[Workaround in description] Mac is detecting Docker as a malware and keeping it from starting

[acassioaraujo]

Description

Whenever Docker is started, this error is shown:

Malware Blocked. “com.docker.socket” was not opened because it contains malware. this action did not harm your Mac.

Reproduce

1. Start Docker
2. See the error

Workaround

Tip

If you face this issue, try the following procedure:

1. Quit Docker Desktop and check that no remaining docker processes are running using the Activity Monitor
2. Run the following commands:

#!/bin/bash

# Stop the docker services
echo "Stopping Docker..."
sudo pkill '[dD]ocker'

# Stop the vmnetd service
echo "Stopping com.docker.vmnetd service..."
sudo launchctl bootout system /Library/LaunchDaemons/com.docker.vmnetd.plist

# Stop the socket service
echo "Stopping com.docker.socket service..."
sudo launchctl bootout system /Library/LaunchDaemons/com.docker.socket.plist

# Remove vmnetd binary
echo "Removing com.docker.vmnetd binary..."
sudo rm -f /Library/PrivilegedHelperTools/com.docker.vmnetd

# Remove socket binary
echo "Removing com.docker.socket binary..."
sudo rm -f /Library/PrivilegedHelperTools/com.docker.socket

# Install new binaries
echo "Install new binaries..."
sudo cp /Applications/Docker.app/Contents/Library/LaunchServices/com.docker.vmnetd /Library/PrivilegedHelperTools/
sudo cp /Applications/Docker.app/Contents/MacOS/com.docker.socket /Library/PrivilegedHelperTools/

3. Restart Docker Desktop.

If that still doesn't work, download one of the currently supported release from the Release notes and re-apply step 2.

As suggested running this command is working for most of people that had this problem.

Original issue details

### docker version

Client:
 Version:           26.1.4
 API version:       1.45
 Go version:        go1.21.11
 Git commit:        5650f9b
 Built:             Wed Jun  5 11:26:02 2024
 OS/Arch:           darwin/arm64
 Context:           desktop-linux
Cannot connect to the Docker daemon at unix:///Users/admin/.docker/run/docker.sock. Is the docker daemon running?

(Can't get docker started to check more details)

----
Asked for a friend running Docker in the same version and this is the output:

Client:
 Version:           27.0.3
 API version:       1.46
 Go version:        go1.21.11
 Git commit:        7d4bcd8
 Built:             Fri Jun 28 23:59:41 2024
 OS/Arch:           darwin/arm64
 Context:           desktop-linux

Server: Docker Desktop 4.32.0 (157355)
 Engine:
  Version:          27.0.3
  API version:      1.46 (minimum version 1.24)
  Go version:       go1.21.11
  Git commit:       662f78c
  Built:            Sat Jun 29 00:02:44 2024
  OS/Arch:          linux/arm64
  Experimental:     false
 containerd:
  Version:          1.7.18
  GitCommit:        ae71819c4f5e67bb4d5ae76a6b735f29cc25774e
 runc:
  Version:          1.7.18
  GitCommit:        v1.1.13-0-g58aa920
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

docker info

lient:
 Version:    27.0.3
 Context:    desktop-linux
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.15.1-desktop.1
    Path:     /Users/lorenzo/.docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.28.1-desktop.1
    Path:     /Users/lorenzo/.docker/cli-plugins/docker-compose
  debug: Get a shell into any image or container (Docker Inc.)
    Version:  0.0.32
    Path:     /Users/lorenzo/.docker/cli-plugins/docker-debug
  desktop: Docker Desktop commands (Alpha) (Docker Inc.)
    Version:  v0.0.14
    Path:     /Users/lorenzo/.docker/cli-plugins/docker-desktop
  dev: Docker Dev Environments (Docker Inc.)
    Version:  v0.1.2
    Path:     /Users/lorenzo/.docker/cli-plugins/docker-dev
  extension: Manages Docker extensions (Docker Inc.)
    Version:  v0.2.25
    Path:     /Users/lorenzo/.docker/cli-plugins/docker-extension
  feedback: Provide feedback, right in your terminal! (Docker Inc.)
    Version:  v1.0.5
    Path:     /Users/lorenzo/.docker/cli-plugins/docker-feedback
  init: Creates Docker-related starter files for your project (Docker Inc.)
    Version:  v1.3.0
    Path:     /Users/lorenzo/.docker/cli-plugins/docker-init
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
    Version:  0.6.0
    Path:     /Users/lorenzo/.docker/cli-plugins/docker-sbom
  scout: Docker Scout (Docker Inc.)
    Version:  v1.10.0
    Path:     /Users/lorenzo/.docker/cli-plugins/docker-scout

