Apple has introduced VM-based Containerization at its WWDC (Worldwide Developer Conference), along with Container – an open-source CLI (command-line interface) – however it has yet to fix a problem which prevents the latest dev builds of Podman from using the Rosetta translation layer, needed for high performance amd64 performance within Linux VMs.
The company’s main target here is developer tooling for server-side Linux applications, and the new features will be welcome, though full support requires macOS 26 “Tahoe”, currently in beta, for which release is expected around September. Containerization will work on the current macOS 15 “Sequoia” but without network isolation, and bugs not reproducible on macOS 26 might not get fixed.
Although macOS has long had a virtualization API, Apple said that existing Linux container solutions were based on a single Linux VM running one or more containers, which is sub-optimal for security since multiple containers share resources. The new Containerization framework, which is written in Swift and is on GitHub under the Apache 2.0 license, runs up a new VM for every container, so that each one has the same level of isolation as a standalone VM. In addition, a minimalist approach means there are no core utillties, libc runtime library, or dynamic libraries on the VM, reducing the attack surface. Despite the overhead of a per-container VM, a sub-second start up time is claimed. A static-compiled init system called vminitd is part of the project and runs as the first process in the VM, mounts the file system, launches containerized processes, and has an API.
A separate Swift project, called container, is also on GitHub and provides a CLI for the new framework. The container utility can build images from Dockerfiles and run container images with arguments that configure memory, virtual CPUs, shared folders and more. Containers can also be configured to run both on arm64 and amd64 architectures, important since most production Linux servers are amd64.
Apple’s new focus on virtualization and containers will improve macOS for developers, if only because container performance should improve. Apple’s engineering work on virtualization in macOS could also benefit third-party tools such as Docker itself.
Podman, another Docker alternative, could also gain better performance; but this Red Hat sponsored project is currently having problems with macOS. The issue relates to running amd64 binaries on Linux VMs, which should be optimized on Apple Silicon via a translation layer called Rosetta. Although Rosetta does not support amd64 VMs, it does optimize Intel binaries within arm64 VMs. However, Podman engineers discovered that “when attempting to use Apple Rosetta with a 6.13 kernel, Rosetta is doing the equivalent of a segfault.” Podman uses a customized Fedora CoreOS base image, and in order to use Rosetta it has to stick with the older Fedora 41. The latest development versions of Podman use a newer version of Fedora but Rosetta has to be disabled. “Our hope was this would be remedied, and we could update our images … however, to date, this has not come to fruition,” said Podman architect Brent Paud.
Apple’s own Containerization framework also uses Rosetta “for executing x86_64 processes on Apple silicon.” Perhaps then Apple will fix this both for itself and for third-party solutions like Podman.