Monday, October 9, 2023

macOS Containers 0.0.1

macOS Containers (via Hacker News):

Containers have fundamentally changed the way that modern software is developed and deployed. Containers are supported by a wide range of operating systems including FreeBSD, Solaris, Linux and even Windows, but are not natively supported by macOS. Until now.

We’re announcing initial 0.0.1 release of macOS native containers. Yes, you can now run macOS inside macOS, build images using Docker and distribute them using registries.


4 Comments RSS · Twitter · Mastodon

While the initiative looks promising, It looks like the original author has limited knowledge of computer security:

> "WRT security implications of disabling SIP - I don't think OS becomes any less vulnerable than usual Linux/Windows installation.

@Jean-Daniel: Is that meant to say “more” instead of “less”? The author is not concerned about disabling SIP, but you are?

I don't quite understand why chroot would be blocked with SIP, and it sounds like that's an unintended side effect.

But also, my guess is Apple would recommend disk images instead. Would those be an option while still remaining compatible with OCI?

Wait, WTF? chroot(2) is blocked by SIP? It's no skin off my nose for SIP to be disabled at least on my desktop Macs, in any event. I don't see the security implications on trusted machines with trusted software.

But also, containers on macOS? I know they're popular, but wouldn't it be better to focus on the problems containers are a short-term non-solution for, like build reproducibility and package management? Unless your operation is so absolutely mindbogglingly massive that you can't afford even an atom of doubt, this just seems like total overkill / a science project / PoC.

Leave a Comment