Apple Container as Docker replacement
With macOS 26 Tahoe, support for running OCI-style containers is directly built into the OS. Similar to Microsoft’s Virtual Machine Platform, which is a subset of their Hyper-V offering.
Docker for macOS is free for personal use, but their constant nag-screens, forgetting of credentials, ceaseless telemetry collecting and them pushing users hard to try their AI functionality, made me dread each new version for the past few months. It also doesn’t help that most of the newly added features are designed with their corporate customers in mind.
There’s other options that run entirely in Userland, like Colima and Podman, but I wanted to give the Apple variant a try.
Installation
Tahoe comes with the underlying Virtualisation Framework. All that is needed is the Userland client, called Container to operate it, as the rest will be downloaded on first use.
The client can either be obtained via homebrew (brew install container) or via the standalone package from GitHub Releases.
Getting Started
To be able to use it the Virtual Machine with the Linux Container has to be started:
$ container system start
It will automatically download everything it needs, like the Linux VM the Containers run and build in.
Start with System
Unfortunately the VM has to be manually started after each reboot. While a solution is currently underway, in the meantime we can define our own LaunchAgent:
$ cat > ~/Library/LaunchAgents/com.user.container.autostart.plist << 'EOF'
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.user.container.autostart</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/bin/container</string>
<string>system</string>
<string>start</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StandardOutPath</key>
<string>/tmp/container-autostart.log</string>
<key>StandardErrorPath</key>
<string>/tmp/container-autostart.log</string>
</dict>
</plist>
EOF
Builder without Rosetta
I don’t have Rosetta installed and don’t want to install it. But since Apple can’t know what platform a container is targeting until after it is brought up, they always enable Rosetta support, which fails the build if it isn’t installed.
This behaviour can be configured out by disabling Rosetta globally for all Containers:
$ mkdir -p ~/.config/container
$ echo "[build]\nrosetta = false" >> ~/.config/container/config.toml
Uses
Once it is up and running it acts as a drop-in replacement for Docker. In command invocations, docker can be replaced with container, except for a few fringe use-cases, like inotify and IPv6 forwards.
This post was written using a Jekyll image continuously rendering previews for changes to this document running in the Container Framework. Works perfectly fine.
But unfortunately there’s one specific use-case that currently prevents me from uninstalling Docker.app from my machine: Permanent Gitea Action Runner in the background.