[Request]: macOS inside containers

[jbschooley]

Feature or enhancement request details

Given that Apple is writing their own containerization framework, it would be great to see the ability to run macOS itself inside a container. CI/CD is so much easier with containers and macOS not supporting being run in a container makes it harder to manage CI/CD processes for mac and iOS apps. I'd love to see that change.

Obviously mac containers would have to run on a mac host and might only run in this container framework but it would be a huge improvement for mac development.

Code of Conduct

• I agree to follow this project's Code of Conduct

[jershell]

As I understand it, this is some kind of misunderstanding, and either we misunderstood something, or it’s really not possible to create a container with macOS itself?

[jbschooley]

As I understand it, this is some kind of misunderstanding, and either we misunderstood something, or it’s really not possible to create a container with macOS itself?

As far as I know, you can't create a container with macOS itself. There are a few macOS containers on github but those run qemu in a container and a full macOS VM in that. Slow, requires going through OOBE, violates Apple's license so can't use it commercially without consequences.

What I want is a container inside which I can run macOS software. Mostly xcode builds. Would be a game changer for CI/CD with macOS and iOS development. This currently does not exist, but seems like the next logical step in Apple's official container support.

[egernst]

I understand the request, and thanks for opening the issue @jbschooley. I think you are highlighting that there'd be utility in being able to have a container like construct for a macOS based workload. Right?

Today github.com/apple/containerization and this project focus just on Linux based container workloads.

[patriknyblad]

Adding my +1 here, it would be fantastic to run macOS containers so I can run macOS software in a container inside of macOS 😍

[jbschooley]

@egernst Yep, this exactly. I've been waiting a long time for the day where I can run macOS/iOS builds in containers just like I can with Windows and Linux builds and not have to worry about cleanup or software updates breaking things on the host.

[altaic]

@jbschooley Unless I'm missing something about what you're looking for, virtualizing macOS has been possible for ~5 years via Apple's Virtualization.framework, no qemu or other emulation necessary. It's not lightweight like minimal Linux VMs, but that's because macOS isn't lightweight and the typical container patterns don't really make sense with a full OS. Nevertheless, it's been available and there are several open source projects utilizing it.

For more info, I recommend Apple's documentation [1] and Howard Oakley [2] has dozens of articles about it (scroll down past the author's own software offerings for a list of articles).

[1] https://developer.apple.com/documentation/virtualization
[2] https://eclecticlight.co/virtualisation-on-apple-silicon/

[jbschooley]

macOS isn't lightweight and the typical container patterns don't really make sense with a full OS

Before containers existed this was how things worked with Linux and Windows too. Windows containers still aren't exactly lightweight, but containerization still makes CI with Windows apps so much easier.

Yes, Apple does have their virtualization framework for full VMs. But say you want to try building your iOS app with a new version of Xcode. You have to create a new VM, manually click through OOBE and set up user accounts, and eventually you get to a terminal and can paste in a script to install everything. Or you copy your existing VM and update Xcode but then you have assets left over from the old version that might cause different behavior than a fresh install would.

Whereas with a container you could just write a dockerfile to do all that boring stuff. Or you pull from someone else's image that already has it all installed, and all your dockerfile or build script has to do is clone your code into it and build, and maybe pull credentials from secrets or env vars or keychain. macOS or Xcode releases an update, just update version numbers and let it run.

With Apple developing their own containerization framework, now seems like a great time to join the other platforms in making CI better.

[altaic]

Ah that makes sense. Maybe look into MDM workflows for macOS? Apple provides utilities and there are 3rd party ones as well, though I'm not sure how streamlined they are for virtualized instances. I'd be surprised if something doesn't already exist, though.

[jbschooley]

I doubt there's something that works nearly as well as containers though. With a container you can use layers to make distribution way easier. So you can build an image like:

• Base macOS 26 layer (17gb)
• Specific version of Xcode and associated tools (3gb?)

Want to try another version of Xcode? Change the version number in your dockerfile, run a single command to build it, a few minutes later you have an image with the newer version and absolutely no artifacts from the old version. Want to share that image with a coworker? If they already have the base macOS image they only need to download the 3gb layer.

With VMs, you have to keep a copy of the base VM and another copy with the Xcode stuff, and any time you want to run it, copy that image again to ensure you always have a copy without leftovers from previous builds. You have to wait for the full OS to boot and make sure you have something running on that VM to listen for commands from the host and an automated way to get artifacts out. With a container, it uses the host kernel and starts up within a second or two, and the containerization framework manages getting commands in and std/files out of the guest OS.

Yeah, there's ways to automate CI on Macs. They aren't great. I build on Macs at work and we just have to run builds on the host, make sure leftover crap is cleared after builds, and pray that an update doesn't break our pipelines and require hours of work to fix them when we're trying to focus on more important stuff.

[baylisscg]

macOS is missing equivalents to some of the key Linux kernel features used by containers so building containers at the OS level probably isn't practical.

However, something like adding Hypervisor framework support to Kata Containers would probably be the way to go as apple/containerization uses it as a basis already and you can run at least run macOS in a VM already. How close apple/containerization is and how much extra work would be needed I've no clue though.

[eddively]

Feels like a Darwin-based *Nix/BSD option could be very thin and light and provide the core Mac OS virtualization functions.

[cavivie]

I'm not making a malicious comment absolutely! I am surprised that there is no positive comment from Apple developers (even revealing the feasibility of technical implementation or the fact that the basic technology has been implemented) for this feature that is so urgently needed by developers.

[wojtekmach]

I believe this would be a very welcome change indeed. Could be a backend for tools like https://github.com/nektos/act, allowing to test more things locally in a more reproducible manner.

[helmut72]

@jbschooley How about Tart for your use case?

macOS and Linux VMs on Apple Silicon to use in CI and other automations