-
Notifications
You must be signed in to change notification settings - Fork 116
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docker.app requests unexpected permissions: 'Reminders' and 'Downloads folder' #4975
Comments
Thanks for the report. We found this before the release and we thought we'd fixed it. We'll have another look. |
Also strange that we've only had one report of this; there must be a corner case we haven't found. Do you have a repro case, e.g. a compose file or a set of containers that reliably exhibits the bug? |
I've only seen it once. I assume I won't be repeatedly asked by Docker to
give permission, after declining it once?
I had been using a network of containers: schickling/beanstalkd,
bitnami/redis, plus one for my work but I can't disclose too much from
there.
Sorry that I can't provide more useful info but I wasn't interacting with
Docker or any container at the time either of the permissions (Reminders or
Downloads) were requested.
…On Thu, Oct 8, 2020 at 10:18 AM Stephen Turner ***@***.***> wrote:
Also strange that we've only had one report of this; there must be a
corner case we haven't found. Do you have a repro case, e.g. a compose file
or a set of containers that reliably exhibits the bug?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#4975 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AIIUNSV5TA7ZI566MFXF2STSJV7YDANCNFSM4SHRLR6A>
.
|
Thanks @p487morgan, we've managed to reproduce this now and will have a fix soon. |
Great stuff. Thanks!
I have just seen another case: I took a screenshot (again, not whilst using
Docker or any containers) and immediately Docker requested permission to
access the Desktop (where the screenshot is saved).
…On Fri, Oct 9, 2020 at 2:59 PM Stephen Turner ***@***.***> wrote:
Thanks @p487morgan <https://github.com/p487morgan>, we've managed to
reproduce this now and will have a fix soon.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#4975 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AIIUNSQRAWWLYMWYAYJ6FVDSJ4JNPANCNFSM4SHRLR6A>
.
|
Can you try that build @p487morgan and give us some feedback please: |
Hey I tried to run it, but: |
I opened it anyway.. but it is stuck Starting :( |
Having reinstalled the stable version it's working as usual. I didn't get the request for permissions this time - looking in System Preferences->Security & Privacy->Privacy, I can see Docker has the relevant boxes (in Reminders, and Files & Folders) unchecked. I doubt I'll see the permissions popups again, with any install. |
I have also seen this same behavior. As far as a repro scenario I just came back from lunch and the request to access my reminders was on the screen when my Mac woke up. It was not there when I locked it to go to lunch. Similarly the request to access my Downloads folder also appeared to happen randomly. My Docker About shows I'm running 2.4.0.0(48506) with Engine 19.03.13. I'm running Mac OS Catalina 10.15.7. |
Just saw it myself - opening finder & then the calendar. |
I have had Docker for mac recently ask for permissions to Downloads, Reminders, Network shares, and just a minute ago my Desktop. I am not actively using anything docker related right now (it has k8s w/prometheus, but that is all) - it seems to just make these requests at random times, and doesn't appear to be as a result of anything that I am doing. Using 2.4.2.0/edge |
We believe this is fixed in 2.5.0.0. If not, please post a note on this ticket and I will reopen it. |
Thanks for the fix but I got a prompt to give docker access to my reminders. I am running 2.5.0.0 on macOS 10.15.7. |
Thanks for the note, @yoodame. Could you give steps to reproduce (such as your |
I just saw another prompt to allow access to my download folder while trying to download a file from a site (unrelated to docker or my local site). Unfortunately this is one of those wait for the prompt step. I did run a |
@ErikStammes Could you give steps to reproduce (such as your docker run command or compose.yml)? There's not much we can do without that. Thanks. |
@stephen-turner Not sure if it helps or not, but on the four occasions that this happened to me I was not even actively using docker or docker-desktop at the time. I think that's what is kind of alarming about these reqs for access - they don't appear related to anything the user is doing. At least two of the reqs that I received happened when I had left my computer and come back (and had not been using docker), so - I'm skeptical that the issue is anything triggered by user actions directly. I would try the newest docker - but mine is still reporting that 2.4.0.2 is the latest in the edge channel. Somewhere along the way it seems that stable has leapt ahead of the edge channel. |
@stephen-turner I can corroborate @blitzd 's report on this. I received the requests after returning to my machine after lunch and nothing was running in Docker. In all instances of getting the request for perms I had no containers running. Feels like the service itself is triggering something. |
If any of you see it again, could you please upload diagnostics and paste the diagnostics id here? Thank you. |
@stephen-turner I got the access prompt again this morning. This time asking access to my desktop folder while I was attempting to take a screen capture. I should mention I started Lando about 5 minutes prior to seeing this. Here's my diagnostics id 7D0FF2B9-54CC-4975-A7E8-DCFDA0918CD6/20201119163212. |
Thanks @yoodame. |
I just got a request to access Reminders after opening my laptop for the first time this morning. I hadn't run anything that should have triggered Docker in about 12 hours. I am running 2.5.0.0 on a Mac. I just installed the latest version of Lando yesterday. I did get a request for access to Documents yesterday, which I approved without thinking it through. |
Hi @yoodame I looked at the diagnostics and saw that you have a container that mount @RoloDMonkey can you send a diagnostic because I tried on my freshly installed big sur machine, the app (2.5.0.0) ran for 12h and I didn't get any popup. |
@ebriney Here is my Diagnostic ID: D6818DF0-1C0E-4340-AA7B-14182C12D20D/20201202181447 |
Thanks @RoloDMonkey, I looked in your diagnostic, same as @yoodame. |
However, even if we fix this case, it's worth emphasising again that you really shouldn't be sharing your whole home directory unless you need it, but rather just the directory containing your source code. We have to watch the whole of the shared directory and forward changes to the VM, which will cause unnecessary load. |
Heads-up: we fixed this in 3.0.0 but we are about to partially revert the fix because it caused far more trouble than the original bug did (see #5115). We will still exclude everything in We will see later whether we can get rid of the pop-ups another way, but the immediate solution is not to share the whole of |
In the end we have "fixed" this by adding a warning if you share your home folder or Library folder. This is in 3.0.2. |
Closed issues are locked after 30 days of inactivity. If you have found a problem that seems similar to this, please open a new issue. Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows. |
Expected behavior
Docker.app does not need permission for 'Reminders' or 'Downloads folder'
Actual behavior
Docker.app requests permissions for 'Reminders' and 'Downloads folder'
Information
macOS Version: 10.15.6 (19G2021)
Occurred after a recent update to latest version
Wasn't actively using Docker or any containers at the time. Some containers were idling in the background.
Diagnostic logs
Steps to reproduce the behavior
The text was updated successfully, but these errors were encountered: