Skip to content

ENGDOCS-2372 #21769

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jan 9, 2025
+132 −0
Merged

ENGDOCS-2372 #21769

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
132 changes: 132 additions & 0 deletions content/manuals/desktop/cert-revoke-solution.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,132 @@
---
description: Learn how to resolve issues affecting macOS users of Docker Desktop, including startup problems and false malware warnings, with upgrade, patch, and workaround solutions.
keywords: Docker desktop, fix, mac, troubleshooting, macos, false malware warning, patch, upgrade solution
title: Resolve the recent Docker Desktop issue on macOS
linkTitle: Fix startup issue for Mac
weight: 220
---

This guide provides steps to address a recent issue affecting some macOS users of Docker Desktop. The issue may prevent Docker Desktop from starting and in some cases, may also trigger inaccurate malware warnings. For more details about the incident, see the [blog post](https://www.docker.com/blog/incident-update-docker-desktop-for-mac/).

> [!NOTE]
>
> Docker Desktop versions 4.28 and earlier are not impacted by this issue.

## Available solutions

There are a few options available depending on your situation:

### Upgrade to Docker Desktop version 4.37.2 (recommended)

Check warning on line 19 in content/manuals/desktop/cert-revoke-solution.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Docker.HeadingLength] Try to keep headings short (< 8 words).

Raw Output:
{"message": "[Docker.HeadingLength] Try to keep headings short (\u003c 8 words).", "location": {"path": "content/manuals/desktop/cert-revoke-solution.md", "range": {"start": {"line": 19, "column": 5}}}, "severity": "INFO"}

The recommended way is to upgrade to the latest Docker Desktop version which is version 4.37.2.

If possible, update directly through the app. If not, and you’re still seeing the malware pop-up, follow the steps below:

Check warning on line 23 in content/manuals/desktop/cert-revoke-solution.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Docker.RecommendedWords] Consider using 'following' instead of 'below'

Raw Output:
{"message": "[Docker.RecommendedWords] Consider using 'following' instead of 'below'", "location": {"path": "content/manuals/desktop/cert-revoke-solution.md", "range": {"start": {"line": 23, "column": 116}}}, "severity": "INFO"}

1. Kill the Docker process that cannot start properly:
```console
$ sudo launchctl bootout system/com.docker.vmnetd 2>/dev/null || true
$ sudo launchctl bootout system/com.docker.socket 2>/dev/null || true

$ sudo rm /Library/PrivilegedHelperTools/com.docker.vmnetd || true
$ sudo rm /Library/PrivilegedHelperTools/com.docker.socket || true

$ ps aux | grep docker | awk '{print $2}' | sudo xargs kill -9 2>/dev/null
```

2. Make sure the malware pop-up is permanently closed.

3. [Download and install version 4.37.2](/manuals/desktop/release-notes.md#4372).

4. Launch Docker Desktop. A privileged pop-up message displays after 5 to 10 seconds.

5. Enter your password.

You should now see the Docker Desktop Dashboard.

### Install a patch if you have version 4.34 - 4.36

Check warning on line 46 in content/manuals/desktop/cert-revoke-solution.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Docker.HeadingLength] Try to keep headings short (< 8 words).

Raw Output:
{"message": "[Docker.HeadingLength] Try to keep headings short (\u003c 8 words).", "location": {"path": "content/manuals/desktop/cert-revoke-solution.md", "range": {"start": {"line": 46, "column": 5}}}, "severity": "INFO"}
Copy link
Contributor

@gtardif gtardif Jan 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
### Install a patch if you have version 4.34 - 4.36
### Install a patch if you want to continue using Desktop version 4.34 - 4.36

Maybe, to make it clearer that the recommended option is to update to 4.37.2?


If you can’t upgrade to the latest version and you’re seeing the malware pop-up, follow the steps below:

Check warning on line 48 in content/manuals/desktop/cert-revoke-solution.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Docker.RecommendedWords] Consider using 'following' instead of 'below'

Raw Output:
{"message": "[Docker.RecommendedWords] Consider using 'following' instead of 'below'", "location": {"path": "content/manuals/desktop/cert-revoke-solution.md", "range": {"start": {"line": 48, "column": 99}}}, "severity": "INFO"}

1. Kill the Docker process that cannot start properly:
```console
$ sudo launchctl bootout system/com.docker.vmnetd 2>/dev/null || true
$ sudo launchctl bootout system/com.docker.socket 2>/dev/null || true

$ sudo rm /Library/PrivilegedHelperTools/com.docker.vmnetd || true
$ sudo rm /Library/PrivilegedHelperTools/com.docker.socket || true

$ ps aux | grep docker | awk '{print $2}' | sudo xargs kill -9 2>/dev/null
```

2. Make sure the malware pop-up is permanently closed.

3. [Download and install the patched installer](/manuals/desktop/release-notes.md) that matches your current base version. For example if you have version 4.36.0, install 4.36.1.

