Containers have fundamentally changed how software development is carried out. They let developers package applications with all their dependencies into a single, portable unit. This makes it easy to deploy and run software anywhere.
Linux has been at the heart of container technology since its inception. Most popular container runtimes and tools like Docker, Kubernetes, and cointainerd were originally designed to run in Linux environments.
In the case of macOS, running containers usually requires running a Linux virtual machine (VM) or an application like Docker Desktop. This is far from optimal as it introduces additional resource overhead, slower performance, and complicates development workflows.
That's where Apple's new open source Containerization project comes in.
What's Happening: Announced at WWDC 2025, Apple has launched a tool that brings native Linux container runtime support to macOS. Based on Swift, the tool leverages Apple's Virtualization framework to run containers inside a lightweight VM, eliminating the need for traditional hypervisors or a heavyweight Docker VM.
Source: Apple
Supporting this is the Container project, which provides the core Swift library for working with OCI container images and runtime specs. It includes tools for image creation, metadata management, and spec validation, enabling seamless integration with Swift-based build systems and container runtimes.
What to Expect: With Containerization, each Linux container runs inside its own lightweight virtual machine rather than sharing a single large VM. The Swift-based vminitd process acts as the init system for each container on macOS, spawning as the initial process inside the VM and handling much of the heavy lifting in the background.
Apple provides Swift APIs that let developers easily manage container lifecycles, set resource limits, configure networking, and handle filesystem mounts, giving plenty of flexibility and control.
Source: Apple
Moreover, in a bid to harden security, the developers have significantly reduced the container root filesystem. Core utilities, dynamic libraries, and even the standard libc implementation are excluded by default.
This stripped-down approach is intended to reduce the attack surface, resulting in containers that launch faster and offer improved security by design.
Here's why you should opt for It's FOSS Plus Membership:
- Even the biggest players in the Linux world don't care about desktop Linux users. We do. - We don't put informational content behind paywall. Your support keeps it open for everyone. Think of it like 'pay it forward'. - Don't like ads? With the Plus membership, you get an ad-free reading experience. - When millions of AI-generated content is being published daily, you read and learn from real human Linux users. - It costs just $2 a month, less than the cost of your favorite burger.
Become a Plus Member today and join over 300 people in supporting our work.
