Estimated reading time: 16 minutes
Safely Install Non-Mac App Store Apps On Your Mac OS X Tips Cult of Mac I don't know if there has been a dangerous app released for the Mac recently, but I'd rather keep that extra step active. Macs are much safer than PCs, but a few years ago there was something called MacDefender that infected Macs and caused us to feel a little less smug. If an app is downloaded from the internet or directly from a developer, i.e. The Wacom Driver, the OS continues to protect the Mac. Your security settings will need to be adjusted to allow the app access to certain parts of the OS. Until these settings are accepted, the tablet functions, such as Pen and Touch, might not work correctly. Open an app by overriding security settings. You can open an app that isn’t allowed to open by manually overriding the settings in Security & Privacy preferences. In the Finder on your Mac, locate the app you want to open. Most apps can be found in the Applications folder. Control-click the app icon, then choose Open from the shortcut menu.
Welcome to Docker Desktop! The Docker Desktop for Mac user manual provides information on how to configure and manage your Docker Desktop settings.
For information about Docker Desktop download, system requirements, and installation instructions, see Install Docker Desktop.
Note
This page contains information about the Docker Desktop Stable release. For information about features available in Edge releases, see the Edge release notes.
Preferences
The Docker Preferences menu allows you to configure your Docker settings such as installation, updates, version channels, Docker Hub login,and more.
Choose the Docker menu > Preferences from themenu bar and configure the runtime options described below.
General
On the General tab, you can configure when to start and update Docker:
- Start Docker Desktop when you log in: Automatically starts Docker Desktop when you open your session.
- Automatically check for updates: By default, Docker Desktop automatically checks for updates and notifies you when an update is available. You can manually check for updates anytime by choosing Check for Updates from the main Docker menu.
- Include VM in Time Machine backups: Select this option to back up the Docker Desktop virtual machine. This option is disabled by default.
- Securely store Docker logins in macOS keychain: Docker Desktop stores your Docker login credentials in macOS keychain by default.
- Send usage statistics: Docker Desktop sends diagnostics, crash reports, and usage data. This information helps Docker improve and troubleshoot the application. Clear the check box to opt out.Click Switch to the Edge version to learn more about Docker Desktop Edge releases.
Resources
The Resources tab allows you to configure CPU, memory, disk, proxies, network, and other resources.
Advanced
On the Advanced tab, you can limit resources available to Docker.
Advanced settings are:
CPUs: By default, Docker Desktop is set to use half the number of processorsavailable on the host machine. To increase processing power, set this to ahigher number; to decrease, lower the number.
Memory: By default, Docker Desktop is set to use
2
GB runtime memory,allocated from the total available memory on your Mac. To increase the RAM, set this to a higher number. To decrease it, lower the number.Swap: Configure swap file size as needed. The default is 1 GB.
Disk image size: Specify the size of the disk image.
Disk image location: Specify the location of the Linux volume where containers and images are stored.
You can also move the disk image to a different location. If you attempt to move a disk image to a location that already has one, you get a prompt asking if you want to use the existing image or replace it.
File sharing
Use File sharing to allow local directories on the Mac to be shared with Linux containers.This is especially useful forediting source code in an IDE on the host while running and testing the code in a container.By default the
/Users
, /Volume
, /private
, /tmp
and /var/folders
directory are shared. If your project is outside this directory then it must be addedto the list. Otherwise you may get Mounts denied
or cannot start service
errors at runtime.File share settings are:
- Add a Directory: Click
+
and navigate to the directory you want to add. - Apply & Restart makes the directory available to containers using Docker’sbind mount (
-v
) feature.
Tips on shared folders, permissions, and volume mounts
- Shared folders are designed to allow application code to be edited on the host while being executed in containers. For non-code items such as cache directories or databases, the performance will be much better if they are stored in the Linux VM, using a data volume (named volume) or data container.
- By default, Mac file systems are case-insensitive while Linux is case-sensitive. On Linux, it is possible to create 2 separate files:
test
andTest
, while on Mac these filenames would actually refer to the same underlying file. This can lead to problems where an app works correctly on a Mac (where the file contents are shared) but fails when run in Linux in production (where the file contents are distinct). To avoid this, Docker Desktop insists that all shared files are accessed as their original case. Therefore, if a file is created calledtest
, it must be opened astest
. Attempts to openTest
will fail with the errorNo such file or directory
. Similarly, once a file calledtest
is created, attempts to create a second file calledTest
will fail. For more information, see Volume mounting requires file sharing for any project directories outside of/Users
.)