4. Launch Docker Desktop. A privileged pop-up message displays after 5 to 10 seconds.

5. Enter your password.

You should now see the Docker Desktop Dashboard.

### Wait for a patch for versions 4.32 - 4.33

Check warning on line 71 in content/manuals/desktop/cert-revoke-solution.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Docker.HeadingLength] Try to keep headings short (< 8 words).

Raw Output:
{"message": "[Docker.HeadingLength] Try to keep headings short (\u003c 8 words).", "location": {"path": "content/manuals/desktop/cert-revoke-solution.md", "range": {"start": {"line": 71, "column": 5}}}, "severity": "INFO"}

For versions 4.32 - 4.33, a patch fix is in progress. If you need an immediate solution, you can use the following workaround:
Copy link
Contributor

@gtardif gtardif Jan 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we communicate this tomorrow, we might have the patch release already available, that would make the message simpler


1. Kill the Docker process that cannot start properly:
```console
$ sudo launchctl bootout system/com.docker.vmnetd 2>/dev/null || true
$ sudo launchctl bootout system/com.docker.socket 2>/dev/null || true

$ sudo rm /Library/PrivilegedHelperTools/com.docker.vmnetd || true
$ sudo rm /Library/PrivilegedHelperTools/com.docker.socket || true

$ ps aux | grep docker | awk '{print $2}' | sudo xargs kill -9 2>/dev/null
```

2. Download and install a re-signed installer matching your exact version of Docker Desktop from the [Release notes](/manuals/desktop/release-notes.md).

3. Install new binaries:

```console
$ sudo cp /Applications/Docker.app/Contents/Library/LaunchServices/com.docker.vmnetd /Library/PrivilegedHelperTools/
$ sudo cp /Applications/Docker.app/Contents/MacOS/com.docker.socket /Library/PrivilegedHelperTools/
```

4. Launch Docker Desktop. A privileged pop-up message displays after 5 to 10 seconds.

5. Enter your password.

You should now see the Docker Desktop Dashboard.

## MDM script

Check warning on line 101 in content/manuals/desktop/cert-revoke-solution.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Docker.HeadingSentenceCase] Use sentence case for headings: 'MDM script'.

Raw Output:
{"message": "[Docker.HeadingSentenceCase] Use sentence case for headings: 'MDM script'.", "location": {"path": "content/manuals/desktop/cert-revoke-solution.md", "range": {"start": {"line": 101, "column": 4}}}, "severity": "WARNING"}

If you are an IT administrator, you can use the following script as a workaround for your developers if they have a re-signed version of Docker Desktop version 4.35 or later.

Check warning on line 103 in content/manuals/desktop/cert-revoke-solution.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Docker.Acronyms] 'IT' has no definition.

Raw Output:
{"message": "[Docker.Acronyms] 'IT' has no definition.", "location": {"path": "content/manuals/desktop/cert-revoke-solution.md", "range": {"start": {"line": 103, "column": 15}}}, "severity": "WARNING"}

```console
#!/bin/bash

# Stop the docker services
echo "Stopping Docker..."
sudo pkill [dD]ocker

# Stop the vmnetd service
echo "Stopping com.docker.vmnetd service..."
sudo launchctl bootout system /Library/LaunchDaemons/com.docker.vmnetd.plist

# Stop the socket service
echo "Stopping com.docker.socket service..."
sudo launchctl bootout system /Library/LaunchDaemons/com.docker.socket.plist

# Remove vmnetd binary
echo "Removing com.docker.vmnetd binary..."
sudo rm -f /Library/PrivilegedHelperTools/com.docker.vmnetd

# Remove socket binary
echo "Removing com.docker.socket binary..."
sudo rm -f /Library/PrivilegedHelperTools/com.docker.socket

# Install new binaries
echo "Install new binaries..."
sudo cp /Applications/Docker.app/Contents/Library/LaunchServices/com.docker.vmnetd /Library/PrivilegedHelperTools/
sudo cp /Applications/Docker.app/Contents/MacOS/com.docker.socket /Library/PrivilegedHelperTools/
```