macOS Container Machines

437 points by timsneath 4 hours ago | 144 comments

timsneath 3 hours ago |

To clarify a few comments here: this is not only OCI containers: container machines add support for persistence and filesystem mounting, making container machines a great lightweight Linux environment for developers using macOS. More details here: https://developer.apple.com/videos/play/wwdc2026/389

jjtheblunt 3 minutes ago | |

> ... highly integrated Linux environment that works seamlessly on your Mac. ...

Which kernel is running, and is it hosted in hypervisor.framework, as is done with UTM (when not using the qemu mode)?

Onavo 3 hours ago | |

Ah, the Darwin/BSD Subsystem for Linux.

CGamesPlay 3 hours ago | | |

Not quite, it’s still a VM. And while it supports virtio balloon for growing RAM, it doesn’t yet support releasing that RAM back to the host. And there isn’t a convenient way to shrink the sparse disk images as they grow yet, either.

pjmlp 11 minutes ago |

With the BUILD and WWDC 2026 announcements, it is the Year of Linux Containers Desktop.

Which for many folks is good enough for what they are doing, thus the status quo of desktop platforms will hardly change for current form factors.

blahgeek 3 hours ago |

OrbStack works really well for me. I wonder how it’s compared to this performance wise

kdrag0n 3 hours ago | |

(OrbStack dev here.) Instead of Virtualization.framework, we have a custom Rust virtualization stack with custom devices and protocols for things like filesystem sharing. It's a highly optimized vertically integrated stack specifically for running our Linux machines and containers.

Our biggest perf/resource gain is dynamic memory, which reduces memory usage a lot by releasing unused memory back to macOS. Nothing else supports this, including Containerization.

I gave Container Machines a try and it seems to be much closer to OCI containers with a default bind mount than OrbStack machines. It has fewer integrations and doesn't run systemd or any other normal init system, so it's hard to run services.

mescalito 2 hours ago | | |

Super happy orbstack customer. Just curious on your statement:

> I gave Container Machines a try and it seems to be much closer to OCI containers with a default bind mount than OrbStack machines. It has fewer integrations and doesn't run systemd or any other normal init system, so it's hard to run services.

The linked md document says:

> Real Linux services for testing. Run a database or whatever your stack needs as a system service — systemctl start postgresql works on images with systemd installed.

Was that not the case when you used container machines?

d3v1an7 32 minutes ago | | |

just adding a 'hell yeah: orbstack is so good' to the thread. i mainly avoid containers where i can, but when containers need to happen, orbstack is 'just enough' for me. lovely and well considered ui, stable, performant. don't need much else. thank you for your work and care!

egernst 3 hours ago | | |

Thanks for the info kdrag0n! Big fan of OrbStack; good call out on dynamic memory.

If the guest image has /sbin/init, we use that.

We'd recommend using a base image for the guest that includes systemd. ie: https://github.com/apple/container/blob/main/docs/container-...

CGamesPlay 2 hours ago | | |

> Our biggest perf/resource gain is dynamic memory, which reduces memory usage a lot by releasing unused memory back to macOS. Nothing else supports this, including Containerization.

Wow, missed this when reviewing OrbStack. I assumed that you just used Containerization and therefore would have the same limitation.

saltamimi 3 hours ago | | |

I know this is off topic, but I do thank you for your Android work, the idea and elegance of fastboot.js and that SafetyNet workaround trick was truly really cool.

kxxx 3 hours ago | | |

Apple says that `systemctl` is supported... hmm am I missing something?

"Real Linux services for testing. Run a database or whatever your stack needs as a system service — systemctl start postgresql works on images with systemd installed."

trueno 2 hours ago | | |

just dropping in to say orbstack super owns and i use it every day. huge respect to rethinking this experience, for a minute there i thought docker was just going to be the only path. i dont think ive looked back for docker since. orbstack just feels right, and damn its so fast and good with resources, and the UI is just insanely straight forward. props!

TheTaytay 2 hours ago | | |

We love OrbStack too! Thank you for it,

I wanted to make its VM/machine our default secure agent sandbox, but I couldn’t figure out how to isolate this VM from the host properly. This thread prompted me to find the issue though, and I saw this was recently implemented! https://github.com/orbstack/orbstack/issues/169

jhancock 3 hours ago | | |

I’ve been using podman on Mac. It’s been a nice fit as the container build files are identical to what I use on my fedora server. I have noticed my 2 virtual core 4 gb Linode vps runs apps faster in the same container as when run on my MacBook Air M2 16 gb. I expected some performance overhead but didn’t think it would be noticeable as it is. Overall happy with podman. How might OrbStack differ?

blackqueeriroh 1 hour ago | | |

When are y’all gonna support sandboxing? Preferably Docker Sandboxes?

vsgherzi 3 hours ago | | |

I love orbstack, is there any code I could read on the rust side? Seems very interesting

kxxx 3 hours ago | |

I really like OrbStack and am also not sure why I'd use Container Machines over it, at the moment...

emmelaich 2 hours ago | |

I'd like to see a comparison to https://tart.run/ as well.

