To clarify a few comments here: this is not only OCI containers: container machines add support for persistence and filesystem mounting, making container machines a great lightweight Linux environment for developers using macOS. More details here: https://developer.apple.com/videos/play/wwdc2026/389
show comments
jlhawn
Michael Crosby wrote this! He's a long-time maintainer of Docker, Containerd, and more! He was Docker's first to receive the 'Distinguished Engineer' Title. This means a lot coming from him.
golem14
I belong to a rare breed of very opportunistic hobby-developers that like to use MacOS but also like to use linux machines or BSDs (rpi etc) sometimes.
I can create docker-images with docker compose, or use something like colima, which this seems to be close to (that should have some advantages over docker, although my hope of circumventing W^X page protection did not pan out).
I was perplexed that the repository does not put these container machines in context. The seem to be close to colima? When should I use which option (docker, collima, container machines ?)
Maybe others wonder too but are ashamed to ask. I have no shame ;)
Thanks for any pointers
show comments
qalmakka
This is all fine and dandy, but where are the native Darwin Jails Apple? Still scared that people will filling whole rooms of Mac Minis if you allow them to have multiple macOS containers and not only up to two fat VMs per machine?
show comments
blahgeek
OrbStack works really well for me. I wonder how it’s compared to this performance wise
show comments
kenanfyi
I don‘t understand why these tools always advertise about mounting the $HOME inside the container. Isn‘t it better to have a complete isolation? Isn‘t that the point of using such a thing?
show comments
WatchDog
Do these containers share a common kernel? Or are they each ran in a separate VM?
Feels like the spiritual successor to sandbox-exec, but with VM-level isolation.
show comments
kstenerud
This is awesome! I just added this as a backend for yoloAI on Mac, and wow... super fast startup times now!
jaimehrubiks
Will this be able to replace docker desktop an equivalents, removing the expensive Linux VM that runs alongside them?
show comments
cromka
So essentially both macOS and Windows now heavily support developing using Linux on them. They can't more openly admit that they are no match for Linux in that area.
There's some clever advertising in it for Linux, if Linux was advertising.
show comments
0xbadcafebee
Anyone know why you would use this instead of QEMU+Lima+Colima+Docker/containerd? The latter works on multiple OSes, has a very large ecosystem of tools, images, documentation, and lets you replace pieces as needed
show comments
mkagenius
Apple containers are great for providing a sandbox to your AI coding agents
I have made it a MCP so that it's easily discoverable by all the coding agents
It's funny that the system config page (https://github.com/apple/container/blob/main/docs/container-...) lists pebibytes for RAM configurations... in this day and age where buying a 16GB stick for workstation would cause me to eat instant ramen for a couple of months because my dentist needs an LLM chatbot on their page to stay competitive!
UX wise it looks kinda neat though!
show comments
thedougd
I still can’t use Containers because of a broken DNS implementation. I suppose I could manually set the DNS as I switch on and off VPN, but I don’t have to with Finch, Podman, or Docker Desktop.
yeswecatan
How would I replace docker compose containing multiple services that communicate with each other with this? Seems cool for an individual service.
llimllib
Is this new? I thought we had this already
In my testing (iirc) filesystem performance was not good enough to be usable with node/rust dev where lots of small files get stat-ed
Just to clarify, this requires Mac OS 26 Tahoe for "container" doesn't it? So those of us holding out on Sequoia who can't stand the broken glass UI or what's called and the other undesired features need to stick to Docker desktop.
show comments
noobcoder
The costs are startup time and image compatibility: dockerhub images don't work as machine images because container machine expects systemd
I am trying it on but its brekaing on homebrew 1.0.0. The formula puts plugins at opt/container/libexec/container-plugins/ and the apiserver looks in libexec/container/plugins/
This can be solved through a symlink or smth
show comments
emulio
This appears to be an LXC-style alternative for macOS; however, unlike native LXC on Linux, this tool relies on VMs. While Docker and Podman also utilize a VM on macOS, they offer the advantage of the Docker Compose format. In my view, the ability to use YAML for declarative configuration is the most critical feature for any container tool. I have nothing against CLI tools in general, but I prefer avoiding repetitive manual commands that could be easily automated via Docker Compose or Kubernetes manifests.
show comments
cogman10
Is there any reason why macOS doesn't try a WSL1 style approach? I get why that didn't fully work out for windows, but it seems like macOS being another *nix would make a lot of what was hard for windows, easy for mac. It seems like it should be possible to run most linux applications natively on macOS with few additional new APIs.
