macOS Containers: Apple Put a Linux VM Inside Every One

Apple shipped container 1.0.0 on 9 June 2026, and the central new subcommand is container machine: a persistent, $HOME-mounted Linux VM you keep around between sessions, with your dotfiles, repos, SSH keys, .npmrc, and ~/.aws/credentials mounted in at /Users/<you> by default. The interesting question is the bind-mount choice, and the company that filled the gap Apple just declined to fill.

What container machine actually does

The new subcommand is one line of code in the docs and a deliberate pivot in the project's framing. The old container tool was per-process: you container run an image, get a shell or a single command, the process exits. The new container machine is per-environment: you container machine create alpine:latest --name dev, then container machine run -n dev to drop into a persistent shell, with your home directory mounted in by default. The doc draws the line: "Containers are typically modeled after an application. A container machine is modeled after a Linux environment. It runs the image's init system allowing you to register long running services." That is the same conceptual move WSL made ten years ago, and the move OrbStack, Lima, and Colima have been perfecting for half a decade on the Mac. The naming — machine, not container — is Apple admitting the user thinks in VMs, even when the runtime thinks in OCI images.

The architecture: one VM per container

This is the part that breaks the Docker Desktop mental model. Most Mac-side container stacks today — Docker Desktop, Colima, Rancher Desktop, the older container builds — run a single Linux VM and stack containers inside it. The VM is the unit of resource accounting; the container is the unit of process isolation. Apple's Containerization package inverts that. From the technical overview: "it runs a lightweight VM for each container that you create." The doc justifies the inversion three ways: a full VM is the isolation boundary, each VM mounts only the host data that container needs, and the per-VM memory overhead stays below a full VM's. The trade is density: one VM per container means you pay the per-VM hypervisor tax N times, not once. The reward is the isolation and the "throw the whole machine away" model developers actually want. Whether the trade is right is the live question the HN thread is arguing about, and the answer depends on whether you run three long-lived dev machines or thirty short-lived CI jobs.

The bind-mount choice is the actual news

By default, container machine run -n dev mounts your Mac home directory as /Users/<you> inside the Linux environment, read-write, with no prompt. Your dotfiles, repos, SSH keys, .npmrc, ~/.aws/credentials — all in scope the moment the container starts. The doc treats this as a feature: "Your repositories and dotfiles are available on both platforms. Use editors and tools directly on macOS simultaneously building and running your application inside of the container machine." It maps to the dev loop the team is optimizing for: edit in your Mac-native editor, compile in the Linux environment, debug against Linux artifacts in your Mac-native tools. Real win for the standard Node/Rust/Python dev loop, where node_modules and target/ are full of small files that benefit from a real filesystem.

It is also the prompt the security-minded commenter on HN answered in a single sentence: "I don't understand why these tools always advertise about mounting the $HOME inside the container. Isn't it better to have a complete isolation?" The reply further down is the correct one: "Containers only got so popular as a tool for developers to make developing/deploying easier. If you want to use them as a security layer that is a completely different goal." Apple shipped the right default for the median case. The non-median case is the one that fills the rest of the thread.

The memory-ballooning gap, and why OrbStack fills it

The technical overview has a section called "Releasing container memory to macOS" that is, in practice, an apology. The Virtualization framework on macOS implements only partial memory ballooning, so a container started with --memory 16g will grow its working set to whatever the workload demands, but the freed pages "are not relinquished to the host. If you run many memory-intensive containers, you may need to occasionally restart them to reduce memory utilization." This is the specific gap the OrbStack developer fills with a custom Rust virtualization stack. Their HN comment (id 48470145) is unambiguous: "Our biggest perf/resource gain is dynamic memory, which reduces memory usage a lot by releasing unused memory back to macOS. Nothing else supports this, including Containerization." OrbStack's stack is vertically integrated — custom filesystem sharing, custom memory accounting, a UI built on the same primitives — and that integration is the reason they can release memory back to the host and Apple cannot. The reply four comments down captures the trade cleanly: "It has fewer integrations and doesn't run systemd or any other normal init system [out of the box]." Apple shipped a CLI. OrbStack ships a desktop app.

The macOS 15 vs. 26 split, and what it means for "Tahoe refugees"

The technical overview is candid: "container relies on the new features and enhancements present in macOS 26. You can run container on macOS 15, but you will need to be aware of some user experience and functional limitations. There is no plan to address issues found with macOS 15 that cannot be reproduced on macOS 26." The Sequoia limits are not cosmetic: the vmnet framework on macOS 15 only provides isolated networks, so container-to-container traffic does not work; multiple networks are not available; the network helper and vmnet can disagree on the subnet, producing containers with no network at all. The HN commenter who framed it as a "hold-out" question put it well: "those of us holding out on Sequoia who can't stand the broken glass UI … need to stick to Docker desktop." The takeaway: container runs on Sequoia but the network story is partial, and partial networking on a container host is a fast way to lose a day to a container that boots fine and then cannot reach the registry.

The original take: the bind-mount is the strategy, and OrbStack is the gap

Apple's container is what it is. The CLI is open source, the Containerization library is open source, the OCI integration is the real thing, and the per-container-VM design is genuinely better isolation than the shared-VM default Docker Desktop ships. None of that is the news. The news is the strategic shape of the release.

The bind-mount-to-$HOME default is the strategy. Apple is explicitly telling developers: this is a development environment, not a sandbox. Use it like you use a Mac, with the same home directory you already have. That is a choice about the size of the user base Apple wants to address: the median Mac developer who wants a Linux runtime that feels like a Mac. The security researcher who wants a Linux runtime that feels like a separate machine is the user Apple declined to court.