Server:
 Containers: 10
  Running: 9
  Paused: 0
  Stopped: 1
 Images: 41
 Server Version: 27.0.3
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: ae71819c4f5e67bb4d5ae76a6b735f29cc25774e
 runc version: v1.1.13-0-g58aa920
 init version: de40ad0
 Security Options:
  seccomp
   Profile: unconfined
  cgroupns
 Kernel Version: 6.6.32-linuxkit
 Operating System: Docker Desktop
 OSType: linux
 Architecture: aarch64
 CPUs: 12
 Total Memory: 7.657GiB
 Name: docker-desktop
 ID: 1e75072f-7d8f-47c3-917a-43dc08d31755
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Labels:
  com.docker.desktop.address=unix:///Users/lorenzo/Library/Containers/com.docker.docker/Data/docker-cli.sock
 Experimental: false
 Insecure Registries:
  hubproxy.docker.internal:5555
  127.0.0.0/8
 Live Restore Enabled: false

Diagnostics ID

Can't get a Diagnostics ID because I'm not able to open docker, the error is from MacOS

Additional Info

I tried installing older versions of Docker but the error is the same to all of them.

[luckystreak96]

If it helps, I have the same issue and am running this version of MacOS M3: macOS Sequoia 15.1 (24B83)

[jpbriend]

can you tell us how old is the vmnetd executable on your machines?
it's located here: /Library/PrivilegedHelperTools/com.docker.vmnetd

[luckystreak96]

Running ls -lrt /Library/PrivilegedHelperTools/ gives this:

-r-xr--r--  1 root  wheel  5636768 31 May  2024 com.docker.vmnetd

[mat007]

Hi,

Which version(s) of Docker Desktop have you tried? Which one is the highest one? Did you download it fresh?
What happens if you do

sudo rm /Library/PrivilegedHelperTools/com.docker.vmnetd

then start Docker Desktop again? (Docker Desktop should re-install it on-demand when it needs it)

Thanks, and sorry this happened to you!

[mancha-24]

I deleted the com.docker.vmnetd but now I get this opening docker again

[luckystreak96]

I uninstalled after the issue happened and re-installed the latest version available on the website - since deleting com.docker.vmnetd the application hangs (the window never opens), there is no visible error message, the file com.docker.vmnetd is still missing and trying to open the application multiple times yields an error of the likes of "Cannot start Docker because the application is not responding" (same as the post above)

[mat007]

Ah maybe you need to (sudo) kill -9 the vmnetd process, actually. Does

ps aux | grep vmnetd

show it running?

[mat007]

Or any other docker process running?

ps aux | grep [dD]ocker

[luckystreak96]

vmnetd was not running, and killing the docker process and starting it again gives the same result.

$ps aux | grep vmnetd
user        25212   0.0  0.0 410733072   1664 s000  S+    1:16pm   0:00.01 grep vmnetd
$ps aux | grep "[dD]ocker"
user        24255   0.0  0.2 412151024  73200   ??  S     1:05pm   0:00.15 /Applications/Docker.app/Contents/MacOS/com.docker.backend run

[akerouanton]

It'd be helpful to get some system logs to see why macOS is rejecting vmnetd.

1. Make sure that no docker process are running -- or kill them through the Activity Monitor.
2. Note the current time.
3. Start Docker Desktop
4. Run the following command in a terminal and replace the time with what you noted in step 2. (this command might be really slow).

$ log show --start '2025-01-07 X:Y:00' | grep 'com.docker'

[luckystreak96]

I see this at the end of the log output that looks suspicious:

trustd: [com.apple.securityd:SecWarning]
Entitlement com.apple.application-identifier=9BNSXJN65R.com.docker.docker is ignored because of invalid application signature or incorrect provisioning profile
    "group.com.docker"

docker-log-output.txt

[mat007]

vmnetd was not running, and killing the docker process and starting it again gives the same result.

Ah right, so Docker Desktop does not re-install vmnetd in that case.
You can do

sudo cp /Applications/Docker.app/Contents/Library/LaunchServices/com.docker.vmnetd /Library/PrivilegedHelperTools/

then restart Docker Desktop.

edit: this probably needs you to update to at least Docker Desktop 4.35 before cp’ing

[EricCrete]

This worked for me ^

[luckystreak96]

That also worked for me!

[codeech]

I uninstalled, and then reinstalled using the command line, and things seem to be working properly

[akerouanton]

If someone is facing this issue, before removing the broken vmnetd or socket binary, could you please try to run these two commands and paste the output here:

$ codesign -d --extract-certificates  /Library/PrivilegedHelperTools/com.docker.vmnetd
$ for file in $(ls codesign*); do security verify-cert -vv -c $file; done
$ openssl ocsp -CAfile codesign2 -issuer codesign1 -cert codesign0 -url $(openssl x509 -in codesign0 -ocsp_uri -noout)
$ openssl x509 -noout -text -in codesign0

[voidd7]

This wasn't working for me

sudo cp /Applications/Docker.app//Contents/Library/LaunchServices/com.docker.vmnetd /Library/PrivilegedHelperTools/

but reinstalling from command line worked.

