I recently upgraded to an M1 Macbook Pro running macOS Monterey, and at first, Docker seemed to run fine. I was able to build my containers and do a lengthy database import.
A day later, when I started Docker, nothing happened for a minute, then I saw an error modal saying "Failed to ping backend API". The modal offered a few buttons such as resetting to factory defaults, but 1) I really didn't want to reset and lose my containers, including that lengthy database import, and 2) the buttons did not work anyway -- I got a beachball cursor if I tried to click them.
I quickly found this issue with lots of folks reporting the same problem. It was still open, with no progress in sight. There were several reported fixes, and I tried the ones that seemed possibly applicable to my case, mostly around giving Docker additional privileges through System Settings -> Privacy, including Full Disk Access, Automation control of Terminal.app, and Developer Tools. I continued to get the same error. Nothing was left except the brute-force approach of uninstalling Docker via command line, which again, I really didn't want to do.
I opened Console.app just to have a look at what happened when I launched Docker. As usual, a flood of output scrolled past, plenty of it from Docker. One snippet that caught my eye was this:
1 | unlocking leaked directory locks: 2 errors occurred: |
sd-playground is a source-controlled directory containing an application I
work on for my job at SpanishDict. It contains a
Dockerfile and a container is from it by our application stack. I was curious
why these subdirectories were singled out with this error, so I searched on
"mbr_uuid_to_id" and found...nothing very useful. The other part that grabbed
my eye was the mention of an ACL -- I
didn't see any reason these directories should have ACLs, as I've never used
that feature. I noticed something strange when I did ls -l
on them:
1 | $ ls -ld config |
The plus sign in the rightmost column stood out, so I searched on that and
found that it signifies the presence of
extended permissions called -- wait for it -- ACLs. Some more searching, and I
found that I could see the actual ACL with the -e
flag:
1 | $ ls -lde config |
Mostly, I wanted to remove the ACL since I saw no use for it, and figured it
might get rid of one problem bothering Docker. chmod 755 config
didn't do
it, but chmod -N
did the trick:
1 | $ chmod -N config |
I figured this was unlikely to fix Docker, but when I restarted Docker.app, to my surprise, it came up! Obviously, it would be helpful if Docker for Mac could surface errors like this for the end user, so they don't have to go spelunking in the system logs.