AFAICT it's pretty similar.

cpuguy83 2 hours ago | |

Not a full docker env, I aimed this as doing builds though you can run dockerd as an option, https://github.com/cpuguy83/crucible uses the containerization framework to run either build kitd or dockerd and wire it up to docker/buildx cli (or whatever client tooling you want to use).

The Containerization framework is a library that sits as a layer on top of the virtualization framework. So each container is its own VM.

Machine is tooling above the containerization framework to run multiple things in a container in a vm.

mpeg 1 hour ago | |

I like orbstack in theory, but I find it hard to justify a $96/yr license fee for something that has so many open source, free alternatives. As it is, I’d rather use podman or colima

WatchDog 3 hours ago |

Do these containers share a common kernel? Or are they each ran in a separate VM?

Edit: It's a VM per container. https://github.com/apple/container/blob/main/docs/technical-...

cogman10 2 hours ago |

Is there any reason why macOS doesn't try a WSL1 style approach? I get why that didn't fully work out for windows, but it seems like macOS being another *nix would make a lot of what was hard for windows, easy for mac. It seems like it should be possible to run most linux applications natively on macOS with few additional new APIs.

BSD actually has this already.

twoodfin 2 hours ago | |

What would be the advantages over a VM infrastructure Apple needs anyway and that has a much simpler, more stable “ABI” compared to the Linux kernel?

cogman10 2 hours ago | | |

Potentially faster application execution along much lower memory requirements. In the case of docker, even a possibility of shared library loading further reducing runtime costs (For example, containers based on the same base image could load glibc into memory only once).

There's also simply the possibility of using linux software directly in macos without doing OS dependent changes to the software.

jaimehrubiks 3 hours ago |

Will this be able to replace docker desktop an equivalents, removing the expensive Linux VM that runs alongside them?

usernametaken29 3 hours ago | |

My first thought as well, docker desktop overhead is pretty bad, would be awesome to see this land natively in DD. By my estimate this could happen, seeing as Docker has historically tried to improve performance but quickly had to accept platform limitations… would only be natural to settle DD over to containers

deathanatos 3 hours ago | | |

Well, you can avoid the Docker Desktop tax by not running Docker Desktop. colima is a perfectly usable implementation of Docker for macOS, without the bloat of Docker Desktop.

That said, colima still has the expensive VM that upthread is mentioning.

thejazzman 3 hours ago | |

It mostly removes the big shared background VM and replaces it with smaller, more isolated Apple-native VMs.

I did an experiment migrating my Podman workload to Apple's container @ https://gist.github.com/jmonster/39e14585e107dbf990a90966c0f...

TL;DR reduces ram/storage usage; minimizes it's existence

nozzlegear 2 hours ago | | |

Nice, thanks for this. My plan is to swap over to Apple's containers for local dev, and keep using podman quadlets in production.

deathanatos 3 hours ago | | |

How does that work, realistically?

> Memory defaults to half of host memory

That's the most expensive part of the whole transaction, b/c AFAIK, RAM is then dedicated to the VM. It can be swapped out, I suppose, but that's not great.

lostlogin 3 hours ago | |

Others here mention it and I’m a new convert to Colima.

The pain of working around Docker Desktop is bad.

trollbridge 3 hours ago | |

That sure would be nice. I seem to rm -rf ~/.colima every few days.

noobcoder 1 hour ago |

The costs are startup time and image compatibility: dockerhub images don't work as machine images because container machine expects systemd

I am trying it on but its brekaing on homebrew 1.0.0. The formula puts plugins at opt/container/libexec/container-plugins/ and the apiserver looks in libexec/container/plugins/

This can be solved through a symlink or smth

vachanmn123 1 hour ago |

Could this allow us to use proton on mac maybe?

xd1936 37 minutes ago | |

This is hilarious. Next year, the PC gamers will be saying "The best Windows gaming experience is win32 on Linux on macOS Containers".

aurareturn 20 minutes ago | | |

The fastest (Geekbench 6) Windows laptop in the world is actually an M5 Max Macbook running Parallels running Windows.

