Containerization

The Containerization package allows applications to use Linux containers. Containerization is written in Swift and uses Virtualization.framework on Apple silicon.

Looking for command line binaries for running containers?
They are available in the dedicated apple/container repository.

Containerization provides APIs to:

• Manage OCI images.
• Interact with remote registries.
• Create and populate ext4 file systems.
• Interact with the Netlink socket family.
• Create an optimized Linux kernel for fast boot times.
• Spawn lightweight virtual machines and manage the runtime environment.
• Spawn and interact with containerized processes.
• Use Rosetta 2 for running linux/amd64 containers on Apple silicon.

Please view the API documentation for information on the Swift packages that Containerization provides.

Design

Containerization executes each Linux container inside of its own lightweight virtual machine. Clients can create dedicated IP addresses for every container to remove the need for individual port forwarding. Containers achieve sub-second start times using an optimized Linux kernel configuration and a minimal root filesystem with a lightweight init system.

vminitd is a small init system, which is a subproject within Containerization. vminitd is spawned as the initial process inside of the virtual machine and provides a GRPC API over vsock. The API allows the runtime environment to be configured and containerized processes to be launched. vminitd provides I/O, signals, and events to the calling process when a process is run.

Requirements

To build the Containerization package, you need:

• Mac with Apple silicon
• macOS 26 beta
• Xcode 26 beta

Older versions of macOS are not supported.

Example Usage

For examples of how to use some of the libraries surface, the cctl executable is a good start. This app is a useful playground for exploring the API. It contains commands that exercise some of the core functionality of the various products, such as:

1. Manipulating OCI images
2. Logging in to container registries
3. Creating root filesystem blocks
4. Running simple Linux containers

Linux kernel

A Linux kernel is required for spawning lightweight virtual machines on macOS. Containerization provides an optimized kernel configuration located in the kernel directory.

This directory includes a containerized build environment to easily compile a kernel for use with Containerization.

The kernel configuration is a minimal set of features to support fast start times and a light weight environment.

While this configuration will work for the majority of workloads we understand that some will need extra features. To solve this Containerization provides first class APIs to use different kernel configurations and versions on a per container basis. This enables containers to be developed and validated across different kernel versions.

See the README in the kernel directory for instructions on how to compile the optimized kernel.

Pre-built Kernel

If you wish to consume a pre-built kernel, make sure it has VIRTIO drivers compiled into the kernel (not merely as modules).

The Kata Containers project provides a Linux kernel that is optimized for containers, with all required configuration options enabled. The releases page contains downloadable artifacts, and the image itself (vmlinux.container) can be found in the /opt/kata/share/kata-containers/ directory.

Prepare to build package

Install the recommended version of Xcode.

Set the active developer directory to the installed Xcode (replace <PATH_TO_XCODE>):

sudo xcode-select -s <PATH_TO_XCODE>

Install Swiftly, Swift, and Static Linux SDK:

make cross-prep

If you use a custom terminal application, you may need to move this command from .zprofile to .zshrc (replace <USERNAME>):

# Added by swiftly
. "/Users/<USERNAME>/.swiftly/env.sh"

Restart the terminal application. Ensure this command returns /Users/<USERNAME>/.swiftly/bin/swift (replace <USERNAME>):

which swift

If you've installed or used a Static Linux SDK previously, you may need to remove older SDK versions from the system (replace <SDK-ID>):

swift sdk list
swift sdk remove <SDK-ID>

Build the package

Build Containerization from sources:

make all

Test the package

After building, run basic and integration tests:

make test integration

A kernel is required to run integration tests. If you do not have a kernel locally for use a default kernel can be fetched using the make fetch-default-kernel target.

Fetching the default kernel only needs to happen after an initial build or after a make clean.

make fetch-default-kernel
make all test integration

Protobufs

Containerization depends on specific versions of grpc-swift and swift-protobuf. You can install them and re-generate RPC interfaces with:

make protos

Documentation

Generate the API documentation for local viewing with:

make docs
make serve-docs

Preview the documentation by running in another terminal:

open http://localhost:8000/containerization/documentation/

Contributing

Contributions to Containerization are welcomed and encouraged. Please see CONTRIBUTING.md for more information.

Project Status

Version 0.1.0 is the first official release of Containerization. Earlier versions have no source stability guarantees.

Because the Containerization library is under active development, source stability is only guaranteed within minor versions (for example, between 0.1.1 and 0.1.2). If you don't want potentially source-breaking package updates, you can specify your package dependency using .upToNextMinorVersion(from: "0.1.0") instead.

Future minor versions of the package may introduce changes to these rules as needed.