The second part is what Apple did not ship. No container desktop app. No memory ballooning that returns RAM to the host. No built-in UI for filesystem-sharing options, network topologies, or resource limits. There is a CLI. That CLI does the part of the job an Apple-engineer-on-a-team-of-Apple-engineers would build, and stops at the boundary where the user wants the product to think on their behalf. That boundary is exactly where OrbStack charges a license fee. The strategic read is that container is the worst thing that ever happened to OrbStack's mindshare and the best thing that ever happened to OrbStack's revenue: the official tool validates the category, and the gap between the official tool and a usable dev environment is the OrbStack product. Docker Desktop should be reading the same thread.

What this means for you

• If you ship a Mac dev tool that talks to Linux services: the per-VM-per-container model is your new default. Stop building against Docker Desktop's shared-VM model — your file-watcher and bind-mount assumptions are now the wrong ones.
• If you maintain a CI system that runs Mac workers, or you are still on macOS 15 Sequoia: container machine is the cheapest way to spin up a clean Linux-shaped environment on each job — but the macOS 15 networking bugs are real, so canary on a non-prod runner before you cut Docker Desktop out.
• If you are security-sensitive (supply-chain researcher, anyone who reads the npm postinstall headlines): the bind-mount default is a real exposure. Set --home-mount=none and mount only the paths your workflow needs.
• If you are a Docker Desktop customer on a per-seat license: the free, OS-supplied alternative is now good enough for most of what you are paying for. The two things that are not — memory ballooning and the desktop UI — are the OrbStack product, which competes on price for a single seat.
• If you are writing about this: the headline is "Apple told you $HOME is in scope by default, and the company that sells you the integration layer is the one the comment thread is buying licenses from." Apple shipped a CLI. The integration is somebody else's product.

What to do this week

# 1. If you have a Mac running macOS 26, install Apple's
#    container CLI via Homebrew and try the new machine
#    subcommand. The single most important command creates
#    a persistent, $HOME-mounted Linux environment.
brew install --cask container
container system start
container machine create alpine:latest --name dev
container machine run -n dev -- pwd   # /home/<you> — your Mac home, mounted in via /Users/<you>
container machine set -n dev cpus=4 memory=8G
container machine set -n dev home-mount=none   # if you want the security-sensitive override

# 2. If you maintain a Mac dev environment, audit your bind-mount
#    surface. The default Apple shipped is the one you can defend;
#    the security-sensitive override is --home-mount=none with
#    explicit -v mounts per workflow.

# 3. If you maintain a CI system that runs Mac workers, add a
#    canary job that runs `container machine run -n ci
#    -- <your-build-cmd>` on one Mac runner and measures cold
#    start + memory ceiling. The shape of the cost curve
#    (one VM per job vs. one shared VM) is the question that
#    will decide whether the swap is worth it for your team.

# 4. If you already run OrbStack or Colima, do the
#    one-afternoon comparison: stand up a `container machine`
#    for a representative workload and time the median
#    iteration. The "balloon memory" line from the HN thread
#    is the difference you will feel first.

Related reads from this blog

• Linear Is Fast Because the Browser Is the Database — Same architectural-bet shape: Linear chose the user's machine as the source of truth; Apple chose the user's home directory as the source of truth.
• Redis 8.8: Your Lua Rate Limiter Is Now Obsolete — The "single primitive beats a stack of helpers" pattern. container machine is the same bet: one CLI subcommand that replaces the Docker Desktop + OrbStack / Colima / Lima stack for the median case.
• Gemma 4 12B Just Killed the Multimodal Encoder — A vendor shipping the whole product in one open release. Apple shipped the whole runtime in one open repo; the desktop UI is the part Apple declined to ship.

Disclosure

This post was researched and drafted with AI assistance. Primary sources are listed in the Sources section above. Every architectural and version claim is taken from a fetched and cached Apple source — the synthesis, the framing, and the "what this means" angles are this post's own. Conflict-of-interest note: the primary sources are Apple's own product documentation for a product Apple ships, so the architectural claims (per-VM-per-container, OCI integration, Virtualization.framework integration) are vendor assertions, not independent benchmarks. The strategic-shape analysis in the original-take section is this post's framing, not a claim sourced from Apple. Version status: Apple shipped container 1.0.0 on 9 June 2026, but the project's own technical-overview still notes that "many common containerization features remain to be implemented."

Sources

• Apple, container/docs/container-machine.md, https://github.com/apple/container/blob/main/docs/container-machine.md
• Apple, container/docs/technical-overview.md (architecture, OCI integration, macOS 15 vs. 26 limits, memory-ballooning gap), https://github.com/apple/container/blob/main/docs/technical-overview.md
• Apple, Containerization Swift package, https://github.com/apple/containerization
• Hacker News, macOS Container Machines, story 48469658 by timsneath, 10 June 2026 (902 points, 322 comments at fetch time), https://news.ycombinator.com/item?id=48469658
• OrbStack developer comment on that thread, comment id 48470145, https://news.ycombinator.com/item?id=48470145
• HN commenter on the bind-mount default, comment id 48473224, https://news.ycombinator.com/item?id=48473224
• HN commenter on the security framing of container bind-mounts, comment id 48473303, https://news.ycombinator.com/item?id=48473303
• HN commenter on the macOS 26 requirement, comment id 48472488, https://news.ycombinator.com/item?id=48472488
• HN commenter on the OrbStack memory-ballooning gap, comment id 48470415, https://news.ycombinator.com/item?id=48470415
• HN commenter on the "bought an OrbStack license" pattern, comment id 48472575, https://news.ycombinator.com/item?id=48472575

The interesting question is whether Apple reads that thread — and whether the answer ships in a macOS release we have not seen the keynote for yet.