Gigachad 27 minutes ago | | |

I mean at this point literally anything works better than Windows.

llimllib 3 hours ago |

Is this new? I thought we had this already

In my testing (iirc) filesystem performance was not good enough to be usable with node/rust dev where lots of small files get stat-ed

update: what's new is the `container machine` subcommand. I went to test it out, but container failed to run at all for me: https://github.com/apple/container/issues/1681

kdrag0n 2 hours ago | |

Curious if you've tried OrbStack? There's always more work to do (test workloads appreciated!) but we've put a lot of effort into optimizing for small files and other common developer workloads in OrbStack's customized filesystem sharing protocol (not standard virtiofs).

ahknight 2 hours ago | |

Podman is on macOS, FWIW. Uses the existing container framework to run the machine already. Root-full or not.

osigurdson 2 hours ago |

I'm surprised they cared enough to do this. I'd still rather use Linux but MacBook value is incredible.

marssaxman 2 hours ago | |

I'd always rather use Linux, but sometimes your employer gives you a MacBook. I might use this tool.

CSDude 23 minutes ago |

I know its not going to be there but wish we had Windows as well.

mkagenius 1 hour ago |

Apple containers are great for providing a sandbox to your AI coding agents

I have made it a MCP so that it's easily discoverable by all the coding agents

https://github.com/instavm/coderunner

rickstanley 2 hours ago |

I was wondering if it's possible to have the container volume change to, say, an external drive. I currently use QMEU with qcow2 images to achieve this, works well enough.

numbsafari 3 hours ago |

Wouldn’t it be nice if services like Codespaces or Coder or Gitlab would allow you to target running on their hosted/integrated platform, or let you launch that same container completely locally? Sometimes I wanna take my “remote” dev environment off-line but still benefit from the integrated UX.

RossBencina 2 hours ago | |

This exists. It's called devcontainers and there is a cli for managing it locally.

https://github.com/devcontainers/ https://containers.dev/

CGamesPlay 3 hours ago | |

If you can express that operation in Terraform, then Coder would let you do that. First problems I can think of are connectivity from the Coder provisioner to your local machine (Tailscale? Local?), and migrating disk images if you want to actually switch a workspace between environments (local provisioner could do this, but no matter what it’ll be slow and janky).

jayd16 2 hours ago | |

Maybe I don't understand but why doesn't Gitlabs self hosted setup work?

Joyfield 2 hours ago |

We have WSL at home.

0xbadcafebee 2 hours ago |

Anyone know why you would use this instead of QEMU+Lima+Colima+Docker/containerd? The latter works on multiple OSes, has a very large ecosystem of tools, images, documentation, and lets you replace pieces as needed

m132 2 hours ago |

Every time I see Apple flaunting Linux containers I can hardly consider it as anything but admitting defeat. It could easily be Darwin, if they still had the capacity.

TheDong 1 hour ago | |

Apple set itself up for defeat in the server and developer marketplace as soon as they decided macOS was proprietary code.

Why would any serious developer use closed-source code they can't debug and modify? Especially for a production server?

It's the same reason no serious developers or hackers use macOS, like part of the point of being a developer is being able to dig into the code at any layer and debug and fix things.

m132 1 hour ago | | |

OpenDarwin was a thing at one point, with mailing lists and other infrastructure hosted by Apple.

That being said, my point isn't that Apple should absolutely focus on making a server OS again. It just saddens me how far behind macOS has fallen as they stopped caring about the fundamentals; back in the day, it would be Linux trailing behind macOS. Nowadays, you can't even have multiple routing tables on the latter, the firewall code was probably last updated in Snow Leopard, and what Apple happily shows off on WWDC is a wrapper around Linux. Something functionally equal can be cobbled up together by anyone sufficiently experienced in minutes, using just Bash, OpenSSH, and QEMU.

I really wish macOS would let me have a similar level of control over applications as Linux with namespaces, without me having to do all the heavy lifting.

vehemenz 1 hour ago | | |

No offense, but serious developers don’t think this way at all.

groundzeros2015 2 hours ago | |

Just change 30 years of internet history

al_borland 1 hour ago | | |

For what it's worth, the first web server was a NeXTcube, and NeXTSTEP was the foundation of macOS.

tw04 2 hours ago | |

What is the alternative? They gave up the server market a decade ago and before that they barely actually supported it.

If they were to support darwin containers, what would be the point? Literally nobody would build to it, Linux won.

riffic 2 hours ago | | |

> Literally nobody would build to it

because nobody does ci/cd against macOS or iOS apps right?

a1o 3 hours ago |

With colima I can run AMD64 (x86) Linux containers in my Arm64 too. I think this is strictly for Arm64 Linux VMs, or is there some way to run x86 with this too?

frizlab 3 hours ago | |

Rosetta should be supported

whycombinetor 12 minutes ago | | |

Not for long!

