Merge pull request #81 from chipmk/fix/docker-context-as-root

fix: resolve docker context when running as root via launchd

Author: gregnr

CONTRIBUTING.md

@@ -57,8 +57,9 @@ Before releasing, verify:
 1. `make build` succeeds
 2. `sudo ./docker-mac-net-connect` starts and creates the tunnel
 3. `./scripts/e2e-test.sh` passes
-4. Stop and restart Docker Desktop - verify the server reconnects automatically
-5. For Homebrew releases: `brew upgrade chipmk/tap/docker-mac-net-connect` and `sudo brew services restart chipmk/tap/docker-mac-net-connect`
+4. Test as root (simulates launchd): `sudo -i $(pwd)/docker-mac-net-connect`
+5. Stop and restart Docker Desktop - verify the server reconnects automatically
+6. For Homebrew releases: `brew upgrade chipmk/tap/docker-mac-net-connect` and `sudo brew services restart chipmk/tap/docker-mac-net-connect`
 
 ## Releases
 

main.go

@@ -9,6 +9,8 @@ import (
 	"net"
 	"os"
 	"os/signal"
+	"os/user"
+	"path/filepath"
 	"strconv"
 	"syscall"
 	"time"
@@ -183,15 +185,39 @@ func main() {
 
 	logger.Verbosef("Interface %s created\n", interfaceName)
 
+	// When running as root (e.g. via launchd), the docker config lives under
+	// the console user's home directory. Set DOCKER_CONFIG so the context
+	// resolver can find it.
+	if os.Getenv("DOCKER_CONFIG") == "" {
+		consoleUser, err := getConsoleUser()
+		if err != nil {
+			logger.Verbosef("Failed to get console user: %v\n", err)
+		} else {
+			u, err := user.Lookup(consoleUser)
+			if err != nil {
+				logger.Verbosef("Failed to lookup user %s: %v\n", consoleUser, err)
+			} else {
+				dockerConfig := filepath.Join(u.HomeDir, ".docker")
+				if err := os.Setenv("DOCKER_CONFIG", dockerConfig); err != nil {
+					logger.Verbosef("Failed to set DOCKER_CONFIG: %v\n", err)
+				} else {
+					logger.Verbosef("Set DOCKER_CONFIG to %s (console user: %s)\n", dockerConfig, consoleUser)
+				}
+			}
+		}
+	}
+
+	var hostOpt client.Opt
 	dockerHost, err := dcontext.CurrentDockerHost()
 	if err != nil {
-		logger.Errorf("Failed to resolve Docker host from context: %v", err)
-		os.Exit(ExitSetupFailed)
+		logger.Verbosef("Failed to resolve Docker host from context: %v, falling back to env/default\n", err)
+		hostOpt = client.FromEnv
+	} else {
+		logger.Verbosef("Using Docker host: %s\n", dockerHost)
+		hostOpt = client.WithHost(dockerHost)
 	}
 
-	logger.Verbosef("Using Docker host: %s\n", dockerHost)
-
-	cli, err := client.NewClientWithOpts(client.WithHost(dockerHost), client.WithAPIVersionNegotiation())
+	cli, err := client.NewClientWithOpts(hostOpt, client.WithAPIVersionNegotiation())
 	if err != nil {
 		logger.Errorf("Failed to create Docker client: %v", err)
 		os.Exit(ExitSetupFailed)
@@ -361,3 +387,24 @@ func setupVm(
 
 	return nil
 }
+
+// getConsoleUser returns the username of the currently logged-in GUI user
+// by checking the owner of /dev/console.
+func getConsoleUser() (string, error) {
+	info, err := os.Stat("/dev/console")
+	if err != nil {
+		return "", fmt.Errorf("stat /dev/console: %w", err)
+	}
+	stat, ok := info.Sys().(*syscall.Stat_t)
+	if !ok {
+		return "", fmt.Errorf("unexpected stat type for /dev/console")
+	}
+	u, err := user.LookupId(strconv.FormatUint(uint64(stat.Uid), 10))
+	if err != nil {
+		return "", fmt.Errorf("lookup uid %d: %w", stat.Uid, err)
+	}
+	if u.Username == "root" {
+		return "", fmt.Errorf("no console user logged in")
+	}
+	return u.Username, nil
+}