Proxies
Docker Desktop detects HTTP/HTTPS Proxy Settings from macOS and automaticallypropagates these to Docker. For example, if you set yourproxy settings to
http://proxy.example.com
, Docker uses this proxy whenpulling containers.Your proxy settings, however, will not be propagated into the containers you start.If you wish to set the proxy settings for your containers, you need to defineenvironment variables for them, just like you would do on Linux, for example:
For more information on setting environment variables for running containers,see Set environment variables.
Network
![Mac Mac](/uploads/1/3/3/8/133819868/233578533.png)
You can configure Docker Desktop networking to work on a virtual private network (VPN). Specify a network address translation (NAT) prefix and subnet mask to enable Internet connectivity.
Docker Engine
The Docker Engine page allows you to configure the Docker daemon to determine how your containers run.
Type a JSON configuration file in the box to configure the daemon settings. For a full list of options, see the Docker Enginedockerd commandline reference.
Click Apply & Restart to save your settings and restart Docker Desktop.
Mac App Store Security Preferences
Command Line
On the Command Line page, you can specify whether or not to enable experimental features.
Experimental features provide early access to future product functionality.These features are intended for testing and feedback only as they may changebetween releases without warning or can be removed entirely from a futurerelease. Experimental features must not be used in production environments.Docker does not offer support for experimental features.
To enable experimental features in the Docker CLI, edit the
config.json
file and set experimental
to enabled.To enable experimental features from the Docker Desktop menu, clickSettings (Preferences on macOS) > Command Line and then turn onthe Enable experimental features toggle. Click Apply & Restart.
For a list of current experimental features in the Docker CLI, see Docker CLI Experimental features.
On both Docker Desktop Edge and Stable releases, you can toggle the experimental features on and off. If you toggle the experimental features off, Docker Desktop uses the current generally available release of Docker Engine.
You can see whether you are running experimental mode at the command line. If
Experimental
is true
, then Docker is running in experimental mode, as shownhere. (If false
, Experimental mode is off.)Kubernetes
Docker Desktop includes a standalone Kubernetes server that runs on your Mac, sothat you can test deploying your Docker workloads on Kubernetes.
The Kubernetes client command,
kubectl
, is included and configured to connectto the local Kubernetes server. If you have kubectl
already installed andpointing to some other environment, such as minikube
or a GKE cluster, be sureto change context so that kubectl
is pointing to docker-desktop
:If you installed
kubectl
with Homebrew, or by some other method, andexperience conflicts, remove /usr/local/bin/kubectl
.- To enable Kubernetes support and install a standalone instance of Kubernetesrunning as a Docker container, select Enable Kubernetes. To set Kubernetes as thedefault orchestrator, select Deploy Docker Stacks to Kubernetes by default. How to fully remove applications from mac.Click Apply & Restart to save the settings. This instantiates images required to run the Kubernetes server as containers, and installs the
/usr/local/bin/kubectl
command on your Mac.When Kubernetes is enabled and running, an additional status bar item displaysat the bottom right of the Docker Desktop Settings dialog.The status of Kubernetes shows in the Docker menu and the context points todocker-desktop
. - By default, Kubernetes containers are hidden from commands like
dockerservice ls
, because managing them manually is not supported. To make themvisible, select Show system containers (advanced) and click Apply andRestart. Most users do not need this option. - To disable Kubernetes support at any time, clear the Enable Kubernetes check box. TheKubernetes containers are stopped and removed, and the
/usr/local/bin/kubectl
command is removed.For more about using the Kubernetes integration with Docker Desktop, seeDeploy on Kubernetes.
Reset
Reset and Restart options
On Docker Desktop Mac, the Restart Docker Desktop, Reset to factory defaults, and other reset options are available from the Troubleshoot menu.
For information about the reset options, see Logs and Troubleshooting.
Dashboard
The Docker Desktop Dashboard enables you to interact with containers and applications and manage the lifecycle of your applications directly from your machine. The Dashboard UI shows all running, stopped, and started containers with their state. It provides an intuitive interface to perform common actions to inspect and manage containers and existing Docker Compose applications. For more information, see Docker Desktop Dashboard.
