Apple container 1.0 and container machine: hands-on security test

A few days ago during WWDC26, Apple released container 1.0. The release notes are short, but the important part is clear: Apple wants people to try the new container machine functionality. As a team leader, when new products or tools enter the areas I work on, I like to spend some free time testing them directly. It helps me understand where they can be useful, where the limits are, and what security implications they may have for my engineering team or for customers. ...

June 12, 2026 · 11 min · 2164 words · Matteo Bisi

Apple container announced

As you probably know, Apple is running WWDC 25, and yesterday there were a lot of exciting announcements. Among these, aside from the OS updates, Apple announced “container” and containerization support for macOS 26. Here are the key features: Manage OCI images Interact with remote registries Create and populate ext4 file systems Interact with the Netlink socket family Create an optimized Linux kernel for fast boot times Spawn lightweight virtual machines Manage the runtime environment of virtual machines Spawn and interact with containerized processes Use Rosetta 2 for executing x86_64 processes on Apple silicon In fact, the “container” client will be able to spawn a lightweight VM with an optimized Linux kernel and small rootFS, where you can run Linux containers using Rosetta 2 for executing x86 instructions. The interesting part from a security perspective is that every container will run isolated inside its own lightweight VM. ...

June 10, 2025 · 2 min · 215 words · Matteo Bisi