BSD actually has this already.
show comments
solenoid0937
They shouldn't bury the details about how the containerization actually works.
bicepjai
So are there any benchmarks that compare all containers / docker / Lima / Colima / virtual box / VMware / orbstack and others ?
However, unlike Lima, an Apple Container is not a full VM, so you cannot SSH to it, or forward SSH-agent signatures into a machine.
So it's more of a devcontainer story, which is also a great use case. Nice to see Apple creating tooling around their VZ framework.
Edit: referential clarity.
show comments
osigurdson
I'm surprised they cared enough to do this. I'd still rather use Linux but MacBook value is incredible.
show comments
jzer0cool
In the intro it mentions automatically mapping user and home dir. So host files accessible the container. Any settings to control this?
LaFolle
Python binary wheels now have to be built for aarch64 for them to work inside the container, unless they are built using the corresponding build system while installing. It is not common for python binary libs to publish arm64 binary wheels, as most often they target amd64.
show comments
exabrial
Handy for sure!
In production though, I've moved completely to systemd isolation of apps, rather than Docker-like containers; essentially blackboxes and present a supply chain threat. There's also a DRY principle here. Verification of a host presents a much smaller surface area.
show comments
Joyfield
We have WSL at home.
k_bx
Most of my team's development happens on beefy desktop machine in incus containers per dev+project (so you run yourname-projname-dev). It has its own tailscale inside so you can open it like regular https website or give to another dev to check out – no need to deploy your branch somewhere, just run it. New dev onboard takes 10 minutes from zero to dev env with VSCode remote development.
I would really love if apple could give inexpensive way to run amd64 containers for situations when dev wants to use their own hardware. We've used LIMA for now, was too much of a hussle. But if there's a more native experience – would give it another try.
numbsafari
Wouldn’t it be nice if services like Codespaces or Coder or Gitlab would allow you to target running on their hosted/integrated platform, or let you launch that same container completely locally? Sometimes I wanna take my “remote” dev environment off-line but still benefit from the integrated UX.
show comments
pmontra
How is this different from Virtualbox or similar products with a shared folder with the host machine? I expected that existing virtualization tech for Macs already did that. Maybe the improvement is having nothing to configure.
By the way, is it headless or can it run a full Linux desktop? Use case: buy a Mac, uninistall whatever can be uninstalled, run the Linux VM as primary desktop forgetting MacOS and without going through Asahi and the incomplete hardware support.
show comments
running101
Seems like wsl (windows subsystem for linux)
pjmlp
With the BUILD and WWDC 2026 announcements, it is the Year of Linux Containers Desktop.
Which for many folks is good enough for what they are doing, thus the status quo of desktop platforms will hardly change for current form factors.
vachanmn123
Could this allow us to use proton on mac maybe?
show comments
yurimo
I'm pretty sure this is not the use case at all but man do I miss bootcamp. Even for games if we could just run linux without a need for crossover, gaming on mac machines would be a dream.
krzyk
Oh, I hoped it would be macos contained in those containers.
Container for Linux are in millions, while I don't know if there are any with macos inside.
rickstanley
I was wondering if it's possible to have the container volume change to, say, an external drive. I currently use QMEU with qcow2 images to achieve this, works well enough.
show comments
m132
Every time I see Apple flaunting Linux containers I can hardly consider it as anything but admitting defeat. It could easily be Darwin, if they still had the capacity.
Why did they have to invent their own solution instead of just shipping docker or an equivalent clone ?
show comments
a1o
With colima I can run AMD64 (x86) Linux containers in my Arm64 too. I think this is strictly for Arm64 Linux VMs, or is there some way to run x86 with this too?
show comments
aspeckt_112
This is pretty cool - being able to bring your own container machine image goes a long way to helping it's adoption.
I started using Colima a couple of years ago because I got bored of how bad Docker Desktop was and just started using the CLI / the "Services" tool window in whatever Jetbrains IDE I was using at the time anyway. I can't see myself moving away from it any time - having multiple profiles is an absolute winner of a feature for me there, but maybe the next time I set up a Mac from scratch I'll have a play with this.
Havoc
Always nice to have more options especially without third party tools
alwinaugustin
Why it is important ? We have Docker for containers, right ?
They've now added a WSL-style virtual machine layer, but there's no x86 container story (Apple's killing Rosetta) so I imagine some qemu shimming will be required.
And, most obviously: NO SUPPORT FOR MACOS. This is the single feature that only Apple can do, and they're choosing not to implement it deliberately, and it's so stupid given the pains we all have to go through to implement CI for macOS. In the land of OCaml, we were forced to implement a custom ZFS snapshotter to get reasonably cost effective macOS CI for our package repository: https://tarides.com/blog/2023-08-02-obuilder-on-macos/. This was fun to build, but it sucks to have to maintain it.
Also, I'm really curious what the GPU passthrough story here is for LLMs, since the Apple Silicon -> Linux kernel support is gated on Asahi's support, but that's been lagging beyond M2 due to the efforts of reverse engineering.
Do better for your developers, Apple. This is a half-baked sweep across third-party software without addressing the core needs around your own operating system.
shelled
I hope this brought us one step closer to being able to run our distros of choice very freely and easily on a Mac.
almaight
It's been over a year since it came out, based on kata-container
throw1234567891
And no GPU passthrough? So colima with libkit remains the only method on Apple Silicon?
rcarmo
This blew up spectacularly when combined with Time Machine, I wonder if that’s fixed.
show comments
konaraddi
Sounds like toolbox or distrobox for Mac!
commandersaki
Would be cool if you can redirect USB devices to the VM.
show comments
zer0zzz
I just want thunderbolt pci passthrough for these things.
show comments
sdevonoes
Im running Multipass on M1 for full linux VMs. Are container machines better?
show comments
zekrioca
"LXC" for macOS?
sachinjoseph
WSL-like implementation on macOS?
CSDude
I know its not going to be there but wish we had Windows as well.
show comments
ExoticPearTree
Will this come to MacOS 27?
LE: nevermind, it is already on MacOS. Did not read everything.
beemboy
Is this going to be good for AOSP builds on Macs?
namegulf
Would be nice if they also support Intel based macs, what prevents?
show comments
ShinyLeftPad
Can Podman support these eventually?
show comments
cdnsteve
Is it just me or is the experience to get this up and running not feeling very Apple like? Is there no one liner to install or did I miss something?
jbverschoor
Just curious, Apple seems to copy orbstack.. haven’t they made an offer to acquire you guys?
riffic
darwin containers when?
t1234s
Is this similar to what cygwin was for windows? Could this be an alternative to homebrew?
tonymet
What FS mounts the Mac drives into the Linux container ?
phplovesong
It was unclear to me, is this a native replacement for docker? I like docker (on mac) but its quite the resource hog.
I usually run like a db, redis, maybe something like rabbitmq/zeromq and have a app that uses these services (makefile/docker-compose).
I would love to switch if this in fact is a lightweight replacement.
show comments
naikrovek
ah, a rare step closer to plan9.
(you remote into a system and part of your environment comes with you; that's very Plan9-like.)
gigatexal
I saw the video on this this is distrobox basically for Mac. It’s very cool. Seamless with your local files and the container. I’m very keen to try it.
michaelsbradley
Can macOS be run as a container machine on macOS?
show comments
m463
looks like apple wrote a native docker in swift
you can now run linux containers on your mac
... but it could be better.
what about (totally contrived):
FROM apple/macos:10.11.6
RUN xcodebuild -project myapp.xcodeproj -scheme MyScheme -configuration Release
show comments
xiaodai
so basically dockers
jwlake
haven't we had hypervisor.framework for like years now?
itsneulook4
Yeah but sitting in the tweak circles just to gather personal data about people to make them lose their minds is no bueno. Otipolfueriborsklineypoo
itsneulook4
that thepolfus and the Otis and the bors and the alschweid and pretty much anyone in old the the gs gangstalk or just getting people info to sit in the same room as them to try and makr them go crazy deserve to brave hart quartered
show comments
Barbing
I found it hard to believe I didn’t have a simple way of staying safe by installing an arbitrary application in a sandbox on macOS. (Restoring using Time Machine doesn’t count! :) )
This is a step in the right direction but requires any given developer’s buy-in first, right?
