| ▲ | garganzol 12 hours ago |
| While we have `sandbox-exec` in macOS, we still don't have a proper Docker for macOS. Instead, the current Docker runs on macOS as a Linux VM which is useful but only as a Linux machine goes. Having real macOS Docker would solve the problem this project solves, and 1001 other problems. |
|
| ▲ | hrmtst93837 2 hours ago | parent | next [-] |
| If you expect macOS to behave like Linux, you are asking the wrong OS to do the job. Docker and runtimes like runc depend on Linux kernel primitives such as namespaces and cgroups that XNU does not provide, and macOS adds System Integrity Protection, TCC, signed system frameworks, and launchd behaviors that make sharing the host kernel for arbitrary workloads technically hard and legally messy. A practical path is ephemeral macOS VMs using Apple's Virtualization.framework coupled with APFS copy-on-write clones for fast provisioning, or limited per-process isolation via seatbelt and the hardened runtime, which respects Apple's licensing that restricts macOS VMs to Apple hardware and gives strong isolation at the cost of higher RAM and storage overhead compared with Linux containers. |
|
| ▲ | mkagenius 11 hours ago | parent | prev | next [-] |
| Apple containers were released a few months back. Been using it to sandbox claude/gemini-cli generated code[1]. You can use it to completely sandbox claude code too. 1. Coderunner - https://github.com/instavm/coderunner |
| |
| ▲ | arianvanp 11 hours ago | parent [-] | | That is also Linux VM on MacOS. They're not MacOS containers..
So it's completely pointless / useless for MacOS or iOS development | | |
|
|
| ▲ | dpe82 11 hours ago | parent | prev | next [-] |
| Nitpick, which probably doesn't matter too much in this context but is always good to remember: Docker containers are not security boundaries. |
| |
| ▲ | PlasmaPower 11 hours ago | parent | next [-] | | Why not? They're definitely not perfect security boundaries, but neither are VMs. I think containers provide a reasonable security/usability tradeoff for a lot of use cases including agents. The primary concern is kernel vulnerabilities, but if you're keeping your kernel up-to-date it's still imo a good security layer. I definitely wouldn't intentionally run malware in it, but it requires an exploit in software with a lot of eyes on it to break out of. | | |
| ▲ | dpe82 2 hours ago | parent [-] | | It's certainly better than nothing. Hence "probably doesn't matter too much in this context" - but of course it always matters what your threat model is. Your own agents under your control with aligned models and not interacting with attacker data? Should be fine. But too many people just automatically equate docker with strong secure isolation and... well, it can be, sometimes, depending a hundred other variables. Thus the reminder; to foster conversations like this. |
| |
| ▲ | fredoliveira 11 hours ago | parent | prev [-] | | counter-intuitively, the fact that docker on the mac requires a linux-based VM makes it safer than it otherwise would be. But your point stands in general, of course. |
|
|
| ▲ | PufPufPuf 11 hours ago | parent | prev [-] |
| What would native containers bring over Linux ones? The performance of VZ emulation is good, existing tools have great UX, and using a virtualized kernel is a bit safer anyways. I regularly use a Lima VM as a VSCode remote workspace to run yolo agents in. |
| |
| ▲ | qalmakka 2 hours ago | parent | next [-] | | > What would native containers bring over Linux ones? What would a Phillips screwdriver bring over a flathead screwdriver? Sometimes you don't want/need the flathead screwdriver, simple as that. There are macOS-specific jobs you need to run in macOS, such as xcode toolchains etc. You can try cross compiling, but it's a pain and ridiculous given that 100% of every other OS supports containers natively (including windows). It's clear to me that Apple is trying to make the ratio jobs/#MacMinis as small as possible | |
| ▲ | garganzol 11 hours ago | parent | prev | next [-] | | Sometimes you just have to run native software. In my case, that means macOS build agents using Xcode and Apple toolchains which are only available on macOS. It's not a pleasure to run them in a mutable environment where everything has a floating state as I do now. Native Docker for macOS would totally solve that. | |
| ▲ | hirvi74 11 hours ago | parent | prev [-] | | VZ has been exceptional for me. I have been running headless VMs with Lima and VZ for a while now with absolutely zero problems. I just mount a directory I want Claude Code to be able to see and nothing more. |
|