Add TLS certificates
You can add trusted Certificate Authorities (CAs) (used to verify registryserver certificates) and client certificates (used to authenticate toregistries) to your Docker daemon.
Add custom CA certificates (server side)
All trusted CAs (root or intermediate) are supported. Docker Desktop creates acertificate bundle of all user-trusted CAs based on the Mac Keychain, andappends it to Moby trusted certificates. So if an enterprise SSL certificate istrusted by the user on the host, it is trusted by Docker Desktop.
To manually add a custom, self-signed certificate, start by adding thecertificate to the macOS keychain, which is picked up by Docker Desktop. Here isan example:
Or, if you prefer to add the certificate to your own local keychain only (ratherthan for all users), run this command instead:
See also, Directory structures forcertificates.
![App App](https://karabiner-elements.pqrs.org/docs/help/troubleshooting/kext-allow-button-does-not-work/images/system-preferences-security-and-privacy-accessibility@2x.png)
Note: You need to restart Docker Desktop after making any changes to thekeychain or to the
~/.docker/certs.d
directory in order for the changes totake effect.For a complete explanation of how to do this, see the blog post AddingSelf-signed Registry Certs to Docker & Docker Desktop forMac.
Add client certificates
You can put your client certificates in
~/.docker/certs.d/<MyRegistry>:<Port>/client.cert
and~/.docker/certs.d/<MyRegistry>:<Port>/client.key
.When the Docker Desktop application starts, it copies the
~/.docker/certs.d
folder on your Mac to the /etc/docker/certs.d
directory on Moby (the DockerDesktop xhyve
virtual machine).- You need to restart Docker Desktop after making any changes to the keychainor to the
~/.docker/certs.d
directory in order for the changes to takeeffect. - The registry cannot be listed as an insecure registry (see DockerEngine. Docker Desktop ignores certificates listedunder insecure registries, and does not send client certificates. Commandslike
docker run
that attempt to pull from the registry produce errormessages on the command line, as well as on the registry.
Directory structures for certificates
If you have this directory structure, you do not need to manually add the CAcertificate to your Mac OS system login:
The following further illustrates and explains a configuration with customcertificates:
You can also have this directory structure, as long as the CA certificate isalso in your keychain.
To learn more about how to install a CA root certificate for the registry andhow to set the client TLS certificate for verification, seeVerify repository client with certificatesin the Docker Engine topics.
Install shell completion
Docker Desktop comes with scripts to enable completion for the
docker
and docker-compose
commands. The completion scripts may befound inside Docker.app
, in the Contents/Resources/etc/
directory and can beinstalled both in Bash and Zsh.Bash
Bash has built-in support forcompletion To activate completion for Docker commands, these files need to becopied or symlinked to your
bash_completion.d/
directory. For example, if youinstalled bash via Homebrew:Add the following to your
~/.bash_profile
:OR
Zsh
In Zsh, the completionsystemtakes care of things. To activate completion for Docker commands,these files need to be copied or symlinked to your Zsh
site-functions/
directory. For example, if you installed Zsh via Homebrew:Fish-Shell
Fish-shell also supports tab completion completionsystem. To activate completion for Docker commands,these files need to be copied or symlinked to your Fish-shell
completions/
directory.Create the
completions
directory:Now add fish completions from docker.
Give feedback and get help
To get help from the community, review current user topics, join or start adiscussion, log on to our Docker Desktop for Macforum.
To report bugs or problems, log on to Docker Desktop for Mac issues onGitHub,where you can review community reported issues, and file new ones. SeeLogs and Troubleshooting for more details.
For information about providing feedback on the documentation or update it yourself, see Contribute to documentation.
Docker Hub
Select Sign in /Create Docker ID from the Docker Desktop menu to access your Docker Hub account. Once logged in, you can access your Docker Hub repositories and organizations directly from the Docker Desktop menu.
For more information, refer to the following Docker Hub topics:
Two-factor authentication
Docker Desktop enables you to sign into Docker Hub using two-factor authentication. Two-factor authentication provides an extra layer of security when accessing your Docker Hub account.
You must enable two-factor authentication in Docker Hub before signing into your Docker Hub account through Docker Desktop. For instructions, see Enable two-factor authentication for Docker Hub.
