← Back to context

Comment by cedws

6 months ago

Forget Linux containers on Mac, as far as I’m concerned that’s already a solved problem. What about Mac containers? We still don’t have a way to run a macOS app with its own process namespace/filesystem in 2025. And with all this AI stuff, there’s a need to minimise blast radius of a rogue app more than ever.

10 comments

cedws

Reply
hadlock  6 months ago

Is there any demand for mac binaries in production? I can't think of a single major cloud provider that offers Mac hardware based k8s nor why you'd want to pay the premium over commodity hardware. Linux seems to be the lingua franca of containerized software distribution. Even windows support for containers is sketchy at best

  • vineyardmike  6 months ago

    > I can't think of a single major cloud provider that offers Mac hardware based k8s nor why you'd want to pay the premium over commodity hardware

    If you're a dev team that creates Mac/iOS/iPad/etc apps, you might want Mac hardware in your CI/CD stack. Cloud providers do offer virtual Macs for this purpose.

    If you're a really big company (eg. a top-10 app, eg. Google) you might have many teams that push lots of apps or app updates. You might have a CI/CD workflow that needs to scale to a cluster of Macs.

    Also, I'm pretty sure apple at least partially uses Apple hardware in the serving flow (eg. "Private Cloud Compute") and would have an interest in making this work.

    Oh, and it'd be nice to be able to better sand-box untrusted software running on my personal dev machine.

  • jurip  6 months ago

    I don't think the parent was asking for server side macOS containerization, but desktop. It'd be nice to put something like Cursor in a sandbox where it really couldn't rm -rf your home directory. I'd love to do the same thing with every app that comes with an installer.

    • hadlock  6 months ago

      I've had really poor experience doing anything with container deployed consumer apps in Linux. As soon as you even look at going out of the happy path, things immediately start going sideways.

      1 reply →

    • duped  6 months ago

      You already can with `sandbox_exec`. And the entire entitlements design is there to force apps to have granular permissions.

  • hamandcheese  6 months ago

    I think at one point (many years ago) I read that imgix.com was using macs for their image processing CDN nodes.

    In my experience, the only use case for cloud macs is CI/CD (and boy does it suck to use macOS in the cloud).