Apple announced, at WWDC 2025, Containerization and Container CLI, a tool to create and run Linux containers as lightweight virtual machines on Mac. This is a significant shift in how developers can run Linux containers on macOS because this new open-source containerization framework eliminates the need for third-party tools like Docker. The Swift-based framework provides native Linux container support directly within macOS 26, marking Apple’s entry into the containerization space with a focus on security, performance, and privacy.
Unlike traditional containerization solutions that run multiple containers within a single large virtual machine, Apple’s approach runs each Linux container inside its lightweight virtual machine. This architecture provides several key advantages:
- Enhanced Security: Each container receives the same level of isolation as a full virtual machine, significantly reducing the attack surface. The minimal filesystem contains no core utilities, dynamic libraries, or libc implementation, further minimizing security risks.
- Dedicated Resources: Every container gets its IP address, eliminating the need for port forwarding and providing performant network access. CPU and memory resources are allocated per container, with no resource consumption when containers aren’t running.
- Privacy by Design: Directory and file sharing occurs on a per-container basis, ensuring only the requesting container has access to shared content, rather than exposing it to all containers in a shared VM.
The Containerization framework leverages Swift extensively, including a custom init system called vminitd written entirely in Swift. This init system runs as the first process inside each virtual machine and handles:
- IP address assignment to network interfaces
- Filesystem mounting, including the container’s block device
- Process launching and supervision
- API management for host-container communication
To achieve this in an environment without standard libraries, Apple uses Swift’s Static Linux SDK to cross-compile static Linux binaries directly from macOS, combined with musl for static linking support.
Despite running each container in its own VM, Apple claims sub-second startup times through several optimizations:
- Optimized Linux Kernel: A custom kernel configuration specifically designed for containerization workloads
- EXT4 Block Devices: Container filesystems are exposed as formatted EXT4 block devices for performant access
- Apple Silicon Optimization: The entire stack is optimized for Apple’s custom silicon architecture
Apple provides both a framework for developers building containerization solutions and a command-line tool for immediate use. The container CLI tool offers familiar Docker-like commands:
# Pull an image
container image pull alpine:latest
# Run an interactive container
container run -t -i alpine:latest sh
The tool provides XPC services for storage, image management, network services, and container runtime management, all built using the Containerization APIs.
Apple has released both the Containerization framework and the container CLI tool as open-source projects on GitHub. The repositories include:
- Complete source code for the framework and tools
- Example projects demonstrating integration
- Technical documentation and architectural overviews
- Cross-platform Swift packages used in vminitd
Apple’s entry into containerization joins an established ecosystem of open-source alternatives to Docker that have gained significant traction recently. Podman, developed by Red Hat, stands as the most prominent Docker alternative, offering OCI-compliant container management with a daemonless architecture that eliminates the need for root privileges. This rootless operation provides enhanced security benefits, making Podman particularly attractive for environments where security is paramount. Other notable solutions include containerd, which serves as a low-level container runtime used by Kubernetes, and Buildah, which specializes in building container images without requiring a full container runtime. Tools like LXD focus on system containers rather than application containers, while solutions like Rancher Desktop provide user-friendly graphical interfaces for container management. Apple’s unique approach of running each container in its own lightweight virtual machine distinguishes it from these existing solutions, which typically rely on shared kernel containerization technologies like cgroups and namespaces.
The Containerization framework and container CLI will be available with macOS 26, with the open-source components immediately accessible on GitHub. Developers can explore the framework, contribute to its development, and begin building solutions that integrate Linux containers natively on macOS.
