Apple containers

A quick play with virtualized containers on MacOS

Aug 15, 2025

I had a quick go at long last with Apple container. It will shortly be upgraded with the arrival of MacOS 26, but is functional enough on Sequoia to give a quick try out (though not supported). It combines a container workflow for easy use, integration with the virtualization APIs for strong isolation, with high performance. Notably it achieves sub-second startup, while supporting standard OCI compatible images, registries, and various commands for controlling containers. There is more detail on the page for the Swift API implementation [APPLE-CONTAINERIZATION] - optimized Kata Containers [KATA-CONTAINERS] and a specialized init system for managing the VM-container are two of the key components.

Apple publishes signed installers for the command line tool on their GitHub, along with setup steps [APPLE-CONTAINER-CLI].

container system start

Will prompt you to pick a kernel image to use, with a recommended default Kata Containers release. Then you can just run a container (the docker.io registry comes pre-configured):

container run -it --rm ubuntu:24.04 bash
root@d848e89e-bfe9-4759-b863-b3f39da2c331:/#

The commands will be very familiar since they match docker and compatible systems, with restrictions.

For an unprivileged user, use --user ubuntu:ubuntu or manually drop privileges. It seems --group-add isn't supported.

To set up a shared folder from the host is very simple:

container run -it --rm -v ${HOME}/dev/for_container:/home/ubuntu/share ubuntu:24.04 bash
root@d848e89e-bfe9-4759-b863-b3f39da2c331:/# su - ubuntu
ubuntu@d848e89e-bfe9-4759-b863-b3f39da2c331:~$ ls
share

Great if you want to edit a file in an IDE and then run commands on Linux in an isolated environment locally. Startup is really fast, fast enough to run one-shot commands or scripts in new containers, even though a VM is being created.

Dockerfile infrastructure is available for building local images. For example for running python with dependencies using uv [UV]:

FROM docker.io/ubuntu:24.04
RUN apt update && apt install -y curl
USER ubuntu
RUN curl -LsSf https://astral.sh/uv/install.sh | sh
RUN /home/ubuntu/.local/bin/uv python install

Build the image:

container build --tag uv-test --file Dockerfile .

Now we have a python runtime ready for use. Launch a container from the new image and run code:

container run -it --rm uv-test bash
ubuntu@dd45c97c-7790-4d40-b28f-a3c920ce78af:/$ uv run python -c "print('hello')"
hello

All in a completely new container, with VM isolation!

As you'd expect, you also can restrict the VM's CPU and memory usage and you can publish network services from the VM like with docker. I've not played with the more complex network setup which will be fully supported on 26. On M3 and newer you can even do nested virtualization.

[APPLE-CONTAINER] https://github.com/apple/container

[APPLE-CONTAINERIZATION] https://github.com/apple/containerization

[KATA-CONTAINERS] https://github.com/kata-containers/kata-containers

[UV] https://docs.astral.sh/uv/

Discussion about this post

Ready for more?