macOS user instructions. ref #158

Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>

README.md

@@ -15,8 +15,7 @@ this benchmark.
 We packaged docker bench as a small container for your convenience. Note that
 this container is being run with a *lot* of privilege -- sharing the host's
 filesystem, pid and network namespaces, due to portions of the benchmark
-applying to the running host. Don't forget to adjust the shared volumes
-according to your operating system, for example it might not use systemd.
+applying to the running host.
 
 The easiest way to run your hosts against the Docker Bench for Security is by
 running our pre-built container:
@@ -34,6 +33,21 @@ docker run -it --net host --pid host --userns host --cap-add audit_control \
     docker/docker-bench-security
 ```
 
+Don't forget to adjust the shared volumes according to your operating system,
+for example `Docker Desktop` on macOS don't have `/usr/lib/systemd` or the above
+Docker binaries.
+
+```sh
+docker run -it --net host --pid host --userns host --cap-add audit_control \
+    -e DOCKER_CONTENT_TRUST=$DOCKER_CONTENT_TRUST \
+    -v /etc:/etc \
+    -v usr/local/bin/
+    -v /var/lib:/var/lib:ro \
+    -v /var/run/docker.sock:/var/run/docker.sock:ro \
+    --label docker_bench_security \
+    docker/docker-bench-security
+```
+
 Docker bench requires Docker 1.13.0 or later in order to run.
 
 Note that when distributions doesn't contain `auditctl`, the audit tests will