[zioproto]

I have the same problem but with a small different detail. In the screenshot the file mentioned is com.docker.socket:

@acassioaraujo your screenshot shows com.docker.vmnetd but in your issue description you also write com.docker.socket, could you please confirm which file is affected for you ? thanks

[akerouanton]

@zioproto I think both are affected since they were signed with the same certificate. If you have a chance, could you try to run the commands I posted in this comment please? This would help us a lot. #7520 (comment)

[zioproto]

@akerouanton It seems the signature cannot be verified:

security verify-cert -vv -c codesign0
Cert Verify Result: CSSMERR_TP_NOT_TRUSTED
---
Certificate chain
 0: Developer ID Application: Docker Inc (9BNSXJN65R)
    <cert(0x15c80d000) s: Developer ID Application: Docker Inc (9BNSXJN65R) i: Developer ID Certification Authority>
---
Certificate errors
 0: Developer ID Application: Docker Inc (9BNSXJN65R)
    Unable to find next certificate in the chain [MissingIntermediate]
---
Certificate chain properties
(
        {
        error = "CSSMERR_TP_NOT_TRUSTED";
        title = "Developer ID Application: Docker Inc (9BNSXJN65R)";
    }
)
---
Trust evaluation results
{
    TrustEvaluationDate = "2025-01-07 19:30:03 +0000";
    TrustResultDetails =     (
                {
            MissingIntermediate = 0;
            StatusCodes =             (
                "-2147409622"
            );
        }
    );
    TrustResultValue = 5;
}
---
Trust evaluation errors
Error Domain=NSOSStatusErrorDomain Code=-25318 "errKCCreateChainFailed / errSecCreateChainFailed: / The attempt to create a certificate chain failed." UserInfo={NSLocalizedDescription=\u201cDeveloper ID Application: Docker Inc (9BNSXJN65R)\u201d certificate is not trusted, NSUnderlyingError=0x600000f1cba0 {Error Domain=NSOSStatusErrorDomain Code=-25318 "errKCCreateChainFailed / errSecCreateChainFailed: / The attempt to create a certificate chain failed." UserInfo={NSLocalizedDescription=Certificate 0 \u201cDeveloper ID Application: Docker Inc (9BNSXJN65R)\u201d has errors: Unable to build chain to root (possible missing intermediate);}}}

[acassioaraujo]

vmnetd was not running, and killing the docker process and starting it again gives the same result.

Ah right, so Docker Desktop does not re-install vmnetd in that case. You can do

sudo cp /Applications/Docker.app//Contents/Library/LaunchServices/com.docker.vmnetd /Library/PrivilegedHelperTools/

then restart Docker Desktop.

edit: this probably needs you to update to at least Docker Desktop 4.35 before cp’ing

This worked for me on version 4.32

[akerouanton]

@zioproto I just added two other commands to my comment, ie. openssl ocsp … and openssl x509. Could you paste their output too please? 🙂

EDIT: Let me re-add them here for clarity.

$ openssl ocsp -CAfile codesign2 -issuer codesign1 -cert codesign0 -url $(openssl x509 -in codesign0 -ocsp_uri -noout)
$ openssl x509 -noout -text -in codesign0

[zioproto]

@akerouanton the certificate has been revoked:

openssl x509 -in codesign0 -ocsp_uri -noout
http://ocsp.apple.com/ocsp03-devidg201

Question: I am not familiar with this, is it normal that the verification url is plaintext http and not https ?

and

openssl ocsp -CAfile codesign2 -issuer codesign1 -cert codesign0 -url $(openssl x509 -in codesign0 -ocsp_uri -noout)
Response verify OK
codesign0: revoked

