Article Details

Apple tries to contain itself with lightweight Linux VMs for macOS. Swift-based containerization framework aims to improve performance and security. Apple on Monday unveiled an open source containerization framework for creating and running Linux container images on the Mac. Software containers combine applications and their dependencies into a single unit that runs in an isolated environment on a host machine. Because they're based on OCI-compliant images, users can run them in a wide variety of server environments and data centers using common orchestration tools like Kubernetes. Developers often choose to use Macs for their stable hardware and solid development environment, but may be writing server-side applications or other apps that run within Linux. For those developers, creating Linux containers allows them to use a Mac but still access the environment they code for. Mac-using devs already have some options for creating Linux containers, including Docker, Podman, Orbstack, and Lima. But Docker and Podman, at least in the past, have not performed particularly well. With its new Apple Containerization framework, Apple aims to provide an open-source framework that takes advantage of its Swift programming language, that's optimized for its Apple Silicon chips, and that minimizes security risks. Instead of creating a single large Linux VM to handle multiple containers, Apple Containerization, with the help of its associated container CLI, creates a separate lightweight virtual machine (VM) for each container. "Clients can create dedicated IP addresses for every container to remove the need for individual port forwarding," Apple’s documentation explains. "Containers achieve sub-second start times using an optimized Linux kernel configuration and a minimal root filesystem with a lightweight init system." The minimal file system promises to help make Apple containers more secure. By excluding most core utilities and dynamic libraries, the resulting containers have a reduced attack surface and should require less maintenance. According to Apple, containers created using its container tool require less memory than full-blown VMs while still booting at speeds comparable to shared VMs. That's the vision anyway. Presently there are some limitations. Apple designed the framework to use features in the as-yet-unreleased macOS 26 Tahoe. Under macOS 15 Sequoia, it's not as capable. (Yes, macOS is going from 15 to 26 - the naming convention is changing from release versions to years.) Plus support for memory ballooning, a way for virtual machines to resize memory, has only been partially implemented. But in the coming months, Apple Containerization could make working with Linux containers a bit easier.