Just run this from your Mac terminal and it'll drop you in a container with full permissions on the Moby VM. This also works for Docker for Windows for getting in Moby Linux VM (doesn't work for Windows Containers).
docker run -it --rm --privileged --pid=host justincormack/nsenter1
more info: https://github.com/justincormack/nsenter1
Note this isn't a list of commands to run in order. The first one gets you in the VM (hit return twice to see a prompt). Then other commands are for managing that connection. Not a great CLI expirence but gets the job done. Using the ctrl- options prevents garbled text on reconnect.
connect to tty on Docker for Mac VM
screen ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty
disconnect that session but leave it open in background
Ctrl-a d
list that session that's still running in background
screen -ls
reconnect to that session (don't open a new one, that won't work and 2nd tty will give you garbled screen)
screen -r
kill this session (window) and exit
Ctrl-a k
docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i sh
Phil Estes (Docker Maintainer) says:
it’s running a container (using the debian image..nothing special about it other than it apparently has
nsenter
installed), with pid=host (so you are in the process space of the mini VM running Docker4Mac), and then nsenter says “whatever is pid 1, use that as context, and enter all the namespaces of that, and run a shell there"
docker run -it --rm --privileged --pid=host justincormack/nsenter1
Justin Says:
Personally I mostly use screen, but then I also use the above too. That's my minimal nsenter image.
https://forums.docker.com/t/host-path-of-volume/12277
docker run --rm -it -v /:/vm-root alpine:edge ls -l /vm-root