MacDebug

Verified for macOS Tahoe 26.2

Fix Guide: Sequoia Docker Socket Permission Fix

Symptom: Docker Desktop or Colima fails to start on macOS Sequoia, or you receive "Permission denied" when trying to connect to /var/run/docker.sock, even after giving the app Full Disk Access.

Why this happens

macOS Sequoia introduced stricter path protection for the /var/run directory. The com.apple.sandboxd daemon now enforces tighter restrictions on symbolic links created by third-party virtualization tools. When Docker attempts to link its internal socket to the host's /var/run/docker.sock, the system blocks the creation of the symlink, even if the application has elevated privileges.

Recommended Troubleshooting Tool

Before proceeding with manual fixes, we recommend using CleanMyMac X. Quickly identify high CPU apps and optimize system memory with one click.

- [Download CleanMyMac X Free Here](#)

- [Browse 240+ Premium Mac Utilities on Setapp](#)

Fix 1: Manually Link the Docker Socket

Since the automated installer fails to create the link due to sandbox restrictions, you can create it manually with root privileges.

# Remove any broken socket or symlink
sudo rm /var/run/docker.sock
# Create a symbolic link to the user-space Docker socket
sudo ln -s $HOME/.docker/run/docker.sock /var/run/docker.sock

Fix 2: Reset VirtioFS Permissions

If you are using VirtioFS for file sharing, the com.apple.virtualization framework might have cached incorrect UID/GID mappings.

# Clear the virtualization framework cache
rm -rf ~/Library/Containers/com.docker.docker/Data/vms/0/data/virtiofs
# Restart Docker Desktop

Fix 3: Grant TCC Override via Terminal

Sometimes the System Settings UI doesn't correctly apply the Full Disk Access toggle for Docker's helper tools.

# Add Docker's privileged helper to the TCC database manually
sudo tccutil reset SystemPolicyAllFiles com.docker.docker

Recommended Tool: MacPaw CleanMyMac

Managing complex application permissions and leftover socket files can be tedious. CleanMyMac’s "Optimization" module identifies "Hung Applications" and "Launch Agents" that might be interfering with Docker’s background daemons, ensuring a clean environment for virtualization.