Apple's container tool hits 1.0, giving every Linux container its own micro-VM

Apple's open-source container tool reached version 1.0 on 9 June, its first stable API and tooling contract since the project launched at WWDC 2025.

What sets it apart from Docker is isolation. Instead of running every container inside one shared Linux VM, Apple gives each container its own dedicated, lightweight micro-VM, written in Swift and tuned for Apple silicon. The 1.0 release also adds "container machine," a command for managing that underlying VM environment directly. The catch for some: it is Apple silicon only, with no support for Intel Macs. The project has passed 26,000 GitHub stars.

Per-container micro-VMs are more than a Docker footnote right now. They are the isolation model that coding agents increasingly lean on to run code they generated but no one has reviewed, where a shared kernel is a real blast radius. Apple just made that model a stable, first-class primitive on the Mac.