How is /var/run/docker.sock created on Mac if docker daemon runs in hyperkit vm on linux?

Hi everyone!

Looking at how Docker for Mac works under the hood I see that docker daemon is running under hyperkit vm but how does it works to expose /var/run/docker.sock in macOS? What if I launch my own hyperkit vm with docker outside of docker for mac and want to access docker daemon with my docker client. How to it in a proper way than?

1 Like

I have same question, so dig it a little bit, i am still confused.

[EDIT] finally i got some hint: /var/run/docker.sock is created as a symbol link to /Users/q/Library/Containers/com.docker.docker/Data/s60 (seems variable) which in turn is listened by com.docker.driver.amd64-linux

$ ll /var/run/docker.sock 
lrwxr-xr-x  1 root  daemon  54 Jun 12 01:24 /var/run/docker.sock@ -> /Users/q/Library/Containers/com.docker.docker/Data/s60
$ ps -ef |grep 21575
  501 21575   649   0  3:25PM ??         0:03.17 com.docker.driver.amd64-linux -db /Users/q/Library/Containers/com.docker.docker/Data/s40 -osxfs-volume /Users/q/Library/Containers/com.docker.docker/Data/s30 -slirp /Users/q/Library/Containers/com.docker.docker/Data/s50 -vmnet /var/tmp/com.docker.vmnetd.socket -port /Users/q/Library/Containers/com.docker.docker/Data/s51 -vsock /Users/q/Library/Containers/com.docker.docker/Data -docker /Users/q/Library/Containers/com.docker.docker/Data/s60 -addr fd:3 -debug

[OLD post]

I have used opensnoop.d to watch any file access for docker, but not found things like docker.sock. Maybe i should use other tools.

Also, i have checked who is opening /var/run/docker.sock, but no found.

$ sudo lsof -U | grep docker
launchd       1           root   41u  unix 0x87ae12029ad00ced      0t0      /var/tmp/com.docker.vmnetd.socket
com.docke    82           root    4u  unix 0x87ae12029ad00ced      0t0      /var/tmp/com.docker.vmnetd.socket
com.docke   649              q    6u  unix 0x87ae1202a5e4338d      0t0      /Users/q/Library/Containers/com.docker.docker/Data/s40
com.docke   649              q    9u  unix 0x87ae1202a5e43455      0t0      /Users/q/Library/Containers/com.docker.docker/Data/*00000002.000005f4
com.docke 21580              q   11u  unix 0x87ae1202b233400d      0t0      /Users/q/Library/Containers/com.docker.docker/Data/@connect
docker    22881              q    4u  unix 0x87ae1202a7699775      0t0      ->0x87ae1202a7699f45

Besides, from this post,
It ever use /var/tmp/docker.sock, but not anymore now. Using ps in Mac side to check command line of Docker for Mac still gave me no hint.

Another thing is /sbin/proxy-vsockd (in docker host mobby), maybe this is concerned with docker.sock?

I entered mobby with following command;

docker run --rm -it --privileged --userns=host --pid=host ubuntu nsenter --target=1 --uts --ipc --net --mount


moby:/# ps -ef |grep vsockd
 1749 root       0:00 /sbin/proxy-vsockd -vsockPort 62373 -hvGuid 0B95756A-9985-48AD-9470-78E060895BE7
 4998 root       0:00 grep vsockd

Another strange thing is that mobby’s lsof command is a lier, it does not clearlly report usage of /var/run/docker.sock which actually used by dockerd.

I’v used ubuntu’s lsof, it does show that dockerd is using /var/run/docker.sock.

docker run --rm -it --privileged --userns=host --user 0 --pid=host osexp2000/ubuntu-non-root-with-utils nsenter --target=1 --uts --ipc --net lsof |grep docker.sock
dockerd   1893                  root    3u     unix 0x0000000000000000      0t0      13634 /var/run/docker.sock type=STREAM
dockerd   1893                  root   11u     unix 0x0000000000000000      0t0      14140 /var/run/docker.sock type=STREAM

I don’t know how Docker for Mac forward /var/run/docker.sock to mobby’s one.

it looks like virtual sockets (basically a feature of the hypervisor) are being used