Mounts denied. The paths ... are not shared from OS X and are not known to Docker
MacosDockerDocker for-MacMacos Problem Overview
The command docker run -v /var/folders/zz/...
produces the following error.
docker: Error response from daemon: Mounts denied:
The paths /var/folders/zz/... and /var/folders/zz/...
are not shared from OS X and are not known to Docker.
You can configure shared paths from Docker -> Preferences... -> File Sharing.
When I do open File Sharing, I see that /private is listed already.
If I attempt to add /var/folder/
, it resolves to /private/var/folders
, which is a subset of /private and hence the addition is rejected.
To summarize, it looks to me like the directory /var/folders/..
is shared by OS X as a subdirectory of /private
and hence must be known to Docker. Any help on resolving this would be appreciated.
As an experiment, I replaced the /private
in File Sharing with /private/var/folders
and restarted the docker but the result did not change.
Just for a more complete reference, this is the .sh script, which runs this python script, which in turn runs the docker command.
Macos Solutions
Solution 1 - Macos
Docker for Mac volume mounts behave differently than the base Docker system. This is mostly because Docker tries to comply with Apple's filesystem sandbox guidelines.
As shown in Docker's preferences, only certain paths are exported by macOS.
/Users
/Volumes
/tmp
/private
/var
in macOS is a symbolic link into /private
. That is also true for /tmp
:
$ ls -ld /tmp /var
lrwxr-xr-x@ 1 root wheel 11 Jan 26 16:18 /tmp -> private/tmp
lrwxr-xr-x@ 1 root wheel 11 Jan 26 16:18 /var -> private/var
Why is /tmp
listed in the sharing panel, but /var
is not (even though both are a part of /private
)? Docker for Mac's documentation about filesystem namespaces explains:
> By default, you can share files in /Users/
, /Volumes/
, /private/
, and /tmp
directly. To add or remove directory trees that are exported to Docker, use the File sharing tab in Docker preferences whale
menu -> Preferences -> File sharing. (See Preferences.)
>
> All other paths used in -v
bind mounts are sourced from the Moby Linux VM running the Docker containers, so arguments such as -v /var/run/docker.sock:/var/run/docker.sock
should work as expected. If a macOS path is not shared and does not exist in the VM, an attempt to bind mount it will fail rather than create it in the VM. Paths that already exist in the VM and contain files are reserved by Docker and cannot be exported from macOS.
Note that /var/run
is specifically mentioned here as a place that would be mounted from the Linux VM, instead of from macOS.
When you ask for a volume mount, macOS filesystem exports are checked first. If there is no match there, the Linux VM where Docker is running is checked next. If neither of them have the path you requested, then the mount fails.
In your case, /var
is not exported by macOS. /var
exists in the Linux VM, but /var/folders
does not. Therefore, the path is not available, and the mount fails.
If you change the path to /private/var
, then it will succeed, because macOS exports the entire /private
filesystem tree for mounting.
In order to make things more portable, you may want to test which platform you are currently running on, and if it's macOS, prefix the mount path with /private
.
Solution 2 - Macos
With the new version 3.0.0 of Docker for mac, you need to disable use gRPC FUSE for file sharing in Preferences>Experimental Features.
Solution 3 - Macos
I had a similar problem where I had created a directory /var/tmp
in my Mac which I wanted to mount in my docker container.
Solved it by adding the directory path to a file as follows:
$ cat ~/Library/Group\ Containers/group.com.docker/settings.json
{
"filesharingDirectories" : [
"\/Users",
"\/Volumes",
"\/private",
"\/tmp",
"\/var\/tmp"
],
…
Now I could see the directory /var/tmp
in Docker->preference->resources->file sharing. Then I restarted the docker.
It then solved my mounting problem.
Solution 4 - Macos
As an alternative solution:
Change the path from /private/instance1-data:/home
to ./instance1-data:/home
In the *nix land and hence, Docker, the .
indicates the current directory. Since macOS is picky ang getting even pickier about sandboxing, this seems like a viable solution for macOS. Just create the folder needed for instance1
in the same directory.
Another advantage of this solution is that it removes the need to run docker-compose
with sudo
. Regardless, it causes no harm in this case but still, that's a plus.
Solution 5 - Macos
Solution 6 - Macos
uninstall version 20 and download old version stable https://desktop.docker.com/mac/stable/48506/Docker.dmg
Solution 7 - Macos
As an example, using Portainer, this command works for me:
docker run -d --restart unless-stopped -p 9000:9000 \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /var:/data portainer/portainer --no-auth
But, if I vary the -v /var:/data
at all, it won't work. I think (but not sure) that its because Docker is trying to do a mkdir. So, if I try to mount -v /var/whatever:/data
, mkdir fails because not enough permission, and it doesn't work.
I have 2 Mac's (High Sierra) and I tried it on both. Same problem. Also, I tried using Docker Beta channel. I think I understand Dan Lowe's answer: I'll update this answer if that works for me.
UPDATE:
Now this works. NOTE: I configured docker to allow permission to /var/tmp
docker run -d --restart unless-stopped -p 9000:9000 \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /var/tmp/data:/data portainer/portainer --no-auth
Solution 8 - Macos
In the current latest version ( Docker 3.0.2 ), in macos, you must allowed directory for read docker:
Solution 9 - Macos
My issue fixed when I removed the project Path from File Sharing in docker preferences and restart the docker, Then add the project file path again.
Solution 10 - Macos
you have to add both /private/var/tmp and /var/tmp to resolve issue
Solution 11 - Macos
If you're still having this issue on MAC try adding: $PWD
Add $PWD before your local file directory path like so: docker run -v $PWD/folders/:/path/to/directory.
Solution 12 - Macos
if you can't see a folder on mac unhide hiden by opening terminal and type:
defaults write com.apple.Finder AppleShowAllFiles YES
then relaunch finder by holding alt and right clicking (two finger) on the finder and select relaunch then click on "finder" next to file in the menu bar, click preferences add a check in the hard disks under show these items on the desktop then side bar check the hard disks there too then go to the hidden folder and drag it to your favorites and it will show up in the docker> preferences > resources > file sharing > + window
Solution 13 - Macos
For netcoreapp ensure you have shared /usr/local/share/