English
中文
Deutsch
HomeArticle

Apple Containerization provides native Linux container support for macOS.

极客邦科技InfoQ2025-06-17 19:52
Apple releases a native Linux container tool for Mac, an open - source alternative to Docker.

Apple introduced Containerization and Container CLI at the 2025 Worldwide Developers Conference (WWDC). These are tools for creating and running Linux containers on Mac in the form of lightweight virtual machines. This represents a significant shift in the way developers run Linux containers on macOS, as this new open - source containerization framework eliminates the need for third - party tools like Docker. This Swift - based framework will provide native Linux container support directly in macOS 26, marking Apple's entry into the containerization field with a focus on security, performance, and privacy.

Different from traditional containerization solutions that run multiple containers in a single large virtual machine, Apple's approach is to run each Linux container in a lightweight virtual machine. This architecture offers several key advantages:

Enhanced Security: Each container achieves the same level of isolation as a full - fledged virtual machine, significantly reducing the attack surface. The minimal file system doesn't include core utilities, dynamic libraries, or libc implementations, further reducing security risks.

Dedicated Resources: Each container has its own IP address, eliminating the need for port forwarding and providing high - performance network access. CPU and memory resources are allocated per container and are not consumed when the container is not running.

Privacy by Design: Directory and file sharing are done on a per - container basis, ensuring that only the requesting container can access the shared content, rather than exposing it to all containers in the shared virtual machine.

The Containerization framework makes extensive use of Swift, including a custom initialization system vminitd written entirely in Swift. This initialization system runs as the first process in each virtual machine and handles the following tasks:

  • IP address assignment for network interfaces
  • File system mounting, including the container's block device
  • Process startup and supervision
  • API management for host - container communication

To achieve this in an environment without a standard library, Apple uses Swift's static Linux SDK to cross - compile static Linux binaries directly from macOS, combined with musl to provide static linking support.

Although each container runs in its own virtual machine, Apple claims to have achieved sub - second startup times through multiple optimizations:

Optimized Linux Kernel: A custom kernel configuration specifically designed for containerized workloads

EXT4 Block Device: The container file system is exposed as a formatted EXT4 block device for high - performance access

Apple Silicon Optimization: The entire technology stack is optimized for Apple's custom silicon architecture

Apple provides a framework for developers building containerization solutions and a command - line tool for immediate use. The container CLI tool offers familiar Docker - like commands:

The tool provides XPC services for storage, image management, network services, and container runtime management, all built using the Containerization API.

Apple has released the Containerization framework and the container CLI tool as open - source projects on GitHub. The code repository includes:

  • The full source code of the framework and tools
  • Sample projects demonstrating integration
  • Technical documentation and an overview of the architecture
  • Cross - platform Swift packages used in vminitd

Apple's entry into the containerization field places it in an established open - source ecosystem of Docker alternatives, which have recently gained significant attention. Podman, developed by Red Hat, is the most well - known Docker alternative. It provides OCI - compliant container management with a daemonless architecture, eliminating the need for root privileges. This rootless operation offers enhanced security, making Podman particularly attractive in environments where security is crucial. Other notable solutions include containerd, which serves as the underlying container runtime used by Kubernetes, and Buildah, which is specifically designed for building container images without the need for a full container runtime. Tools like LXD focus on system containers rather than application containers, while solutions like Rancher Desktop provide a user - friendly graphical interface for container management. Apple's unique approach of running each container in its own lightweight virtual machine differentiates it from these existing solutions, which typically rely on shared - kernel containerization technologies such as cgroups and namespaces.

The Containerization framework and containerCLI will be available with macOS 26, and the open - source components are immediately available on GitHub. Developers can explore the framework, contribute to its development, and start building solutions that natively integrate Linux containers on macOS.

View the English original article:

Apple Containerization a Native Linux Container Support for macOS(https://www.infoq.com/news/2025/06/apple-container-linux/)

This article is from the WeChat official account “InfoQ” (ID: infoqchina), written by Claudio Masolo and published by 36Kr with authorization.

该文观点仅代表作者本人,36氪平台仅提供信息存储空间服务。

For media inquiries, interview requests, business collaboration and Recruit global ecological partners, please contact mohaiying@36kr.com.
Partner:startuprad.io

36kr Europe (eu.36kr.com) delivers global business and markets news, data, analysis, and video to the world, dedicated to building value and providing business service for companies’ global expansion.

© 2024 36kr.com. All rights reserved.