docker, the . indicates the current directory. Since macOS is picky ang getting even pickier about sandboxing, this seems like a viable solution for macOS. Just create the folder needed for instance1 in the same directory.

Another advantage of this solution is that it removes the need to run docker-compose with sudo. Regardless, it causes no harm in this case but still, that's a plus.

Can
  • 4,516
  • 6
  • 28
  • 50
Melih
  • 666
  • 1
  • 9
  • 24
  • I like this one! Portable, no need to "if (macOs) ...", and might (arguably) be neat to have the volumes in the project root anyways. – Jannik Jan 15 '21 at 15:33
  • 1
    Did Docker start supporting relative paths? I use "$(pwd)/instance1-data" – Nick Manning Jul 28 '21 at 22:52
5

uninstall version 20 and download old version stable https://desktop.docker.com/mac/stable/48506/Docker.dmg

marquitobb
  • 380
  • 3
  • 7
  • There's a newer version than the one listed found here: https://docs.docker.com/docker-for-mac/release-notes/ (version 3.0 broke my docker setup) – risa_risa Dec 11 '20 at 00:53
  • 2
    Version 3.0 broke my docker setup too. Keep getting docker-compose errors trying to mount folders. I went back to version 2.4.0. – kenecaswell Dec 11 '20 at 01:30
  • 5
    Another workaround is to disable "Use gRPC Fuse for file sharing" under "Experimental Features" in the Docker Preferences. – Mohit Rajan Dec 11 '20 at 05:09
5

In the current latest version ( Docker 3.0.2 ), in macos, you must allowed directory for read docker:

enter image description here

Diego Santa Cruz Mendezú
  • 4,325
  • 39
  • 27
2

As an example, using Portainer, this command works for me:

docker run -d --restart unless-stopped -p 9000:9000 \
 -v /var/run/docker.sock:/var/run/docker.sock \
 -v /var:/data portainer/portainer --no-auth

But, if I vary the -v /var:/data at all, it won't work. I think (but not sure) that its because Docker is trying to do a mkdir. So, if I try to mount -v /var/whatever:/data, mkdir fails because not enough permission, and it doesn't work.

I have 2 Mac's (High Sierra) and I tried it on both. Same problem. Also, I tried using Docker Beta channel. I think I understand Dan Lowe's answer: I'll update this answer if that works for me.

UPDATE:

Now this works. NOTE: I configured docker to allow permission to /var/tmp

docker run -d --restart unless-stopped -p 9000:9000 \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v /var/tmp/data:/data portainer/portainer --no-auth
djangofan
  • 28,471
  • 61
  • 196
  • 289
1

If you're still having this issue on MAC try adding: $PWD

Add $PWD before your local file directory path like so: docker run -v $PWD/folders/:/path/to/directory.

Dharman
  • 30,962
  • 25
  • 85
  • 135
CodeTzu
  • 45
  • 5
1

if you can't see a folder on mac unhide hiden by opening terminal and type:

defaults write com.apple.Finder AppleShowAllFiles YES

then relaunch finder by holding alt and right clicking (two finger) on the finder and select relaunch then click on "finder" next to file in the menu bar, click preferences add a check in the hard disks under show these items on the desktop then side bar check the hard disks there too then go to the hidden folder and drag it to your favorites and it will show up in the docker> preferences > resources > file sharing > + window

Ben Rey
  • 11
  • 2
0

My issue fixed when I removed the project Path from File Sharing in docker preferences and restart the docker, Then add the project file path again.

Arghya Sadhu
  • 41,002
  • 9
  • 78
  • 107
johnnashautomation
  • 1
0

you have to add both /private/var/tmp and /var/tmp to resolve issue

yaara4
  • 304
  • 3
  • 8
0

From my side: After adding the folder, restarting both terminal and docker resolved the issue on my side

Jackson
  • 71
  • 1
  • 6
0

I add the folder /builds to filesharingDirectories in ~/Library/Group\ Containers/group.com.docker/settings.json, like:

"filesharingDirectories": [
    "/builds",
    "/host_mnt",
    "/tmp",
    "/Users",
    "/Volumes",
    "/private",
    "/var/folders"
  ],

(I also added host_mnt)

Then I added both folders to the / using the file /etc/synthetic.conf:

mkdir -p /Users/me/gitlab-misc/builds
mkdir -p /Users/me/gitlab-misc/host_mnt
sudo vim /etc/synthetic.conf

Inside the /etc/synthetic.conf I have:

builds  /Users/me/gitlab-misc/builds
host_mnt    /Users/me/gitlab-misc/host_mnt

(Use TAB, not space)

sudo chmod 0644 /etc/synthetic.conf
sudo chown root:wheel /etc/synthetic.conf

And reboot the machine

Rui Martins
  • 3,337
  • 5
  • 35
  • 40
0

I would like to add that I had the path already added to Docker, but I fat fingered the bind mount to be absolute instead of relative and I was pointing it to a non-existent file. I was getting the same error as OP.

Ryan McGrath
  • 2,180
  • 1
  • 11
  • 10
0

If you have an .env file, double check the BASE_PATH constant as it may contain an incorrect path.

# System Configuration
BASE_PATH=/Users/<your_OS_user>/Projects

In my case it was about that.

Luca Scandroglio
  • 171
  • 1
  • 6
0

You can read this document, which goes into more detail: https://docs.docker.com/desktop/settings/mac/#file-sharing volumes: one refers to the current computer, the other refers to docker's containers, and in docker's setting file /Users is already set in docker's setting for file-sharing, and on a mac, /Users can find almost all the files on your machine.

monkey
  • 1
  • 1
-1

For netcoreapp ensure you have shared /usr/local/share/

user14342066
  • 1