After you have enabled two-factor authentication:
- Go to the Docker Desktop menu and then select Sign in / Create Docker ID.
- Enter your Docker ID and password and click Sign in.
- After you have successfully signed in, Docker Desktop prompts you to enter the authentication code. Enter the six-digit code from your phone and then click Verify.
After you have successfully authenticated, you can access your organizations and repositories directly from the Docker Desktop menu.
Where to go next
- Try out the walkthrough at Get Started.
- Dig in deeper with Docker Labs examplewalkthroughs and source code.
- For a summary of Docker command line interface (CLI) commands, seeDocker CLI Reference Guide.
- Check out the blog post, What’s New in Docker 17.06 Community Edition(CE).
Starting with Version 16.28 of Office for Mac, there are new preference settings that allow you to control settings related to the following:
- Diagnostic data that is collected and sent to Microsoft about Office client software being used.
- Connected experiences that use cloud-based functionality to provide enhanced Office features to you and your users.
In addition, there is a new preference setting related to a Required Data Notice dialog for Microsoft AutoUpdate (MAU).
For more information about diagnostic data and connected experiences, see Overview of privacy controls.
Note
- For information about similar settings for Office on computers running Windows, see Use policy settings to manage privacy controls for Microsoft 365 Apps for enterprise.
- For information about similar settings for Office on iOS devices, see Use preferences to manage privacy controls for Office on iOS devices.
Setting preferences
These new preference settings are CFPreferences API compatible and can be set using the
defaults
command in Terminal, or enforced through a Configuration Profile or Mobile Device Management (MDM) server. When the preferences are enforced, the user cannot change the values, and any in-app controls will appear disabled.Note
You can also use the Office cloud policy service and these 5 policy settings:
- Configure the level of client software diagnostic data sent by Office to Microsoft
- Allow the use of connected experiences in Office that analyze content
- Allow the use of connected experiences in Office that download online content
- Allow the use of additional optional connected experiences in Office
- Allow the use of connected experiences in Office
For more information on using the Office cloud policy service, see Overview of the Office cloud policy service.
Preference setting for diagnostic data
Diagnostic data is used to keep Office secure and up-to-date, detect, diagnose and remediate problems, and also make product improvements. For more information, see Diagnostic data sent from Microsoft 365 Apps for enterprise to Microsoft.
Preference Domain | com.microsoft.office |
Key | DiagnosticDataTypePreference |
Data Type | String |
Possible values | BasicDiagnosticData (this sets the level to Required)FullDiagnosticData (this sets the level to Optional)ZeroDiagnosticData (this sets the level to Neither) |
Availability | 16.28 and later |
Starting with new installations of Version 16.30, if you don't set this preference, only required diagnostic data is sent to Microsoft if users with an Office 365 (or Microsoft 365) subscription are signed in with a work or school account or if users have a volume licensed version of Office 2019 for Mac. Also, these users can't change the level of diagnostic data regardless of how you set this preference.
Note
- If you install Version 16.28 or 16.29 and you don't set this preference, both optional and required diagnostic data is sent to Microsoft. If you then upgrade to Version 16.30 or later, both optional and required diagnostic data is still sent to Microsoft, unless you use this preference to set a different value.
- If you set this preference, it also will apply to Version 1.00.217856 and later of Teams for Mac and to Version 16.28 and later of Skype for Business for Mac.
For other users, such as home users with an Office 365 (or Microsoft 365) subscription, only required diagnostic data is sent, unless the user chooses to also send optional diagnostic data by going to Preferences > Privacy.
Preference setting for connected experiences that analyze your content
Connected experiences that analyze your content are experiences that use your Office content to provide you with design recommendations, editing suggestions, data insights, and similar features. For example, PowerPoint Designer or Researcher in Word. For a list of these connected experiences, see Connected experiences in Office.
Preference Domain | com.microsoft.office |
Key | OfficeExperiencesAnalyzingContentPreference |
Data Type | Boolean |
Possible values | TRUE (enabled)FALSE (disabled) |
Availability | 16.28 and later |
If you don't set this preference, connected experiences that analyze content are available to users.
If the user has an Office 365 (or Microsoft 365) subscription and is signed in with a work or school account or if the user has a volume licensed version of Office 2019 for Mac, then the user can't turn off connected experiences that analyze content.
