Issue with MacOS example

[enzofrnt]

Description

I'm getting an error by following an example on Mac M1.

Steps to reproduce the issue:
https://github.com/linuxkit/linuxkit/blob/master/examples/docker-for-mac.md

In the first place, I have needed to modify the first original command by adding -arch amd64, so the example need an update.

Describe the results you received:

There is an issue when I execute this command :
linuxkit run hyperkit --networking=vpnkit --vsock-ports=2376 --disk size=4096M --data-file ./metadata.json --iso --uefi docker-for-mac-efi

ISSUE :
Error: Cannot open UEFI firmware file (/Applications/Docker.app/Contents/Resources/uefi/UEFI.fd): stat /Applications/Docker.app/Contents/Resources/uefi/UEFI.fd: no such file or directory 2023/11/09 18:56:09 error during command execution: Cannot open UEFI firmware file (/Applications/Docker.app/Contents/Resources/uefi/UEFI.fd): stat /Applications/Docker.app/Contents/Resources/uefi/UEFI.fd: no such file or directory

And there is no information about using this example on Mac M1.

Describe the results you expected:

Be able to follow this example on any MacOS device, intel and Apple Silicon.

[deitch]

Good point. The UEFI.fd file used to ship with Docker-for-Mac (d4m), but it hasn't in quite some time. Docker4Mac does not, I believe, use hyperkit anymore; instead it uses virtualization.framework.

To be fair, that docker-for-mac.md is far from what you actually get in the d4m desktop. Most of that is closed-source, except for the docker client and docker engine. All of the desktop stuff around it - including the build of the VM - is closed source, even as it uses OSS tools (like linuxkit).

We may just need to remove the example.

[enzofrnt]

Hi @deitch thanks you for your answer.
So that mean that not possible to modify correctly the linuxkit VM under Docker Desktop ?

I'm block by the networking restrictions on the original version. I would like to made direct bridge between interface of MacOS and interface of linux Kit. So that impossible ??

My goal is to use IPVLAN to give IP from my LAN to my container:

Impossible ? 🥲
Or any workaround any possible functionality to do it ?

That lock a lot of potential of docker networking.

[deitch]

You could do docker run --network=host, but that doesn't give unique IPs to each container; it just runs processes on the host. The other docker alternative is bridge (the default), where each container gets its own IP, but it is bridged.

You are looking for something in the middle: each container is on the host network, but gets its own IP, hence IPVLAN. However, even if docker supported it, I do not think that the docker VM even sits on the host network. When you do --network=host, it ends up connecting it through specifically for that container. I do not recall the details exactly, worth asking on the docker slack workspace.

I don't think you can get this out of docker as it is configured today. It just isn't one of the docker options. If you work at a lower level, you could:

1. Launch a VM with network connected through to the host (assuming you can do that; I have never tried with virtualization.framework, so I do not know how it does or does not enable network pass-through)
2. start a container
3. give it its own network namespace
4. use ipvlan to give each one its own IP.

You probably could build something like that using linuxkit, but it isn't just a slight modification of docker.yml. You also could look at lima

[enzofrnt]

Host mode didn't work on Mac M1.. So that not possible.
The only thing which works is port forward.

[deitch]

Oh you are right. I wasn't thinking about that, even as I wrote above about the differing network stack.