Apple Container 0.9.0
github.comIs there anything especially interesting about version 0.9.0? Nothing stands out to me in the changelog.
Has anyone used this for shipping native apps? I know that's not what it was designed for but I would love to be able to ship a Tauri + rails app some day
is this à replacement for docker ?
Super interesting that they're using swift. Does this mean the project is only a wrapper for system libraries ? I can't imagine writing low-level system code in swift yet.
From Apple's point of view it is perfectly fine for such purposes.
> From its earliest conception, Swift was built to be fast. Using the incredibly high-performance LLVM compiler technology, Swift code is transformed into optimized machine code that gets the most out of modern hardware. The syntax and standard library have also been tuned to make the most obvious way to write your code also perform the best whether it runs in the watch on your wrist or across a cluster of servers. And Swift is the best choice to succeed C++. It includes low-level primitives such as types, flow control, and operators, and provides object-oriented features such as classes, protocols, and generics.
> Swift is efficient enough to be used in constrained environments like embedded devices, and powerful enough to scale all the way up to servers and cloud infrastructure.
-- https://developer.apple.com/swift/
From my point of view, if Go does it, Swift is much better at the same game.
Swift goes further down the stack than you might at first imagine -- there's a lot of Swift written at Apple even in places where you might expect C.
The container CLI tool wraps the underlying Containerization framework, which in turn vends packages for things like EXT4 file system support -- all written in Swift. Here's one example as a jumping off point. https://github.com/apple/containerization/blob/main/Sources/...
I was going to rant about how containerization does not just mean Linux namespaces but that is what this is.
This project is very similar to docker with a background daemon server that you control via a cli to launch Linux containers.
Because Linux containers need Linux namespaces, each container is run in a virtual machine with a Linux kernel.
I'm surprised that given Apples love of sandboxing, especially on iOS, that XNU doesn't have something similar to namespaces or jails.
IIRC they went for policy based sandboxing with Seatnelt and SIRP. That is pretty darn nice for gui apps, but not very good for things like containers.
> A tool for creating and running Linux containers using lightweight virtual machines on a Mac. It is written in Swift, and optimized for Apple silicon.
apple.github.io/container/documentation/
yes, it creates a microvm (using vz) per container though. Good if you need that kind of isolation, otherwise a little wasteful.
Anybody tried running vscode server in this? I don’t want to run it on my macOS with no sandbox, I find the full file access in the browser to be uncomfortable. I’ve fought Colima before and ran it within there but the host/vm permissions for editing files in a projects folder were a pain.
So it’d be cool if this or a sandbox tool could help.
I haven’t tried bopca [1] with VSCode Server yet, but I will today. Should work fine, and if it doesn’t already, I’ll get it working.