Docker: Mounts denied. The paths … are not shared from OS X and are not known to Docker

Question

The command docker run -v /var/folders/zz/... produces the following error.

docker: Error response from daemon: Mounts denied: 
The paths /var/f         


        

Answer 1

As an alternative solution:

Change the path from /private/instance1-data:/home to ./instance1-data:/home

In the *nix land and hence, Docker, the . indicates the current directory. Since macOS is picky ang getting even pickier about sandboxing, this seems like a viable solution for macOS. Just create the folder needed for instance1 in the same directory.

Another advantage of this solution is that it removes the need to run docker-compose with sudo. Regardless, it causes no harm in this case but still, that's a plus.

Answer 2

As an example, using Portainer, this command works for me:

docker run -d --restart unless-stopped -p 9000:9000 \
 -v /var/run/docker.sock:/var/run/docker.sock \
 -v /var:/data portainer/portainer --no-auth

But, if I vary the -v /var:/data at all, it won't work. I think (but not sure) that its because Docker is trying to do a mkdir. So, if I try to mount -v /var/whatever:/data, mkdir fails because not enough permission, and it doesn't work.

I have 2 Mac's (High Sierra) and I tried it on both. Same problem. Also, I tried using Docker Beta channel. I think I understand Dan Lowe's answer: I'll update this answer if that works for me.

Answer 3

My issue fixed similar to Arghya's. I just needed to remove the paths from file sharing and restart docker.

Answer 4

I had a similar problem where I had created a directory /var/tmp in my Mac which I wanted to mount in my docker container.

Solved it by adding the directory path to a file as follows:

$ cat ~/Library/Group\ Containers/group.com.docker/settings.json  
{
  "filesharingDirectories" : [
    "\/Users",
    "\/Volumes",
    "\/private",
    "\/tmp",
    "\/var\/tmp"
  ],
…

Now I could see the directory /var/tmp in Docker->preference->resources->file sharing. Then I restarted the docker.

It then solved my mounting problem.

Answer 5

For netcoreapp ensure you have shared /usr/local/share/

Answer 6

Docker for Mac volume mounts behave differently than the base Docker system. This is mostly because Docker tries to comply with Apple's filesystem sandbox guidelines.

As shown in Docker's preferences, only certain paths are exported by macOS.

• /Users
• /Volumes
• /tmp
• /private

/var in macOS is a symbolic link into /private. That is also true for /tmp:

$ ls -ld /tmp /var
lrwxr-xr-x@ 1 root  wheel  11 Jan 26 16:18 /tmp -> private/tmp
lrwxr-xr-x@ 1 root  wheel  11 Jan 26 16:18 /var -> private/var

Why is /tmp listed in the sharing panel, but /var is not (even though both are a part of /private)? Docker for Mac's documentation about filesystem namespaces explains:

By default, you can share files in /Users/, /Volumes/, /private/, and /tmp directly. To add or remove directory trees that are exported to Docker, use the File sharing tab in Docker preferences whale menu -> Preferences -> File sharing. (See Preferences.)

All other paths used in -v bind mounts are sourced from the Moby Linux VM running the Docker containers, so arguments such as -v /var/run/docker.sock:/var/run/docker.sock should work as expected. If a macOS path is not shared and does not exist in the VM, an attempt to bind mount it will fail rather than create it in the VM. Paths that already exist in the VM and contain files are reserved by Docker and cannot be exported from macOS.

Note that /var/run is specifically mentioned here as a place that would be mounted from the Linux VM, instead of from macOS.

When you ask for a volume mount, macOS filesystem exports are checked first. If there is no match there, the Linux VM where Docker is running is checked next. If neither of them have the path you requested, then the mount fails.

In your case, /var is not exported by macOS. /var exists in the Linux VM, but /var/folders does not. Therefore, the path is not available, and the mount fails.

If you change the path to /private/var, then it will succeed, because macOS exports the entire /private filesystem tree for mounting.

In order to make things more portable, you may want to test which platform you are currently running on, and if it's macOS, prefix the mount path with /private.