To clarify a few comments here: this is not only OCI containers: container machines add support for persistence and filesystem mounting, making container machines a great lightweight Linux environment for developers using macOS. More details here: https://developer.apple.com/videos/play/wwdc2026/389
Michael Crosby wrote this! He's a long-time maintainer of Docker, Containerd, and more! He was Docker's first to receive the 'Distinguished Engineer' Title. This means a lot coming from him.
I belong to a rare breed of very opportunistic hobby-developers that like to use MacOS but also like to use linux machines or BSDs (rpi etc) sometimes.
I can create docker-images with docker compose, or use something like colima, which this seems to be close to (that should have some advantages over docker, although my hope of circumventing W^X page protection did not pan out).
I was perplexed that the repository does not put these container machines in context. The seem to be close to colima? When should I use which option (docker, collima, container machines ?)
Maybe others wonder too but are ashamed to ask. I have no shame ;)
Thanks for any pointers
This is all fine and dandy, but where are the native Darwin Jails Apple? Still scared that people will filling whole rooms of Mac Minis if you allow them to have multiple macOS containers and not only up to two fat VMs per machine?
OrbStack works really well for me. I wonder how it’s compared to this performance wise
I don‘t understand why these tools always advertise about mounting the $HOME inside the container. Isn‘t it better to have a complete isolation? Isn‘t that the point of using such a thing?
Do these containers share a common kernel? Or are they each ran in a separate VM?
Edit: It's a VM per container. https://github.com/apple/container/blob/main/docs/technical-...
Interesting from a Docker perspective, but I’m more interested in it as a sandbox for AI agents and untrusted code execution.
I wrote about that angle here: https://igorstechnoclub.com/sandbox-exec/
Feels like the spiritual successor to sandbox-exec, but with VM-level isolation.
This is awesome! I just added this as a backend for yoloAI on Mac, and wow... super fast startup times now!
Will this be able to replace docker desktop an equivalents, removing the expensive Linux VM that runs alongside them?
So essentially both macOS and Windows now heavily support developing using Linux on them. They can't more openly admit that they are no match for Linux in that area.
There's some clever advertising in it for Linux, if Linux was advertising.
Anyone know why you would use this instead of QEMU+Lima+Colima+Docker/containerd? The latter works on multiple OSes, has a very large ecosystem of tools, images, documentation, and lets you replace pieces as needed
Apple containers are great for providing a sandbox to your AI coding agents
I have made it a MCP so that it's easily discoverable by all the coding agents
https://github.com/instavm/coderunner
It's funny that the system config page (https://github.com/apple/container/blob/main/docs/container-...) lists pebibytes for RAM configurations... in this day and age where buying a 16GB stick for workstation would cause me to eat instant ramen for a couple of months because my dentist needs an LLM chatbot on their page to stay competitive!
UX wise it looks kinda neat though!
I still can’t use Containers because of a broken DNS implementation. I suppose I could manually set the DNS as I switch on and off VPN, but I don’t have to with Finch, Podman, or Docker Desktop.
How would I replace docker compose containing multiple services that communicate with each other with this? Seems cool for an individual service.
Is this new? I thought we had this already
In my testing (iirc) filesystem performance was not good enough to be usable with node/rust dev where lots of small files get stat-ed
update: what's new is the `container machine` subcommand. I went to test it out, but container failed to run at all for me: https://github.com/apple/container/issues/1681
Just to clarify, this requires Mac OS 26 Tahoe for "container" doesn't it? So those of us holding out on Sequoia who can't stand the broken glass UI or what's called and the other undesired features need to stick to Docker desktop.
The costs are startup time and image compatibility: dockerhub images don't work as machine images because container machine expects systemd
I am trying it on but its brekaing on homebrew 1.0.0. The formula puts plugins at opt/container/libexec/container-plugins/ and the apiserver looks in libexec/container/plugins/
This can be solved through a symlink or smth
This appears to be an LXC-style alternative for macOS; however, unlike native LXC on Linux, this tool relies on VMs. While Docker and Podman also utilize a VM on macOS, they offer the advantage of the Docker Compose format. In my view, the ability to use YAML for declarative configuration is the most critical feature for any container tool. I have nothing against CLI tools in general, but I prefer avoiding repetitive manual commands that could be easily automated via Docker Compose or Kubernetes manifests.