here is the full certificate in text form:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:16:fd:12:7d:9a:57:15:17:65:91:f8:5f:fc:3c:66
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=Developer ID Certification Authority, OU=G2, O=Apple Inc., C=US
        Validity
            Not Before: Feb  8 12:56:54 2024 GMT
            Not After : Feb  8 12:56:53 2029 GMT
        Subject: UID=9BNSXJN65R, CN=Developer ID Application: Docker Inc (9BNSXJN65R), OU=9BNSXJN65R, O=Docker Inc, C=US
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:de:55:31:8d:a3:31:c4:99:12:84:a4:3b:1c:38:
                    f5:27:ac:df:4e:4b:88:8e:c3:07:00:13:a5:ab:82:
                    2c:ae:93:5f:f3:f1:9a:aa:bc:51:f9:9b:32:25:85:
                    6a:33:fe:0b:62:af:47:41:63:bf:41:d8:bb:18:8d:
                    33:35:68:3c:43:03:df:b5:05:c5:ac:cc:a5:e1:ad:
                    e7:91:c6:b1:dc:80:0b:f3:9d:f1:99:05:ac:8d:f2:
                    e7:5c:e2:f8:c2:6e:01:02:08:bc:d7:b1:f8:14:e7:
                    b9:06:b2:47:49:5c:6d:39:73:26:38:cf:c7:16:bf:
                    ab:b6:64:e9:b7:22:09:c9:af:b4:05:3e:0f:2d:e0:
                    fc:90:ba:5e:89:e5:15:63:df:9b:85:84:25:90:11:
                    10:02:15:bc:22:97:f4:12:2b:f0:f6:2a:7e:f0:86:
                    54:3a:b6:f4:85:60:90:a8:93:b8:32:b7:b0:08:41:
                    46:89:c9:35:a8:fd:72:83:16:8c:9f:91:1b:36:4c:
                    df:7d:ee:3f:a5:e2:f5:62:62:ba:c1:0a:5f:a0:e1:
                    f7:49:bf:f9:f1:44:cc:c7:5d:57:5b:5a:89:4f:61:
                    29:01:a6:24:af:14:7a:cc:ce:dc:3a:b5:7b:c3:fd:
                    70:aa:10:a9:00:b2:a0:9b:25:71:f7:6b:fb:a3:bf:
                    2e:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Authority Key Identifier:
                F8:3A:0C:69:11:76:E0:ED:AC:D1:EB:A6:59:FA:37:D5:C4:55:B0:1E
            Authority Information Access:
                CA Issuers - URI:http://certs.apple.com/devidg2.der
                OCSP - URI:http://ocsp.apple.com/ocsp03-devidg201
            X509v3 Certificate Policies:
                Policy: 1.2.840.113635.100.5.1
                  User Notice:
                    Explicit Text: Reliance on this certificate by any party assumes acceptance of the then applicable standard terms and conditions of use, certificate policy and certification practice statements.
                  CPS: https://www.apple.com/certificateauthority/
            X509v3 Extended Key Usage: critical
                Code Signing
            X509v3 Subject Key Identifier:
                21:58:40:59:A0:20:1A:5B:6D:97:AE:14:CD:2D:AC:0E:03:A1:23:66
            X509v3 Key Usage: critical
                Digital Signature
            1.2.840.113635.100.6.1.33:
                ..20140507000000Z
            1.2.840.113635.100.6.1.13: critical
                ..
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        c4:ea:d3:c2:92:b8:aa:01:c3:45:9a:95:27:16:8f:ff:03:1e:
        14:f9:ae:fa:6a:6f:1b:ef:3e:5a:94:59:f3:63:b0:32:e7:34:
        a2:0d:02:6a:b6:c4:bf:7e:12:fe:2f:db:7d:84:ae:79:d9:3e:
        20:4c:11:d8:4c:d7:27:9e:f5:d2:8a:19:22:11:30:52:33:40:
        36:93:ca:14:65:22:68:1a:82:f0:0c:72:d5:7e:03:d1:92:1e:
        92:da:96:15:a6:e2:80:ea:0e:32:f8:fd:5c:2e:bd:08:31:64:
        d5:1c:9c:71:68:ac:94:e8:c7:97:fe:b9:07:f4:10:93:12:1f:
        7c:71:00:0a:e6:b6:81:5b:91:50:c5:a4:fd:5a:2a:c1:db:ff:
        00:39:49:a8:74:72:86:0b:b1:fa:4b:cb:fe:bb:c1:85:14:83:
        33:1d:96:65:99:93:92:69:52:98:7d:1a:3e:04:e4:f2:12:1d:
        a1:88:14:26:b9:80:01:02:ac:bb:06:a6:73:9a:05:e7:d0:2e:
        f1:f8:df:0e:8a:21:fd:08:f4:4b:e2:d1:ad:c5:08:26:43:93:
        65:70:0c:b9:67:3f:3b:16:b0:c5:45:0b:17:da:62:e3:52:b1:
        0d:10:70:1b:be:66:c6:fe:c5:47:36:6e:9e:c8:0d:91:9b:54:
        1b:59:9b:2a

[akerouanton]

@zioproto Thanks a lot! Last batch of questions:

• Which version of Docker Desktop do you have?
• Can you upload com.docker.vmnetd and com.docker.socket?

[Chekote]

vmnetd was not running, and killing the docker process and starting it again gives the same result.

Ah right, so Docker Desktop does not re-install vmnetd in that case. You can do

sudo cp /Applications/Docker.app/Contents/Library/LaunchServices/com.docker.vmnetd /Library/PrivilegedHelperTools/

then restart Docker Desktop.

edit: this probably needs you to update to at least Docker Desktop 4.35 before cp’ing

It also worked for Docker 4.32.0, which we are stuck on due to the issue outlined here.

[zioproto]

• Which version of Docker Desktop do you have?

difficult to say for sure because I am not able to start docker anymore.

