From 2997d39962b433a74625578ffdaca8d1c4ba4aa8 Mon Sep 17 00:00:00 2001 From: mickael emirkanian Date: Thu, 25 Jun 2026 15:52:39 -0400 Subject: [PATCH 1/2] desktop: document docker backend helper --- .../setup/install/mac-permission-requirements.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/content/manuals/desktop/setup/install/mac-permission-requirements.md b/content/manuals/desktop/setup/install/mac-permission-requirements.md index 4f08136c65de..453864c38127 100644 --- a/content/manuals/desktop/setup/install/mac-permission-requirements.md +++ b/content/manuals/desktop/setup/install/mac-permission-requirements.md @@ -90,6 +90,17 @@ $ rm /Library/LaunchDaemons/com.docker.vmnetd.plist $ rm /Library/PrivilegedHelperTools/com.docker.vmnetd ``` +## Backend helper socket + +Aside from the optional [privileged helper](#privileged-helper), the Docker +Desktop backend process (`com.docker.backend`) uses an internal helper socket +(`~/Library/Containers/com.docker.docker/Data/forkexecd.sock`) to fork and execute +helper processes as part of running Docker Desktop. + +Unlike the privileged helper, this socket does not run as `root` and grants no +elevated privileges: it is owned by, and accessible only to, the same macOS user +running Docker Desktop, and it is contained in Docker Desktop's application container. + ## Containers running as root within the Linux VM With Docker Desktop, the Docker daemon and containers run in a lightweight Linux From 4c86fae24d4629b946f32ccd232de1d98719cf9a Mon Sep 17 00:00:00 2001 From: Allie Sadler <102604716+aevesdocker@users.noreply.github.com> Date: Fri, 26 Jun 2026 11:06:07 +0100 Subject: [PATCH 2/2] Apply suggestions from code review Co-authored-by: Allie Sadler <102604716+aevesdocker@users.noreply.github.com> --- .../desktop/setup/install/mac-permission-requirements.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/manuals/desktop/setup/install/mac-permission-requirements.md b/content/manuals/desktop/setup/install/mac-permission-requirements.md index 453864c38127..34bc7d7e2ff8 100644 --- a/content/manuals/desktop/setup/install/mac-permission-requirements.md +++ b/content/manuals/desktop/setup/install/mac-permission-requirements.md @@ -98,8 +98,8 @@ Desktop backend process (`com.docker.backend`) uses an internal helper socket helper processes as part of running Docker Desktop. Unlike the privileged helper, this socket does not run as `root` and grants no -elevated privileges: it is owned by, and accessible only to, the same macOS user -running Docker Desktop, and it is contained in Docker Desktop's application container. +elevated privileges. It is owned by, and accessible only to, the same macOS user +running Docker Desktop, and is contained in Docker Desktop's application container. ## Containers running as root within the Linux VM