search

docker / for-mac

Bug reports for Docker Desktop for Mac
https://www.docker.com/products/docker#/mac
2.42k stars 116 forks source link

(hang) Docker would like to access data from other apps #7179

Open rfay opened 5 months ago

rfay commented 5 months ago

Description

At least two times in the last week one of our DDEV Docker Desktop test runners has hung early in a test. When visiting it to find out what's wrong, we find a modal dialog saying "Docker" would like to access data from other apps:

image

This, of course, has blocked the test for 21 hours :(

Why is this, and what can be done about it?

Reproduce

Use Docker Desktop 4.27.1

Expected behavior

Modal dialogs are unwelcome

docker version

Client:
 Cloud integration: v1.0.35+desktop.10
 Version:           25.0.2
 API version:       1.44
 Go version:        go1.21.6
 Git commit:        29cf629
 Built:             Thu Feb  1 00:18:45 2024
 OS/Arch:           darwin/arm64
 Context:           desktop-linux

Server: Docker Desktop 4.27.1 (136059)
 Engine:
  Version:          25.0.2
  API version:      1.44 (minimum version 1.24)
  Go version:       go1.21.6
  Git commit:       fce6e0c
  Built:            Thu Feb  1 00:23:21 2024
  OS/Arch:          linux/arm64
  Experimental:     false
 containerd:
  Version:          1.6.28
  GitCommit:        ae07eda36dd25f8a1b98dfbf587313b99c0190bb
 runc:
  Version:          1.1.12
  GitCommit:        v1.1.12-0-g51d5e94
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

docker info

Client:
 Version:    25.0.2
 Context:    desktop-linux
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.12.1-desktop.4
    Path:     /Users/testbot/.docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.24.3-desktop.1
    Path:     /Users/testbot/.docker/cli-plugins/docker-compose
  debug: Get a shell into any image or container. (Docker Inc.)
    Version:  0.0.22
    Path:     /Users/testbot/.docker/cli-plugins/docker-debug
  dev: Docker Dev Environments (Docker Inc.)
    Version:  v0.1.0
    Path:     /Users/testbot/.docker/cli-plugins/docker-dev
  extension: Manages Docker extensions (Docker Inc.)
    Version:  v0.2.21
    Path:     /Users/testbot/.docker/cli-plugins/docker-extension
  feedback: Provide feedback, right in your terminal! (Docker Inc.)
    Version:  v1.0.4
    Path:     /Users/testbot/.docker/cli-plugins/docker-feedback
  init: Creates Docker-related starter files for your project (Docker Inc.)
    Version:  v1.0.0
    Path:     /Users/testbot/.docker/cli-plugins/docker-init
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
    Version:  0.6.0
    Path:     /Users/testbot/.docker/cli-plugins/docker-sbom
  scout: Docker Scout (Docker Inc.)
    Version:  v1.3.0
    Path:     /Users/testbot/.docker/cli-plugins/docker-scout
WARNING: Plugin "/Users/testbot/.docker/cli-plugins/docker-scan" is not valid: failed to fetch metadata: fork/exec /Users/testbot/.docker/cli-plugins/docker-scan: no such file or directory

Server:
 Containers: 4
  Running: 3
  Paused: 0
  Stopped: 1
 Images: 23
 Server Version: 25.0.2
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: ae07eda36dd25f8a1b98dfbf587313b99c0190bb
 runc version: v1.1.12-0-g51d5e94
 init version: de40ad0
 Security Options:
  seccomp
   Profile: unconfined
  cgroupns
 Kernel Version: 6.6.12-linuxkit
 Operating System: Docker Desktop
 OSType: linux
 Architecture: aarch64
 CPUs: 8
 Total Memory: 5.79GiB
 Name: docker-desktop
 ID: 73d69195-e523-4482-8e7e-04e5a3b1b5fd
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Experimental: false
 Insecure Registries:
  hubproxy.docker.internal:5555
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: daemon is not using the default seccomp profile
macstadium-m1-1:~ testbot$

Diagnostics ID

358979A2-0D9F-4631-894B-EA8807C2A1EE/20240208140604

Additional Info

Diagnostic ID took forever to get.

I did a purge data after this latest event.

rfay commented 5 months ago

Now on the same machine I have another blocking modal:

image

Could we make these modals non-blocking?

rfay commented 4 months ago

Still the same on 4.28.0

toddkaufmann commented 1 month ago

I am receiving this as well.

This is an OSX "feature", not (strictly) a docker issue. For example, if you run find ~/ -print you will get a popup saying "Terminal would like to ..." and it might be your contacts, calendar, reminders, etc. (or all of the above). This setting should be persistent (I don't get such popups anymore since I allowed it years(?) ago). In this case the find process will appear to hang until you respond to the dialog.

I just updated from 14.0 to 14.5 Sonoma and received this popup. I waited two days before responding to this popup, as it wasn't affecting me--I don't use docker desktop, just docker and generally close the window after I reboot every couple of months.

Didn't affect me: the containers I had set to autostart have been running since boot, so I suspect it was something in the UI like scanning for default shares perhaps. Right after clicking "Allow" to this popup, I immediately got the same dialog for PyCharm, like it was right behind it. I've also been running PyCharm for a couple days with no noticable impact.

The only technical info (i.e. not a similar complaint for every other app X) I could readily find is the following from a developer who is trying to get his app to avoid this issue as well. Not an Apple developer myself, so don't know/care any further really.

https://developer.apple.com/forums/thread/742147

There was some change, or permissions were forgotten / need to be updated, and should be remembered for next time. I suspect a minor permissions policy change in going to 14.5, or less plausible app signing key / permission changes (or loss/corruption, but just for these two apps(?)).
I'll see what happens next time I reboot, hopefully not for a couple months.

TLDR: all speciulation, my anecdotal evidence; read link for technical info that maybe explains it. [edit to fix typo]