• Can you upload com.docker.vmnetd and com.docker.socket?

Can you give me the full path to those files ?
I found /Library/PrivilegedHelperTools/com.docker.socket but I cannot find com.docker.vmnetd at the same path.

Do you need the full file ? this is my hash:

MD5 (com.docker.socket) = 8c166046e4c4b8a864c2941067b16428

[akerouanton]

It should be:

• /Library/PrivilegedHelperTools/com.docker.vmnetd
• /Library/PrivilegedHelperTools/com.docker.socket

But if one is missing on your system, don't worry and just upload what you have 🙂

[shreyas-sriram]

Seeing similar issues. Downloaded the specific MacOS version (4.29.0) from https://desktop.docker.com/mac/main/arm64/145265/Docker.dmg and Apple wouldn't even let me install the dmg, with message “Docker.dmg” was not opened because it contains malware. This action did not harm your Mac.

When I use spctl to verify the dmg, this is what I get

$ spctl -a -v ~/Downloads/Docker.dmg
/Users/shreyas.sriram/Downloads/Docker.dmg: CSSMERR_TP_CERT_REVOKED
``

[victor-yushenko-deque]

I tried to download the latest version (4.37.2) as docker page indicated.

It seems to have the same issue when installing (same warning and OSX constantly prompting to put it into trash).

Is there is a work being done for a new version that has actually fixes this? Any ETA when it might be ready?

[razorfish-sl]

put it on the desktop like i did

I tried to download the latest version (4.37.2) as docker page indicated.

It seems to have the same issue when installing (same warning and OSX constantly prompting to put it into trash).

Is there is a work being done for a new version that has actually fixes this? Any ETA when it might be ready?

put it on the desk top like i did.
been in 27 min & no warning.

[tnmygrwl]

put it on the desk top like i did.

After trying everything this surprisingly worked for me, but my team has already switched all the scripts to podman. Will wait for a proper fix. 🤞🏾

[Tomek20225]

What works for me (tested on two MacBooks):

1. sudo pkill [dD]ocker
2. sudo rm /Library/PrivilegedHelperTools/com.docker.vmnetd
3. sudo rm /Library/PrivilegedHelperTools/com.docker.socket
4. Download the fresh and up-to-date .dmg from the Docker website. Install it.
5. sudo cp /Applications/Docker.app/Contents/Library/LaunchServices/com.docker.vmnetd /Library/PrivilegedHelperTools/
6. Now everything should be working, no reboots needed

[victor-yushenko-deque]

put it on the desktop like i did

I tried to download the latest version (4.37.2) as docker page indicated.
It seems to have the same issue when installing (same warning and OSX constantly prompting to put it into trash).
Is there is a work being done for a new version that has actually fixes this? Any ETA when it might be ready?

put it on the desk top like i did. been in 27 min & no warning.

Thanks. It changes error to one where it says that file is damaged, while copying into Applications folder (tried to download few times just in case - following attempt brought back malware error). But ultimately still does not work...

I guess have to switch to podman, as it's not clear when Docker will be fixed

Here is an error:

P.S. It seems that if you move downloaded file into any other folder, first time it reports that it's damaged. If downloaded again and moved into the same folder, then it's back to saying that it's malware.

[deepakdinesh1123]

sudo hdiutil detach /Volumes/Docker

@robme Try to install it via the CLI instead of the GUI

Thanks 🙇 these solved it for me on my M3 Mac running MacOS 14.5
All steps I took (if someone were to need it):

1. Delete Docker App
2. clean up vmnetd sudo rm /Library/PrivilegedHelperTools/com.docker.vmnetd
3. Download new current distributable
4. Install via CLI

sudo hdiutil attach Docker.dmg
sudo /Volumes/Docker/Docker.app/Contents/MacOS/install
sudo hdiutil detach /Volumes/Docker
Curious thought what the cause might be :D

Worked for me perfectly. Thank you so much.

This worked for me. Thanks 👍

This also worked for me. Thanks a lot. MacOs (15.0), M2 chip

Worked for me on Mac with M2 Chip and OS 14.7.2.

Worked for me on Mac with M1 chip and OS 14.6.1

[lyf2000]

Thank you, for ventura 13.4.1 (c) worked

The following worked for me with Sonoma 14.7.1:

Step 1 - Trash Docker.app from Applications

Step 2 - Kill any running Docker containers (if it errs out, none was running): sudo docker kill $(docker ps -q)

Step 3 - Remove any vmnetd or other Docker privileged helper (if it errs out, none was present): sudo rm /Library/PrivilegedHelperTools/com.docker.*

Step 4 - Reboot the Mac (VERY IMPORTANT!)

