A VM for Every Container Apple Ships

Cody Wait — Apple shipped a container runtime and it hit one point oh yesterday?

Justy Yeah, it's been on GitHub for a year apparently, but the one point oh dropped on June ninth and it is genuinely blowing up. Twenty-six thousand stars, over a thousand points on Hacker News.

Cody Okay but what's the actual pitch here, because running containers on a Mac is not exactly a gap in the market.

Justy Right, and that's what makes it interesting. The architecture is the thing — it's not Docker Desktop's model where you have one big shared Linux VM and all your containers run inside that. It boots a dedicated lightweight VM for every single container.

Cody Huh.

Justy Mm-hm. Hardware-level isolation per workload, sub-second boot, written in Swift, optimized for Apple silicon. And they have this feature called container machines — long-lived Linux environments for when you want persistence rather than something that spins up and dies.

Cody Sub-second boot for a VM is a bold claim. I want to see that benchmark because VMs do not traditionally boot in sub-seconds, even lightweight ones.

Justy Fair, but also — hyperkit and similar hypervisor frameworks on Apple silicon have gotten genuinely good. The M-chips have dedicated hardware assist for this stuff.

Cody That's true, yeah. The memory mapping and interrupt handling on Apple silicon is purpose-built for exactly this. So okay, the isolation model is different. But here's my question — who's actually asking for per-container VM isolation on their local laptop?

Justy I think the answer is partly the AI workload angle, honestly. The article ties it directly to that conversation about where AI workload isolation should live. And also — devs who write Kubernetes manifests on a Mac all day and then push to Linux clusters. That's a huge chunk of the cloud native world.

Cody Sure, that's fair. But let me push back a little. Docker Desktop has years of ecosystem behind it. The compose file support, the volume mounting, the registry integration — all of that is solved. Twenty-sixk stars is great but it's not the same as twenty-sixk teams running this in production.

Justy No, that's fair. And the article actually says the one point oh stamp means Apple is treating this as an OS-level capability now, not an experiment. That's the meaningful shift — it's not a hobby project, it's infrastructure.

Cody Okay so here's where I get skeptical. Per-container VM means per-container resource overhead, right? Memory allocation for the VM itself, vCPU scheduling, the hypervisor layer eating resources. If you're running six containers you're running six mini-VMs.

Justy Right, but that's also the point — you're not fighting over one shared kernel. If one container goes sideways it doesn't bleed into the others the way it can with a shared VM model.

Cody Yeah, I get the isolation argument. I'm just not sure the average dev working on a Rails app or a Node service needs that on their local machine. That's the kind of paranoia you want in prod.

Justy Maybe. But you know who DOES want that? People running third-party containers from random registries. Or evaluating AI models locally where you really don't want the inference process touching your host filesystem.

Cody That's actually a decent point. The AI angle is real, I just think the article leans on it a little hard as a tie-in.

Justy Oh, one hundred percent. But you know what else dropped in this release? TOML-based configuration. They replaced the old property system, which — if you've ever tried to configure Docker Desktop's JSON blobs you know that's not nothing.

Cody TOML is so much nicer to read and write by hand. And they standardized the output across JSON, YAML, and TOML on the CLI, which is just good developer experience.

Justy Exactly. Container cp for host-to-container file transfer, which sounds minor but is something you constantly reach for workarounds for right now.

Cody Yeah, the small quality-of-life stuff adds up. I just — I don't know. I feel like the isolation model is technically interesting but it's solving a problem that most people don't have on their laptop. Change my mind.

Justy I mean, I think the one point oh stamp matters more than the architecture debate. When Apple puts a version number on something in the developer tools space, it means the API surface is stable. That's when you start seeing enterprise adoption and tooling vendors actually committing.

Cody That's a fair read. And twenty-six thousand stars is not nothing — that's a real signal the community wants an alternative.

Justy Alright so what are we thinking — worth testing this weekend or nah?

Cody Honestly yeah, spin up a kind cluster through it and see if the isolation story actually holds up in practice. If the sub-second boot claim is real, the developer experience could be surprisingly good.

Justy I'll try it on the M3 Pro and report back. If it actually works the way they pitch it, this could genuinely replace Docker Desktop for a lot of people. Not everyone, but a meaningful chunk.

Cody Just don't come back telling me VMs boot in sub-seconds without receipts, okay?

Justy I'll bring receipts. This is going to be a disaster or genuinely great, there's no middle ground with this one.

Cody That's the spirit. Exploring Next, everyone.