Mounts denied. The paths ... are not shared from OS X and are not known to Docker

The command docker run -v /var/folders/zz/... produces the following error.

docker: Error response from daemon: Mounts denied: 
The paths /var/folders/zz/... and /var/folders/zz/...
are not shared from OS X and are not known to Docker.
You can configure shared paths from Docker -> Preferences... -> File Sharing.

When I do open File Sharing, I see that /private is listed already.

If I attempt to add /var/folder/, it resolves to /private/var/folders, which is a subset of /private and hence the addition is rejected.

To summarize, it looks to me like the directory /var/folders/.. is shared by OS X as a subdirectory of /private and hence must be known to Docker. Any help on resolving this would be appreciated.

As an experiment, I replaced the /private in File Sharing with /private/var/folders and restarted the docker but the result did not change.

Just for a more complete reference, this is the .sh script, which runs this python script, which in turn runs the docker command.

Docker for Mac volume mounts behave differently than the base Docker system. This is mostly because Docker tries to comply with Apple's filesystem sandbox guidelines.

As shown in Docker's preferences, only certain paths are exported by macOS.

• /Users
• /Volumes
• /tmp
• /private

/var in macOS is a symbolic link into /private. That is also true for /tmp:

$ ls -ld /tmp /var
lrwxr-xr-x@ 1 root  wheel  11 Jan 26 16:18 /tmp -> private/tmp
lrwxr-xr-x@ 1 root  wheel  11 Jan 26 16:18 /var -> private/var

Why is /tmp listed in the sharing panel, but /var is not (even though both are a part of /private)? Docker for Mac's documentation about filesystem namespaces explains:

> By default, you can share files in /Users/, /Volumes/, /private/, and /tmp directly. To add or remove directory trees that are exported to Docker, use the File sharing tab in Docker preferences whale menu -> Preferences -> File sharing. (See Preferences.) > > All other paths used in -v bind mounts are sourced from the Moby Linux VM running the Docker containers, so arguments such as -v /var/run/docker.sock:/var/run/docker.sock should work as expected. If a macOS path is not shared and does not exist in the VM, an attempt to bind mount it will fail rather than create it in the VM. Paths that already exist in the VM and contain files are reserved by Docker and cannot be exported from macOS.

Note that /var/run is specifically mentioned here as a place that would be mounted from the Linux VM, instead of from macOS.

When you ask for a volume mount, macOS filesystem exports are checked first. If there is no match there, the Linux VM where Docker is running is checked next. If neither of them have the path you requested, then the mount fails.

In your case, /var is not exported by macOS. /var exists in the Linux VM, but /var/folders does not. Therefore, the path is not available, and the mount fails.

If you change the path to /private/var, then it will succeed, because macOS exports the entire /private filesystem tree for mounting.

In order to make things more portable, you may want to test which platform you are currently running on, and if it's macOS, prefix the mount path with /private.

With the new version 3.0.0 of Docker for mac, you need to disable use gRPC FUSE for file sharing in Preferences>Experimental Features.

I had a similar problem where I had created a directory /var/tmp in my Mac which I wanted to mount in my docker container.

Solved it by adding the directory path to a file as follows:

$ cat ~/Library/Group\ Containers/group.com.docker/settings.json  
{
  "filesharingDirectories" : [
    "\/Users",
    "\/Volumes",
    "\/private",
    "\/tmp",
    "\/var\/tmp"
  ],
…

Now I could see the directory /var/tmp in Docker->preference->resources->file sharing. Then I restarted the docker.

It then solved my mounting problem.

As an alternative solution:

Change the path from /private/instance1-data:/home to ./instance1-data:/home

In the *nix land and hence, Docker, the . indicates the current directory. Since macOS is picky ang getting even pickier about sandboxing, this seems like a viable solution for macOS. Just create the folder needed for instance1 in the same directory.

Another advantage of this solution is that it removes the need to run docker-compose with sudo. Regardless, it causes no harm in this case but still, that's a plus.

Pre-req : need to have 'docker desktop' installed, Follow steps mentioned in image:

uninstall version 20 and download old version stable https://desktop.docker.com/mac/stable/48506/Docker.dmg

As an example, using Portainer, this command works for me:

docker run -d --restart unless-stopped -p 9000:9000 \
 -v /var/run/docker.sock:/var/run/docker.sock \
 -v /var:/data portainer/portainer --no-auth

But, if I vary the -v /var:/data at all, it won't work. I think (but not sure) that its because Docker is trying to do a mkdir. So, if I try to mount -v /var/whatever:/data, mkdir fails because not enough permission, and it doesn't work.

I have 2 Mac's (High Sierra) and I tried it on both. Same problem. Also, I tried using Docker Beta channel. I think I understand Dan Lowe's answer: I'll update this answer if that works for me.

UPDATE:

Now this works. NOTE: I configured docker to allow permission to /var/tmp

docker run -d --restart unless-stopped -p 9000:9000 \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v /var/tmp/data:/data portainer/portainer --no-auth

In the current latest version ( Docker 3.0.2 ), in macos, you must allowed directory for read docker:

My issue fixed when I removed the project Path from File Sharing in docker preferences and restart the docker, Then add the project file path again.

you have to add both /private/var/tmp and /var/tmp to resolve issue

If you're still having this issue on MAC try adding: $PWD

Add $PWD before your local file directory path like so: docker run -v $PWD/folders/:/path/to/directory.

if you can't see a folder on mac unhide hiden by opening terminal and type:

defaults write com.apple.Finder AppleShowAllFiles YES

then relaunch finder by holding alt and right clicking (two finger) on the finder and select relaunch then click on "finder" next to file in the menu bar, click preferences add a check in the hard disks under show these items on the desktop then side bar check the hard disks there too then go to the hidden folder and drag it to your favorites and it will show up in the docker> preferences > resources > file sharing > + window

For netcoreapp ensure you have shared /usr/local/share/