Step 5 - Download the latest Docker.dmg from Docker.com

Step 6 - Install Docker from the command line: cd ~/Downloads sudo hdiutil attach Docker.dmg sudo /Volumes/Docker/Docker.app/Contents/MacOS/install sudo hdiutil detach /Volumes/Docker

Step 7 - Launch Docker.app from the Finder (normally) and it should work fine.

No containers and/or images should be affected by this.

Drop a smile if it was helpful so it gets to more people.

[mgutierrezc]

@leobarcellos, you rock! Worked for me

[siveing]

@acassioaraujo Great, It worked for me

[phydroxide]

So is it malware or just old signatures?

This makes sense to me given that it's been about 6 months since I used Docker.

I just removed it from my machine but am curious to know why this fired and why tonight

log show --start '2025-01-10 21:05:00' | grep 'com.docker'

2025-01-10 21:08:19.544683-0700 0x819      Default     0x0                  1      0    launchd: [system/com.docker.socket [276]:] internal event: SOURCE_ATTACH, code = 0
2025-01-10 21:08:19.544696-0700 0x819      Default     0x0                  1      0    launchd: [system/com.docker.vmnetd [277]:] internal event: SOURCE_ATTACH, code = 0
2025-01-10 21:08:19.551090-0700 0x819      Default     0x0                  1      0    launchd: [system/com.docker.vmnetd [277]:] Requesting first run LWCR update
2025-01-10 21:08:19.551775-0700 0xd58      Default     0xd37                273    0    backgroundtaskmanagementd: [com.apple.backgroundtaskmanagement:main] effectiveItemDisposition: appURL=(null), type=legacy daemon, url=file:///Library/LaunchDaemons/com.docker.vmnetd.plist, config={
        "/Library/PrivilegedHelperTools/com.docker.vmnetd"
    BTMConfigExecutablePath = "/Library/PrivilegedHelperTools/com.docker.vmnetd";
    BTMConfigLabel = "com.docker.vmnetd";
2025-01-10 21:08:19.552199-0700 0x818      Default     0x0                  1      0    launchd: [system/com.docker.vmnetd [277]:] Updated BTM identifiers: 00000000-0000-0000-0000-000000000000 New LWCR needed: 1
2025-01-10 21:08:19.552238-0700 0xd5f      Default     0x0                  277    0    xpcproxy: Launch constraint set on 00000000-0000-0000-0000-000000000000 /Library/LaunchDaemons/com.docker.vmnetd.plist
2025-01-10 21:08:19.667520-0700 0x819      Default     0x0                  1      0    launchd: [system/com.docker.socket [276]:] Requesting first run LWCR update
2025-01-10 21:08:19.668624-0700 0xd56      Default     0xd38                273    0    backgroundtaskmanagementd: [com.apple.backgroundtaskmanagement:main] effectiveItemDisposition: appURL=(null), type=legacy daemon, url=file:///Library/LaunchDaemons/com.docker.socket.plist, config={
        "/Library/PrivilegedHelperTools/com.docker.socket",
    BTMConfigExecutablePath = "/Library/PrivilegedHelperTools/com.docker.socket";
    BTMConfigLabel = "com.docker.socket";
2025-01-10 21:08:19.669294-0700 0xa41      Default     0x0                  1      0    launchd: [system/com.docker.socket [276]:] Updated BTM identifiers: 00000000-0000-0000-0000-000000000000 New LWCR needed: 1
2025-01-10 21:08:19.669394-0700 0xd5d      Default     0x0                  276    0    xpcproxy: Launch constraint set on 00000000-0000-0000-0000-000000000000 /Library/LaunchDaemons/com.docker.socket.plist
2025-01-10 21:08:19.751557-0700 0x9f2      Default     0x0                  115    0    amfid: /Library/PrivilegedHelperTools/com.docker.vmnetd not valid: Error Domain=AppleMobileFileIntegrityError Code=-420 "The signature on the file is invalid" UserInfo={NSURL=file:///Library/PrivilegedHelperTools/com.docker.vmnetd, NSLocalizedDescription=The signature on the file is invalid}
