I use a company-managed MacBook which has policies for setting up firewall rules, so I cannot run the suggested socketfilterfw commands.
Then, every time I run minikube start with --driver=qemu --network=socket_vmnet, it tries to run the commands because it can't find /usr/libexec/bootpd in the output of /usr/libexec/ApplicationFirewall/socketfilterfw --listapps.
The commands seem to be successful, but it's a false-positive, since MacOS returns exit code 0 when managing socketfilterfw is blocked.
❯ sudo /usr/libexec/ApplicationFirewall/socketfilterfw --add /usr/libexec/bootpd
Firewall settings cannot be modified from command line on managed Mac computers.
❯ echo $?
0
However, it does seem like /usr/libexec/bootpd is allowed to receive incoming connections. Here's why:
It is on an exceptions list in /usr/libexec/ApplicationFirewall/com.apple.alf.plist along with some other system services like mDNSResponder. I'm unsure if this is specific to my OS installation.
If I build minikube with the bootpd-related checks in cmd/minikube/cmd/start.go commented out, the commands are not executed and I don't see any errors related to IP assignment. I'm also able to SSH into the VM and minikube ip shows a local IP address.
The logs (atttached) shows it is able to get an IP for the VM from /var/db/dhcpd_leases.
That being said, I'd like to, first, understand if there are any other avenues for checking if bootpd is indeed working fine. It seems to me that we could delay the firewall rules checking to when/if we stumble upon an IP-related error. Happy to suggest a patch!
I'll also follow up on this after I have some time to install a clean version of MacOS in a VM to see if these exceptions in the com.apple.alf.plist file are there by default.
Attach the log file
I0920 21:18:32.337986 89934 main.go:141] libmachine: Attempt 8
I0920 21:18:32.338053 89934 main.go:141] libmachine: Searching for 62:e0:94:7:97:3e in /var/db/dhcpd_leases ...
I0920 21:18:32.338682 89934 main.go:141] libmachine: Found 9 entries in /var/db/dhcpd_leases!
I0920 21:18:32.338889 89934 main.go:141] libmachine: dhcp entry: {Name:minikube IPAddress:192.168.105.7 HWAddress:62:e0:94:7:97:3e ID:1,62:e0:94:7:97:3e Lease:0x66ef6256}
I0920 21:18:32.338894 89934 main.go:141] libmachine: Found match: 62:e0:94:7:97:3e
I0920 21:18:32.339005 89934 main.go:141] libmachine: IP: 192.168.105.7
I0920 21:18:32.340231 89934 main.go:141] libmachine: Waiting for VM to start (ssh -p 22 docker@192.168.105.7)...
I0920 21:18:33.378334 89934 machine.go:93] provisionDockerMachine start ...
Operating System
macOS (Default)
Driver
QEMU
### Tasks
- [ ] Spin up a VM with a clean installation of MacOS to check if `bootpd` is in `com.apple.alf.plist`.
What Happened?
I use a company-managed MacBook which has policies for setting up firewall rules, so I cannot run the suggested
socketfilterfw
commands.Then, every time I run
minikube start
with--driver=qemu --network=socket_vmnet
, it tries to run the commands because it can't find/usr/libexec/bootpd
in the output of/usr/libexec/ApplicationFirewall/socketfilterfw --listapps
.The commands seem to be successful, but it's a false-positive, since MacOS returns exit code 0 when managing
socketfilterfw
is blocked.However, it does seem like
/usr/libexec/bootpd
is allowed to receive incoming connections. Here's why:exceptions
list in/usr/libexec/ApplicationFirewall/com.apple.alf.plist
along with some other system services likemDNSResponder
. I'm unsure if this is specific to my OS installation.minikube
with the bootpd-related checks incmd/minikube/cmd/start.go
commented out, the commands are not executed and I don't see any errors related to IP assignment. I'm also able to SSH into the VM andminikube ip
shows a local IP address./var/db/dhcpd_leases
.That being said, I'd like to, first, understand if there are any other avenues for checking if bootpd is indeed working fine. It seems to me that we could delay the firewall rules checking to when/if we stumble upon an IP-related error. Happy to suggest a patch!
I'll also follow up on this after I have some time to install a clean version of MacOS in a VM to see if these exceptions in the
com.apple.alf.plist
file are there by default.Attach the log file
Operating System
macOS (Default)
Driver
QEMU