ChrisArchitect 3 hours ago |

WWDC presentation video:

Discover container machines

https://developer.apple.com/videos/play/wwdc2026/389/

commandersaki 3 hours ago |

Would be cool if you can redirect USB devices to the VM.

kdrag0n 3 hours ago | |

We just released this in OrbStack :) https://docs.orbstack.dev/features/usb

Blog post soon

blackqueeriroh 1 hour ago | | |

What happened to Orbstack for like 9 months until earlier this year? Suddenly everything went silent for a bit and I was pretty concerned. Glad y’all are back!!!!

calebm 1 hour ago | | |

Thank you for sharing this - I looked into OrbStack a few months ago, and this was the reason I didn't use it (as my primary purpose was to have an external wifi adapter for wifi pwnage).

commandersaki 2 hours ago | | |

Yeah I find this useful for redirecting storage/sdcard*, so you can format linux filesystems or use other tools.

* need a usb sdcard reader for macbook pro cause the builtin is not usb)

rgovostes 1 hour ago | |

I've successfully tinkered with USB/IP with Apple containers, but it does require loading a custom kernel (which they make pretty easy, thankfully). On the host side, macOS also doesn't make it easy to unload a driver that attaches automatically.

egernst 3 hours ago | |

Agreed! There's some good improvements around Accessory Access in virtualization framework this year also - checkout: https://developer.apple.com/videos/play/wwdc2026/224/?time=2...

commandersaki 2 hours ago | | |

I wonder if the custom virtio can be used to support attaching the built-in sdcard readers on macs which aren't exposed as usb.

namegulf 3 hours ago |

Would be nice if they also support Intel based macs, what prevents?

MBCook 3 hours ago | |

Apple won’t support them with MacOS 27, and it seems they announced this tool as part of this year’s WWDC.

Basically: they’ve moved on.

danhon 3 hours ago | |

Allocation of a finite amount of engineering resources.

joshuat 3 hours ago | | |

And a legitimate business interest to further incentivize the adoption of Apple Silicon devices. Same with Rosetta deprecation after macOS 27.

gigatexal 1 hour ago |

I saw the video on this this is distrobox basically for Mac. It’s very cool. Seamless with your local files and the container. I’m very keen to try it.

sachinjoseph 3 hours ago |

WSL-like implementation on macOS?

t1234s 2 hours ago |

Is this similar to what cygwin was for windows? Could this be an alternative to homebrew?

michaelsbradley 2 hours ago |

Can macOS be run as a container machine on macOS?

blackqueeriroh 1 hour ago | |

Yes

MBCook 1 hour ago | | |

Yep. For a few years. And they keep enhancing it too.

It’s the only legal way to do so, due to the software license on MacOS.

xiaodai 1 hour ago |

so basically dockers

riffic 3 hours ago |

darwin containers when?

m463 3 hours ago |

looks like apple wrote a native docker in swift

you can now run linux containers on your mac

... but it could be better.

what about (totally contrived):

  FROM apple/macos:10.11.6

  RUN xcodebuild -project myapp.xcodeproj -scheme MyScheme -configuration Release

trollbridge 3 hours ago | |

Close - but it would be more like this:

  services:
    macos:
      image: dockurr/macos
      container_name: macos
      environment:
        VERSION: "15"

(And indecently slow.)

webXL 3 hours ago | |

Nice, but expect to page through a few pages of ToS during the build

m463 3 hours ago | | |

lol

  ENV XCODE_FRONTEND=unattended
  ENV XCODE_LICENSES=accept,firstborn,applepay,appleid=sjobs@me.com

windowliker 3 hours ago | |

It would be wonderful if this ran on older versions of macOS, but according to the README they only support 26.

m463 1 hour ago | | |

you do not understand... Not run on, run IN :)

I'm saying the older version of macos could build/run INSIDE the container

just like on a ubuntu 24.04 system you can do:

  FROM ubuntu:16.04

  docker run ubuntu:16.04

and though I haven't tried it, I believe docker can do arm in x86 using an emulator (like rosetta)

jadar 3 hours ago | |

i wish!

jwlake 2 hours ago |

haven't we had hypervisor.framework for like years now?

Barbing 3 hours ago |

I found it hard to believe I didn’t have a simple way of staying safe by installing an arbitrary application in a sandbox on macOS. (Restoring using Time Machine doesn’t count! :) )

This is a step in the right direction but requires any given developer’s buy-in first, right?