Is there any reason why macOS doesn't try a WSL1 style approach? I get why that didn't fully work out for windows, but it seems like macOS being another *nix would make a lot of what was hard for windows, easy for mac. It seems like it should be possible to run most linux applications natively on macOS with few additional new APIs.
BSD actually has this already.
They shouldn't bury the details about how the containerization actually works.
So are there any benchmarks that compare all containers / docker / Lima / Colima / virtual box / VMware / orbstack and others ?
I've looked into replacing Lima with Apple Containers for https://runmachine.dev.
However, unlike Lima, an Apple Container is not a full VM, so you cannot SSH to it, or forward SSH-agent signatures into a machine.
So it's more of a devcontainer story, which is also a great use case. Nice to see Apple creating tooling around their VZ framework.
Edit: referential clarity.
I'm surprised they cared enough to do this. I'd still rather use Linux but MacBook value is incredible.
In the intro it mentions automatically mapping user and home dir. So host files accessible the container. Any settings to control this?
Python binary wheels now have to be built for aarch64 for them to work inside the container, unless they are built using the corresponding build system while installing. It is not common for python binary libs to publish arm64 binary wheels, as most often they target amd64.
Handy for sure!
In production though, I've moved completely to systemd isolation of apps, rather than Docker-like containers; essentially blackboxes and present a supply chain threat. There's also a DRY principle here. Verification of a host presents a much smaller surface area.
We have WSL at home.
Most of my team's development happens on beefy desktop machine in incus containers per dev+project (so you run yourname-projname-dev). It has its own tailscale inside so you can open it like regular https website or give to another dev to check out – no need to deploy your branch somewhere, just run it. New dev onboard takes 10 minutes from zero to dev env with VSCode remote development.
I would really love if apple could give inexpensive way to run amd64 containers for situations when dev wants to use their own hardware. We've used LIMA for now, was too much of a hussle. But if there's a more native experience – would give it another try.
Wouldn’t it be nice if services like Codespaces or Coder or Gitlab would allow you to target running on their hosted/integrated platform, or let you launch that same container completely locally? Sometimes I wanna take my “remote” dev environment off-line but still benefit from the integrated UX.
How is this different from Virtualbox or similar products with a shared folder with the host machine? I expected that existing virtualization tech for Macs already did that. Maybe the improvement is having nothing to configure.
By the way, is it headless or can it run a full Linux desktop? Use case: buy a Mac, uninistall whatever can be uninstalled, run the Linux VM as primary desktop forgetting MacOS and without going through Asahi and the incomplete hardware support.
Seems like wsl (windows subsystem for linux)
With the BUILD and WWDC 2026 announcements, it is the Year of Linux Containers Desktop.
Which for many folks is good enough for what they are doing, thus the status quo of desktop platforms will hardly change for current form factors.
Could this allow us to use proton on mac maybe?
I'm pretty sure this is not the use case at all but man do I miss bootcamp. Even for games if we could just run linux without a need for crossover, gaming on mac machines would be a dream.
Oh, I hoped it would be macos contained in those containers. Container for Linux are in millions, while I don't know if there are any with macos inside.
I was wondering if it's possible to have the container volume change to, say, an external drive. I currently use QMEU with qcow2 images to achieve this, works well enough.
Every time I see Apple flaunting Linux containers I can hardly consider it as anything but admitting defeat. It could easily be Darwin, if they still had the capacity.
WWDC presentation video:
Discover container machines
https://developer.apple.com/videos/play/wwdc2026/389/
Why did they have to invent their own solution instead of just shipping docker or an equivalent clone ?
With colima I can run AMD64 (x86) Linux containers in my Arm64 too. I think this is strictly for Arm64 Linux VMs, or is there some way to run x86 with this too?
This is pretty cool - being able to bring your own container machine image goes a long way to helping it's adoption.
