Apple container 1.0 and container machine: hands-on security test

A few days ago during WWDC26, Apple released container 1.0. The release notes are short, but the important part is clear: Apple wants people to try the new container machine functionality. As a team leader, when new products or tools enter the areas I work on, I like to spend some free time testing them directly. It helps me understand where they can be useful, where the limits are, and what security implications they may have for my engineering team or for customers. ...

June 12, 2026 · 11 min · 2164 words · Matteo Bisi

Apple container announced

As you probably know, Apple is running WWDC 25, and yesterday there were a lot of exciting announcements. Among these, aside from the OS updates, Apple announced “container” and containerization support for macOS 26. Here are the key features: Manage OCI images Interact with remote registries Create and populate ext4 file systems Interact with the Netlink socket family Create an optimized Linux kernel for fast boot times Spawn lightweight virtual machines Manage the runtime environment of virtual machines Spawn and interact with containerized processes Use Rosetta 2 for executing x86_64 processes on Apple silicon In fact, the “container” client will be able to spawn a lightweight VM with an optimized Linux kernel and small rootFS, where you can run Linux containers using Rosetta 2 for executing x86 instructions. The interesting part from a security perspective is that every container will run isolated inside its own lightweight VM. ...

June 10, 2025 · 2 min · 215 words · Matteo Bisi

macOS, Podman Desktop and the Podman Machine: Pay Close Attention to the Podman Version

Using Podman as the standard tool requested by clients for running local containers outside of a Kubernetes environment, I decided to start the year by installing Podman Desktop on my company MacBook. Podman Desktop features a user interface (UI) similar to Docker Desktop, making it easier to manage containers and images. It also includes plugin management to extend its functionality, such as deploying containers on Kubernetes. After installing Podman Desktop version 1.15.0, I proceeded with the setup but encountered issues with the Podman machine (the virtual machine dedicated to running containers) which failed to start. There were no errors; it just hung during startup. ...

January 10, 2025 · 2 min · 264 words · Matteo Bisi