2025-01-10 21:08:19.755204-0700 0x9f2      Default     0x0                  115    0    amfid: /Library/PrivilegedHelperTools/com.docker.socket not valid: Error Domain=AppleMobileFileIntegrityError Code=-420 "The signature on the file is invalid" UserInfo={NSURL=file:///Library/PrivilegedHelperTools/com.docker.socket, NSLocalizedDescription=The signature on the file is invalid}
2025-01-10 21:08:19.759458-0700 0xd5f      Default     0x0                  0      0    kernel: (AppleMobileFileIntegrity) AMFI: When validating /Library/PrivilegedHelperTools/com.docker.vmnetd:
2025-01-10 21:08:19.759467-0700 0xd5f      Default     0x0                  0      0    kernel: mac_vnode_check_signature: /Library/PrivilegedHelperTools/com.docker.vmnetd: code signature validation failed fatally: When validating /Library/PrivilegedHelperTools/com.docker.vmnetd:
2025-01-10 21:08:19.759487-0700 0xd5f      Default     0x0                  0      0    kernel: proc 277: load code signature error 4 for file "com.docker.vmnetd"
2025-01-10 21:08:19.759868-0700 0xd63      Default     0x0                  0      0    kernel: (AppleSystemPolicy) ASP: Security policy would not allow process: 277, /Library/PrivilegedHelperTools/com.docker.vmnetd
2025-01-10 21:08:19.759940-0700 0xa41      Default     0x0                  1      0    launchd: [system/com.docker.vmnetd [277]:] xpcproxy exited due to OS_REASON_EXEC
2025-01-10 21:08:19.759948-0700 0xa41      Default     0x0                  1      0    launchd: [system/com.docker.vmnetd [277]:] exited with exit reason (namespace: 9 code: 0x8) - OS_REASON_EXEC, ran for 216ms
2025-01-10 21:08:19.759950-0700 0xa41      Default     0x0                  1      0    launchd: [system/com.docker.vmnetd [277]:] internal event: INIT, code = 153
2025-01-10 21:08:19.759952-0700 0xa41      Default     0x0                  1      0    launchd: [system/com.docker.vmnetd [277]:] service state: exited
2025-01-10 21:08:19.759955-0700 0xa41      Default     0x0                  1      0    launchd: [system/com.docker.vmnetd [277]:] internal event: EXITED, code = 0
2025-01-10 21:08:19.759957-0700 0xa41      Default     0x0                  1      0    launchd: [system:] service inactive: com.docker.vmnetd
2025-01-10 21:08:19.759964-0700 0xa41      Default     0x0                  1      0    launchd: [system/com.docker.vmnetd [277]:] service state: not running
2025-01-10 21:08:20.090730-0700 0xba4      Default     0x0                  224    0    syspolicyd: [com.apple.syspolicy.exec:default] GK evaluateScanResult: 2, PST: (path: 4cac2f47874dc0af), (team: 9BNSXJN65R), (id: com.docker.vmnetd), (bundle_id: NOT_A_BUNDLE), 0, 0, 1, 0, 10, 10, 0
2025-01-10 21:08:20.090790-0700 0xba4      Error       0x0                  224    0    syspolicyd: [com.apple.syspolicy.exec:default] Denying, eval requires a prompt but there is no logged in user: PST: (path: 4cac2f47874dc0af), (team: 9BNSXJN65R), (id: com.docker.vmnetd), (bundle_id: NOT_A_BUNDLE)
2025-01-10 21:08:20.091313-0700 0xba4      Default     0x0                  224    0    syspolicyd: [com.apple.syspolicy.exec:default] Found provenance data on target: TA(6acd9f72e9a9b544, 2), PST: (path: 4cac2f47874dc0af), (team: 9BNSXJN65R), (id: com.docker.vmnetd), (bundle_id: NOT_A_BUNDLE)
2025-01-10 21:08:20.096944-0700 0xb5b      Error       0x0                  224    0    syspolicyd: [com.apple.syspolicy.exec:default] Evaluating blocked code: PST: (path: 4cac2f47874dc0af), (team: 9BNSXJN65R), (id: com.docker.vmnetd), (bundle_id: NOT_A_BUNDLE)
2025-01-10 21:08:20.705474-0700 0xd5d      Default     0x0                  0      0    kernel: (AppleMobileFileIntegrity) AMFI: When validating /Library/PrivilegedHelperTools/com.docker.socket:
2025-01-10 21:08:20.705483-0700 0xd5d      Default     0x0                  0      0    kernel: mac_vnode_check_signature: /Library/PrivilegedHelperTools/com.docker.socket: code signature validation failed fatally: When validating /Library/PrivilegedHelperTools/com.docker.socket:

