usedocker

// troubleshooting · mac permissions

Docker Desktop Mac permissions — permission denied fixes

Docker Desktop on macOS leans on a privileged helper for networking, file sharing, and the engine VM. When that helper fails to install or its registration drifts, you see a cluster of related errors: an unending password prompt loop on first launch, "permission denied" on /var/run/docker.sock, and silent bind-mount failures under /Applications or /Library on macOS Sequoia. This page maps each symptom to the cleanest fix.

By The Containers Desk Editorial team, usedocker.com

Last updated · Last verified

The exact error messages

  • docker: permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock
  • Failed to install com.docker.vmnetd: Authorization required
  • Bind for 0.0.0.0:80 failed: port is already allocated
  • error mounting "/Users/me/projects" to rootfs at "/app": permission denied

Fix #1 — Fully reinstall via the bundled uninstaller

When the privileged-helper prompt loops or fails, the Application’s install state is partially registered. Don’t drag the app to the Trash — that leaves the helper entries dangling. Use Docker’s own uninstall command:

$ /Applications/Docker.app/Contents/MacOS/install --uninstall
$ rm -rf ~/Library/Containers/com.docker.docker
$ rm -rf ~/Library/Application\ Support/Docker\ Desktop
$ rm -rf ~/.docker

# Re-install from the official .dmg afterwards.

Then reinstall from the official .dmg. Make sure your user is an admin (System Settings → Users & Groups). The privileged-helper setup needs admin privileges and fails silently on standard accounts.

Fix #2 — Repair the docker.sock symlink

On Apple Silicon and Intel Macs, the engine listens on ~/.docker/run/docker.sock. Tools that hard-code /var/run/docker.sock rely on a symlink that Docker Desktop creates on launch. That symlink can drift after major Docker Desktop or macOS upgrades. Repair it manually:

$ ls -l /var/run/docker.sock
lrwxr-xr-x  1 root  daemon  /var/run/docker.sock -> /Users/old-user/.docker/run/docker.sock

$ sudo rm /var/run/docker.sock
$ sudo ln -s ~/.docker/run/docker.sock /var/run/docker.sock

Or set DOCKER_HOST=unix://$HOME/.docker/run/docker.sock in your shell profile and skip the symlink entirely. Tools that use the official Docker SDKs will pick up DOCKER_HOST automatically.

Fix #3 — Grant macOS Sequoia App Management permission

macOS 15 Sequoia introduced App Management protection: any process that modifies installed apps under /Applications or /Library must be explicitly permitted. Docker Desktop’s bind mounts on those paths fail silently otherwise.

Open System Settings → Privacy & Security → App Management and enable Docker Desktop. You may also see a system prompt the first time a bind mount targets a protected path — accept it.

Bind mounts under your home directory (~) are not affected by App Management protection. If most of your development happens under ~/projects or similar, you’ll never hit this in the first place.

Fix #4 — Don’t use sudo with docker

If you’re reaching for sudo docker run … to dodge a permission error, stop. Docker Desktop on Mac talks to the engine over a per-user socket; running the client as root creates a separate context and a brand new set of permission edge cases. The fix is upstream — the user-level socket should work without sudo. If it doesn’t, one of the fixes above is what you actually want.

Frequently asked questions

Why does Docker Desktop on Mac keep prompting for my password?

The privileged helper that handles networking and bind mounts is failing to register with launchd. The fix is to fully uninstall via the bundled uninstaller (`/Applications/Docker.app/Contents/MacOS/install --uninstall`) and reinstall. Make sure your user is an admin before reinstalling.

How do I fix "permission denied" on /var/run/docker.sock on Mac?

On Apple Silicon and Intel Macs, Docker Desktop creates ~/.docker/run/docker.sock per user. Symlinks at /var/run/docker.sock can drift out of date. Delete the symlink (sudo rm /var/run/docker.sock) and let Docker Desktop recreate it on next start, or set the DOCKER_HOST env var to unix://$HOME/.docker/run/docker.sock.

Do I need to grant Full Disk Access to Docker Desktop?

Not in 2026. Docker Desktop only needs access to /Users (granted by default) and the privileged helper for the engine VM. If your bind mounts under ~/Documents or ~/Desktop fail, macOS may have prompted for "Files and Folders" access — accept that prompt and the bind mount works. Full Disk Access is broader than necessary.

Why does my bind mount fail with "operation not permitted" on macOS Sequoia?

macOS Sequoia introduced stricter App Management protection on /Applications and /Library. Docker Desktop's bind mounts under those paths now require explicit App Management permission. Open System Settings → Privacy & Security → App Management → enable Docker Desktop. Bind mounts under your home directory work without this.

Sources

  1. [1] macOS App Management protection (Apple Support)
  2. [2] macOS Privacy preferences (Apple Support)
  3. [3] launchd reference (developer.apple.com)
  4. [4] docker-desktop tag on Stack Overflow

Related guides

Docker Desktop Troubleshooting — Errors & Fixes

Docker Desktop troubleshooting hub. Fix WSL 2 errors, virtualization issues, Hyper-V conflicts, macOS permissions, and other common Docker Desktop problems.

Read →

Install Docker Desktop on Mac — Step-by-Step Guide (2026)

Install Docker Desktop on macOS — Apple Silicon and Intel — in five steps. Detailed walkthrough with screenshots, verification, and macOS permission tips.

Read →

Download Docker Desktop for Mac — Apple Silicon, Intel

Download Docker Desktop for macOS — Apple Silicon (M1, M2, M3, M4) and Intel builds. Official .dmg link, system requirements, and an install walkthrough.

Read →