For other users, such as home users with an Office 365 (or Microsoft 365) subscription, the user can choose to turn off connected experiences that analyze content by going to Preferences > Privacy.
Preference setting for connected experiences that download online content
Connected experiences that download online content are experiences that allow you to search and download online content including templates, images, 3D models, videos, and reference materials to enhance your documents. For example, Office templates or PowerPoint QuickStarter. For a list of these connected experiences, see Connected experiences in Office.
Preference Domain | com.microsoft.office |
Key | OfficeExperiencesDownloadingContentPreference |
Data Type | Boolean |
Possible values | TRUE (enabled)FALSE (disabled) |
Availability | 16.28 and later |
If you don't set this preference, connected experiences that download online content are available to users.
If the user has an Office 365 (or Microsoft 365) subscription and is signed in with a work or school account or if the user has a volume licensed version of Office 2019 for Mac, then the user can't turn off connected experiences that download online content.
Best mac app store apps. For other users, such as home users with an Office 365 (or Microsoft 365) subscription, a user can choose to turn off connected experiences that download online content by going to Preferences > Privacy.
Preference setting for optional connected experiences
In addition to the connected experiences mentioned above, there are some optional connected experiences that you may choose to allow your users to access with their organization account, which is sometimes referred to as a work or school account. For example, the LinkedIn features of the Resume Assistant in Word or the Weather Bar in Outlook, which uses MSN Weather. For more examples, see Overview of optional connected experiences in Office.
Preference Domain | com.microsoft.office |
Key | OptionalConnectedExperiencesPreference |
Data Type | Boolean |
Possible values | TRUE (enabled)FALSE (disabled) |
Availability | 16.28 and later |
If you don't set this preference, optional connected experiences are available to users with an Office 365 (or Microsoft 365) subscription that are signed in with a work or school account or users who have a volume licensed version of Office 2019 for Mac. Unless you have set this preference to
FALSE
, these users can choose to turn off optional connected experiences by going to Preferences > Privacy.For other users, such as home users with an Office 365 (or Microsoft 365) subscription, there isn't an option to turn off optional connected experiences.
Preference setting for most connected experiences
You can use this preference to control whether most connected experiences are available to your users.
Preference Domain | com.microsoft.office |
Key | ConnectedOfficeExperiencesPreference |
Data Type | Boolean |
Possible values | TRUE (enabled)FALSE (disabled) |
Availability | 16.28 and later |
If you don't set this preference, all connected experiences are available to your users, unless you have set one of the other preferences for connected experiences previously mentioned, such as
OfficeExperiencesAnalyzingContentPreference
.For example, if you set this preference to
FALSE
, the following types of connected experiences won't be available to your users:- Experiences that analyze your content
- Experiences that download online content
- Optional connected experiences
In addition, if you set this preference to
FALSE
, most other connected experiences are also turned off, such as co-authoring and online file storage. For a list of these other connected experiences, see Connected experiences in Office.Mac System Preferences Allow App
But even if you set this preference to
FALSE
, limited Office functionality will remain available, such as synching a mailbox in Outlook, and Teams and Skype for Business will continue to work. Essential services, such as the licensing service that confirms that you’re properly licensed to use Office, will also remain available.If the user has an Office 365 (or Microsoft 365) subscription and is signed in with a work or school account or if the user has a volume licensed version of Office 2019 for Mac, then the user can't turn off most connected experiences.
For other users, such as home users with an Office 365 (or Microsoft 365) subscription, a user can choose to turn off most connected experiences by going to Preferences > Privacy.
Preference setting for the Required Data Notice dialog for Microsoft AutoUpdate
The first time Version 4.12 or later of Microsoft AutoUpdate (MAU) is launched, users will see a Required Data Notice dialog which provides them with information about what data from MAU is sent to Microsoft.
If you don't want your users to see this Required Data Notice dialog for Microsoft AutoUpdate, you can set the following preference. Regardless of which value you set, the dialog won't be shown to your users.
Preference Domain | com.microsoft.autoupdate2 |
Key | AcknowledgedDataCollectionPolicy |
Data Type | String |
Possible values | RequiredDataOnly RequiredAndOptionalData |
Availability | 4.12 and later |
If you let your users see this dialog, then when the user chooses OK, the value
RequiredDataOnly
is written to AcknowledgedDataCollectionPolicy
and the dialog is not shown to the user again.