Two of the tools in my container toolkit stopped working at some point recently. To demonstrate the issue, I first make sure that I have an image pulled locally.
bg@Bills-MBP ~ % docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
golang 1.22 824aa3c1d42c 10 days ago 830MB
demo latest cf12555b1219 10 days ago 830MB
The first tool, Dive, started producing errors like this.
bg@Bills-MBP tmp % dive demo
Image Source: docker://demo
Fetching image... (this can take a while for large images)
Handler not available locally. Trying to pull 'demo'...
Using default tag: latest
Error response from daemon: pull access denied for demo, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
cannot fetch image
exit status 1
The image was present locally and the docker daemon definitely running. I logged out, logged in again and tried different accounts. When I first hit this error I assumed that this was an issue with Dive. The workaround I used was to export the image to a .tar file and then use dive to browse the disk image. But then I hit this error with Trivy.
bg@Bills-MBP tmp % trivy image demo
2024-04-13T18:55:38.612+0100 INFO Vulnerability scanning is enabled
2024-04-13T18:55:38.612+0100 INFO Secret scanning is enabled
2024-04-13T18:55:38.612+0100 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-04-13T18:55:38.612+0100 INFO Please see also https://aquasecurity.github.io/trivy/v0.50/docs/scanner/secret/#recommendation for faster secret detection
2024-04-13T18:55:39.917+0100 FATAL image scan error: scan error: unable to initialize a scanner: unable to initialize an image scanner: 4 errors occurred:
* docker error: unable to inspect the image (demo): Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
* containerd error: containerd socket not found: /run/containerd/containerd.sock
* podman error: unable to initialize Podman client: no podman socket found: stat podman/podman.sock: no such file or directory
* remote error: GET https://index.docker.io/v2/library/demo/manifests/latest: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:library/demo Type:repository]]
Something didn’t seem right. For two popular tools to stop working with Docker Desktop on the Mac I’d expect there to be more noise about recent Docker updates. But I could find nothing.
Screenshot showing the advanced settings screen for Docker Desktop on the Mac. The Allow the default Docker socket to be used (requires password) setting was disabled. You’ll want to enable it as shown here.
I checked and the socket appeared to be present but for some reason none of these tools could connect to it. This had to be an issue with Docker Desktop. Several days later I was poking around and found the ‘Allow the default Docker socket to be used’ setting on the Advanced Settings screen. Turning this on fixed everything. I’m now able to browse layers in local images using Dive and scan local images using Trivy.
If you are having issues with common tools and Docker Desktop on the Mac, take a look at the Advanced Settings screen to make sure you have Socket access enabled.