As part of its WWDC announcements, Apple has unveiled Containerization, which uses macOS’ virtualisation framework to run Linux containers on Apple Silicon Macs.
Containerization executes each Linux container inside of its own lightweight virtual machine. Clients can create dedicated IP addresses for every container to remove the need for individual port forwarding. Containers achieve sub-second start times using an optimized Linux kernel configuration and a minimal root filesystem with a lightweight init system.
vminitd is a small init system, which is a subproject within Containerization.
↫ Containerization GitHub pagevminitdis spawned as the initial process inside of the virtual machine and provides a GRPC API over vsock. The API allows the runtime environment to be configured and containerized processes to be launched.vminitdprovides I/O, signals, and events to the calling process when a process is ran.
Alongside this new tool, Apple also released container, which creates and runs OCI-compliant container images. Yes, both of these names are horribly generic and are definitely going to lead to confusion in online discussions and writing, but the tools themselves seem quite nice. People stuck on macOS who need to do Linux work can now easily get their work done on macOS – if you’re okay with using Electron for developers, of course, which is what containers really are.
Clearly, nobody can ignore Linux, not even Apple or Microsoft.
So both Apple and Microsoft are Linux distributors now.
Very interesting that these tools are Open Source (Apache 2.0). I am somewhat fascinated that they are written in Swift as well. They do look well done though. Not a great day for Docker.
It is both obvious that you can build containers with these tools that will run on any Linux machine and at the same time surprising that “container build’ uses regular Dockerfile inputs and builds compliant OCI images that can be used natively with Podman or Kubernetes.
I really do not follow this sentence though: “if you’re okay with using Electron for developers, of course, which is what containers really are.” I just legit do not understand what this is trying to say.
Agreed, that sentence about Electron doesn’t make much sense, I guess Thom is making the parallel that you’re running something “not native” on top of the OS, but that’s about as far as it goes. Electron is a wrapper around Chromium + Node.js to allow using web technologies to build apps, while this is a virtualization platform that lets you run Linux essentially *natively* in a VM – not all that much similarity there.
@Moochman
That makes sense. On Linux at least, OCI containers are completely native though. They are just regular processes that we have asked to kernel to lie to about what the rest of the system looks like. They are more of a spruced-up chroot.
Since OCI containers run directly on the host kernel, you need a Linux kernel for them to run on. So, on macOS and Windows, you need to run a stripped down Linux VM for the container to run in. I guess the Electron comment makes more sense if you are referring to the VM but that is not actually what containers are.
The other thing that confused me is that Electron is for developers. So, “Electron for developers” would be Electron.
This is a direct play by apple to supplant Docker.
Since their changes to their pricing model they moved from tool to competition.
Redhat haven’t manged it with Podman, but apple have a loyal developer base that will bake it into their ecosystem.
Wait a decade and apps will be “Containerization” apps.
I doubt it will supplant Docker much, except perhaps for small-scale, Apple-only developers for whom container-based web services are just a small piece of the Apple-focused puzzle. In a way, this seems more like a technical showcase for macOS 26’s new virtualization features, than an actual Docker competitor.
Any mixed-OS development team will probably continue using Docker (or similar), since there doesn’t seem to be a huge benefit in not doing so — especially considering that I expect Docker will move to incorporate macOS’s new virtualization features within the next year or so. At that point, any advantages that these Apple projects have over Docker will be pretty much moot.
The Apple tooling might also be CLI only, so Apple is leaving GUI frontends to others, like how they haven’t built a front end for the hypervisor framework. >:(
The writing was on the wall when K8s won and Docker formats became open standards.
At this point, MS should buy Docker and combine it with GitHub.
Is that something like “Windows Sybsystem for Linux (WSL)” for macOS ?
Build your programs in Linux. Then they’ll run on Windows and macOS. 🙂
Kind of like WSL2. It takes advantage of the hypervisor framework macOS has shipped for a while.
Most Linux containers on macOS solutions create a Linux VM then run the containers on top of the VM. I think most of them use qemu, at least Podman Desktop does, and this would be a native replacement for qemu.
But if it can’t run GUI applications like WSLg it is not very useful to me.
Would be superb if normal Linux binary X11 applications would be able to interface with MacOS XQuartz for the GUI.
It’s too bad macOS containers aren’t supported. I’d really like them to run builds on and isolate things like pkgsrc or macports.
Flatland_Spider,
I think there is only an API for that:
https://developer.apple.com/documentation/virtualization/installing-macos-on-a-virtual-machine
I’m not sure how this will translate to CLI tools, but in theory a Python binding can be used to quickly bring up Mac (or even Linux) vms.
That project mentioned here could be a good starting point (I have not looked at the code, but I assume they would use these APIs).
I’m sure you’re correct. That’s probably the way the VM applications on macOS support macOS VMs.
I real containers though. Supercharged chroot, macOS on macos baremetal. XD
You can already run Linux on UTM (or some other VM) using Apple Virtualization, which is much better than “plain QEMU”. You’ll have a very lightweight VM with no noticeable impact on your laptop’s resources. It is fascinating that you can now have, for example, your own virtual router with OpenWRT which costs in CPU and RAM less than a Chrome tab.
And it has nothing to do with Electron, thank you.