I started using Colima a couple of years ago because I got bored of how bad Docker Desktop was and just started using the CLI / the "Services" tool window in whatever Jetbrains IDE I was using at the time anyway. I can't see myself moving away from it any time - having multiple profiles is an absolute winner of a feature for me there, but maybe the next time I set up a Mac from scratch I'll have a play with this.
Always nice to have more options especially without third party tools
Why it is important ? We have Docker for containers, right ?
I looked at this last year when it came out in Tahoe: https://anil.recoil.org/notes/apple-containerisation and this looks like more of the same.
They've now added a WSL-style virtual machine layer, but there's no x86 container story (Apple's killing Rosetta) so I imagine some qemu shimming will be required.
There's still no equivalent to VPNKit or GVisor for networking so you'll be bridging I think. See: https://cacm.acm.org/research/a-decade-of-docker-containers/ for how Docker for Mac does this
I can't spot any support for dynamic memory ballooning to prevent the hypervisor from gobbling up too much memory. We've had this in Xen since forever! https://xenproject.org/blog/ballooning-rebooting-and-the-fea...
And, most obviously: NO SUPPORT FOR MACOS. This is the single feature that only Apple can do, and they're choosing not to implement it deliberately, and it's so stupid given the pains we all have to go through to implement CI for macOS. In the land of OCaml, we were forced to implement a custom ZFS snapshotter to get reasonably cost effective macOS CI for our package repository: https://tarides.com/blog/2023-08-02-obuilder-on-macos/. This was fun to build, but it sucks to have to maintain it.
Also, I'm really curious what the GPU passthrough story here is for LLMs, since the Apple Silicon -> Linux kernel support is gated on Asahi's support, but that's been lagging beyond M2 due to the efforts of reverse engineering.
Do better for your developers, Apple. This is a half-baked sweep across third-party software without addressing the core needs around your own operating system.
I hope this brought us one step closer to being able to run our distros of choice very freely and easily on a Mac.
It's been over a year since it came out, based on kata-container
And no GPU passthrough? So colima with libkit remains the only method on Apple Silicon?
This blew up spectacularly when combined with Time Machine, I wonder if that’s fixed.
Sounds like toolbox or distrobox for Mac!
Would be cool if you can redirect USB devices to the VM.
I just want thunderbolt pci passthrough for these things.
Im running Multipass on M1 for full linux VMs. Are container machines better?
"LXC" for macOS?
WSL-like implementation on macOS?
I know its not going to be there but wish we had Windows as well.
Will this come to MacOS 27?
LE: nevermind, it is already on MacOS. Did not read everything.
Is this going to be good for AOSP builds on Macs?
Would be nice if they also support Intel based macs, what prevents?
Can Podman support these eventually?
Is it just me or is the experience to get this up and running not feeling very Apple like? Is there no one liner to install or did I miss something?
Just curious, Apple seems to copy orbstack.. haven’t they made an offer to acquire you guys?
darwin containers when?
Is this similar to what cygwin was for windows? Could this be an alternative to homebrew?
What FS mounts the Mac drives into the Linux container ?
It was unclear to me, is this a native replacement for docker? I like docker (on mac) but its quite the resource hog.
I usually run like a db, redis, maybe something like rabbitmq/zeromq and have a app that uses these services (makefile/docker-compose).
I would love to switch if this in fact is a lightweight replacement.
ah, a rare step closer to plan9.
(you remote into a system and part of your environment comes with you; that's very Plan9-like.)
I saw the video on this this is distrobox basically for Mac. It’s very cool. Seamless with your local files and the container. I’m very keen to try it.
Can macOS be run as a container machine on macOS?
looks like apple wrote a native docker in swift
you can now run linux containers on your mac
... but it could be better.
what about (totally contrived):
so basically dockers
haven't we had hypervisor.framework for like years now?
Yeah but sitting in the tweak circles just to gather personal data about people to make them lose their minds is no bueno. Otipolfueriborsklineypoo
that thepolfus and the Otis and the bors and the alschweid and pretty much anyone in old the the gs gangstalk or just getting people info to sit in the same room as them to try and makr them go crazy deserve to brave hart quartered
I found it hard to believe I didn’t have a simple way of staying safe by installing an arbitrary application in a sandbox on macOS. (Restoring using Time Machine doesn’t count! :) )
This is a step in the right direction but requires any given developer’s buy-in first, right?