search

docker / for-mac

Bug reports for Docker Desktop for Mac
https://www.docker.com/products/docker#/mac
2.43k stars 118 forks source link

Restrictions on privileges results in broken Desktop app when updating #7099

Open nick-youngblut opened 10 months ago

nick-youngblut commented 10 months ago

Description

The IT of my company installed the Privileges app (see attached) on my Macbook Pro (M2; Ventura 13.3), which restricts privileges, unless I open the app and request full admin privileges.

Apparently due to this restriction in privileges, updating the Docker desktop app on my Macbook results in a broken app (see also this discussion on the Docker forum).

None of the app data is corrupted/deleted, so the issue is "fixed" once I re-download and re-install the app (after requesting privileges).

However, I always have to remember to request admin privileges via the Privileges app on my macbook prior to updating the desktop app; otherwise, I end up with a broken app, which is frustrating.

Screenshot 2023-12-04 at 6 01 53 PM

Reproduce

Restrict privileges via the Privileges app and attempt to update the Desktop app. The update will fail, and the app will be broken.

Expected behavior

No response

docker version

Client:
 Cloud integration: v1.0.35+desktop.5
 Version:           24.0.6
 API version:       1.43
 Go version:        go1.20.7
 Git commit:        ed223bc
 Built:             Mon Sep  4 12:28:49 2023
 OS/Arch:           darwin/arm64
 Context:           desktop-linux

Server: Docker Desktop 4.25.2 (129061)
 Engine:
  Version:          24.0.6
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.20.7
  Git commit:       1a79695
  Built:            Mon Sep  4 12:31:36 2023
  OS/Arch:          linux/arm64
  Experimental:     false
 containerd:
  Version:          1.6.22
  GitCommit:        8165feabfdfe38c65b599c4993d227328c231fca
 runc:
  Version:          1.1.8
  GitCommit:        v1.1.8-0-g82f18fe
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

docker info

Client:
 Version:    24.0.6
 Context:    desktop-linux
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.11.2-desktop.5
    Path:     /Users/nickyoungblut/.docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.23.0-desktop.1
    Path:     /Users/nickyoungblut/.docker/cli-plugins/docker-compose
  dev: Docker Dev Environments (Docker Inc.)
    Version:  v0.1.0
    Path:     /Users/nickyoungblut/.docker/cli-plugins/docker-dev
  extension: Manages Docker extensions (Docker Inc.)
    Version:  v0.2.20
    Path:     /Users/nickyoungblut/.docker/cli-plugins/docker-extension
  init: Creates Docker-related starter files for your project (Docker Inc.)
    Version:  v0.1.0-beta.9
    Path:     /Users/nickyoungblut/.docker/cli-plugins/docker-init
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
    Version:  0.6.0
    Path:     /Users/nickyoungblut/.docker/cli-plugins/docker-sbom
  scan: Docker Scan (Docker Inc.)
    Version:  v0.26.0
    Path:     /Users/nickyoungblut/.docker/cli-plugins/docker-scan
  scout: Docker Scout (Docker Inc.)
    Version:  v1.0.9
    Path:     /Users/nickyoungblut/.docker/cli-plugins/docker-scout

Server:
 Containers: 2
  Running: 0
  Paused: 0
  Stopped: 2
 Images: 9
 Server Version: 24.0.6
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc io.containerd.runc.v2
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 8165feabfdfe38c65b599c4993d227328c231fca
 runc version: v1.1.8-0-g82f18fe
 init version: de40ad0
 Security Options:
  seccomp
   Profile: unconfined
  cgroupns
 Kernel Version: 6.4.16-linuxkit
 Operating System: Docker Desktop
 OSType: linux
 Architecture: aarch64
 CPUs: 6
 Total Memory: 7.661GiB
 Name: linuxkit-b2613657480e
 ID: be47f74f-6d84-429b-af59-ccbf98fe67fb
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Experimental: false
 Insecure Registries:
  hubproxy.docker.internal:5555
  127.0.0.0/8
 Live Restore Enabled: false

Diagnostics ID

89843810-FDC2-49AB-A88F-C5A1813917B0/20231205020517

Additional Info

No response

dev-pulitros commented 7 months ago

I have the same issue when using EPM-M(BeyondTrust) on my MAC computer as wells, since both are a privilege restriction apps, its seems to be something that only afects the update part of the Docker.app

ragingdave commented 7 months ago

I also have this issue but don't have any privilege based apps on my M1 mac....each update just corrupts the installed version on updating, and even reinstalling from the downloaded dmg results in being a version behind for some reason.

seeruk commented 6 months ago

I'm experiencing this, but I'm simply not using an admin user. I have access to an admin user for when I need it, but it seems the Docker for Mac app doesn't ask for admin credentials to run the update. I just have to manually re-download Docker periodically...

dstevick41 commented 2 months ago

Same behavior with the 4.33.0 update with MacBook Pro M2. Have to delete the app, find the new update on the Docker site (note the download for Mac with Apple silicon downloads the previous version), then manually install the update.