[WolfgangFahl]

All advices here have been counter productive for me. I had to remove docker from the start objects, reboot the computer and reinstall docker from the latest version 4.37.2.

I lost quite some work and could not use my computer properly for three days in the row. I am really annoyed how this problem showed up out of blue air and kept me busy - especially given that similar problems have been known from the past few months.

[adrienjoly]

The procedure to update Docker in order to fix that problem is now documented on their website: https://docs.docker.com/desktop/cert-revoke-solution/#upgrade-to-docker-desktop-version-4372-recommended, and on this issue: #7527 (which also covers non-privileged users and Homebrew)

[shaamidak]

Updating docker desktop directly to version 4.37.2 (179585) has solved this issue for me hassle free.
Fix : #7527

[xscorp]

I downloaded the version containing the fix, Didn't move it to Applications, It worked and I haven't received any warnings since then. Will wait for the complete fix.

[Ge6ben]

Same here! so, finally, I reinstalled it! and it works, but it deletes all my local db! 😭 with supabase !

[egbaydarov]

That guide works fine for me. https://docs.docker.com/desktop/cert-revoke-solution/

[amjedomar]

@egbaydarov thank you! yes me too this guide fixed the issue for me https://docs.docker.com/desktop/cert-revoke-solution by following the instructions on "Upgrade to Docker Desktop version 4.37.2" (but I also had to empty the Trash) What is great about this solution is that it kept all my images, containers and volumes as they are!!!

NOTE: after reinstalling it make sure to open the new installed Docker via Apps (i.e. if you had it pined in the dock that will refer to the old one) so open it from Apps then you can pin the new one in dock

[gianlucamazza]

my error message looks different: “com.docker.socket” was not opened because it contains malware. This action did not harm your Mac.

[amjedomar]

@gianlucamazza yes my error message was the same and I fixed it by following https://docs.docker.com/desktop/cert-revoke-solution by following the instructions on "Upgrade to Docker Desktop version 4.37.2" (also see my comment above)

[seongkyu-lim]

Same issue, The tip worked for me.

[rvieceli]

The official (https://docs.docker.com/desktop/cert-revoke-solution/#upgrade-to-docker-desktop-version-4372-recommended) recommended solution worked on my Intel Mac with Sequoia 15.2

[BugF]

I have uninstalled Docker on my computer and restarted it. Still the same. So annoying.

[tarun-anchanto]

• run sudo cp /Applications/Docker.app/Contents/Library/LaunchServices/com.docker.vmnetd /Library/PrivilegedHelperTools/

This step is necessary after downloading and running docker. Follow this #7520 (comment)

[4WvgqJu]

If it helps, I have the same issue and am running this version of MacOS M3: macOS Sequoia 15.1 (24B83)

same issue for
% sw_vers
ProductName: macOS
ProductVersion: 15.2
BuildVersion: 24C101

[4WvgqJu]

The official (https://docs.docker.com/desktop/cert-revoke-solution/#upgrade-to-docker-desktop-version-4372-recommended) recommended solution worked on my Intel Mac with Sequoia 15.2

Success!

[masto]

While I understand the immediate desire to get Docker back up and running since it's critical to many people's workflows, I think it's important to see a postmortem on this issue. Why was the certificate revoked, and by whom? This signing process is part of macOS' security strategy. If the certificate was revoked by Apple because they found an issue with the binary, a blog post that says nothing beyond "install this new version" is unsatisfactory. Was there or was there not malware? If not, what happened? If so, we have a much bigger problem. This was only detected after a restart, which means it was running on my machine for at least several days.

On the other hand, if the issue was a process error on Docker or Apple's side that led to inadvertently revoking a valid certificate, it would be appropriate to explain how this happened and what measures are being taken to prevent it from happening again.

[SoundBoySelecta]

So my circumstances were a bit different. I already had an older version of docker desktop installed (some version in 2024). Havent used Docker last few weeks but spontaneously got an error a few days ago about some error launching (in background I assume because it wasnt being used), kept getting the error so I un-installed it to avoid annoyance. Needed to use it yesterday so tried installing a fresh newer version. Then on installation got the error "Docker” is damaged and can’t be opened. You should move it to the Bin", so I complied and tried to download again, but same error kept occuring. Tried to restart Mac, pop up kept coming up whether yes or cancel chosen even when not invoking installation, even on a restart, everytime I restarted it started what seemed like the docker installation (saw the installation progress bar). Only way to stop the pop up was to go into System Settings/ General/Login Items, deactivate the "Docker.app", which shouldnt be there because it was uninstalled. That stopped the pop up. So it seemed like the log in item was lauching the docker.app, which was the installation not the actually docker app. Anyone can concur?

[muescha]

the brew uninstall and brew install --debug --cask docker not works for me, because it hangs at the step: UnpackStrategy::Dmg with the last step:

/usr/bin/env diskutil eject /private/tmp/homebrew-dmg20250112-37318-65te49/dmg.jkmJ3J

:(

update:

Somehow, diskutil was very slow. I let the script run, and it completed after 56 minutes.

[andrewtavis]

I was still getting that the Docker engine wouldn't start after the suggestions from many above to:

# Uninstall Docker with Homebrew:
brew uninstall --cask docker --force
brew uninstall --formula docker --force

# Reinstall Docker and Docker Desktop:
brew install --cask docker

Do the above steps along with any sensible uninstall steps that you're seeing above before brew install --cask docker. Quit everything including VS Code and other apps that could have Docker processes running during the above steps. Also remember that you might need to restart your computer.

Important

Even after all this I still needed to clean / purge the data. You can do this by:

• Opening Docker Desktop
• Click the ❓ icon at the top right for Troubleshoot
• Select Clean / Purge data (worked for me from here)
• Select Reset to factory defaults (in case you didn't follow the re-install steps)

Good luck! ☘