Skip to content
BSWEN
Blog

What Is Apple container? Running Linux Containers as Lightweight VMs on Mac

Cowrie
Cowrie
Dev @ Bswen

Problem

When I need to run Linux containers on my Apple Silicon Mac, the existing tools all share a single Linux VM behind the scenes. Docker Desktop, Colima, Podman — they all boot one Linux VM and run every container inside it.

This approach works most of the time, but I started running into issues:

  • Different projects need different security profiles, but they all share one VM kernel
  • One container’s memory leak can starve others in the same VM
  • When I mount data into the shared VM, every container can see it in theory

I wanted better isolation without giving up container startup speed.

What Is Apple container?

Apple container is an open-source CLI tool that runs each Linux container as its own lightweight virtual machine on Apple Silicon Macs. Unlike traditional tools, it doesn’t share a single Linux VM across all containers. Every container gets its own VM.

┌─────────────────────────────────────────────────────┐
│  Traditional Approach (Shared VM)                   │
│                                                     │
│  ┌──────────────────────────────────────────┐       │
│  │         Single Linux VM                  │       │
│  │  ┌──────────┐ ┌──────────┐ ┌──────────┐ │       │
│  │  │ Container│ │ Container│ │ Container│ │       │
│  │  │    A     │ │    B     │ │    C     │ │       │
│  │  └──────────┘ └──────────┘ └──────────┘ │       │
│  └──────────────────────────────────────────┘       │
│                                                     │
│  Apple container Approach (Per-Container VM)         │
│                                                     │
│  ┌──────────┐ ┌──────────┐ ┌──────────┐            │
│  │   VM A   │ │   VM B   │ │   VM C   │            │
│  │ Container│ │ Container│ │ Container│            │
│  │    A     │ │    B     │ │    C     │            │
│  └──────────┘ └──────────┘ └──────────┘            │
└─────────────────────────────────────────────────────┘

It consumes and produces standard OCI images, so it works with any container registry (Docker Hub, GitHub Container Registry, etc.) and is compatible with other OCI runtimes.

Key Features

  • Per-container VM isolation: each container gets its own Linux kernel via macOS Virtualization.framework
  • OCI-compatible: pull and push standard container images from any registry
  • Native Apple Silicon: written in Swift, optimized for M-series Macs
  • macOS native integration: uses vmnet.framework for networking, Keychain for registry credentials, launchd for service management

How It Works

The container CLI talks to a background container-apiserver launch agent. When I run a container, the apiserver:

  1. Pulls or resolves the OCI image
  2. Creates a dedicated VM using Virtualization.framework
  3. Boots a minimal Linux kernel inside that VM
  4. Runs my container process inside it
  5. Manages networking through vmnet.framework

Architecture flow diagram showing container CLI sending requests to container-apiserver, which uses Virtualization.framework to boot a Linux VM, then runs the container process inside that VM with networking via vmnet.framework

Running a container
container run --name my-app alpine:latest

Each container boots its own VM in a comparable timeframe to starting a container in Docker Desktop’s shared VM — typically a few seconds.

Why Per-Container VM Matters

The shared-VM approach has been standard for years, but it has trade-offs:

AspectShared VM (Docker Desktop)Per-Container VM (Apple container)
IsolationNamespace-levelVM-level (stronger)
SecurityContainer escape risks shared kernelHardware-backed VM isolation
Resource contentionAll containers compete in one VMEach VM manages its own resources
PrivacyMounted data visible to all containers in theoryOnly mounted data per specific VM
Startup timeFast (containers reuse existing VM)Fast (optimized per-VM boot)

For my use case — running containers from different clients or projects on the same machine — the VM-level isolation means I don’t have to worry about one compromised container affecting others.

Current Limitations

Apple container is pre-1.0 software. Active development means breaking changes can happen in minor versions. Some limitations I’ve noticed:

  • Memory ballooning is partial: freed memory inside a Linux VM may not return to the host efficiently
  • Container-to-container networking is not yet available on macOS 15
  • Multiple virtual networks and reliable IP assignment are still in progress

Summary

In this post, I explained what Apple container is and how its per-container VM architecture differs from traditional shared-VM approaches. The key point is that Apple container gives each Linux container its own lightweight VM on Apple Silicon, providing stronger isolation without sacrificing startup speed.

Final Words + More Resources

My intention with this article was to help others share my knowledge and experience. If you want to contact me, you can contact by email: Email me

Here are also the most important links from this article along with some further resources that will help you in this scope:

Oh, and if you found these resources useful, don’t forget to support me by starring the repo on GitHub!

Comments

Tags: