macOS 容器机

macOS 容器机
macOS Container Machines

原始链接: https://github.com/apple/container/blob/main/docs/container-machine.md

Container machine 为 macOS 提供了一个轻量级、持久且高度集成的 Linux 环境。它基于标准的 OCI 镜像构建，允许开发者运行完整的 Linux 发行版（如 Ubuntu、Debian 或 Alpine），并与宿主机实现无缝集成。主要功能包括： * **统一的工作流程：** 您的 macOS 主目录和配置文件会自动挂载到容器中，使您能够使用原生 macOS 工具编写代码，同时在 Linux 环境中进行构建和测试。 * **系统级能力：** 与标准容器不同，这些机器运行 `init` 系统（如 `systemd`），使您能够管理长期运行的后台服务，并在模拟生产的环境中测试应用程序。 * **简便的管理：** 通过直观的命令行工具，您可以管理多个特定发行版的机器、调整资源（CPU/内存），并可在不同 Shell 之间即时切换。 * **无需复制步骤：** 由于容器机器与宿主机共享文件系统，Mac 上的分析器和调试器等工具可以直接与 Linux 产物进行交互，无需在不同环境间移动文件。无论您是需要跨不同发行版进行测试，还是需要一个持久的 Linux 工作空间，Container machine 都能提供快速、集成且灵活的开发体验。

苹果公司发布了“macOS Container Machines”，这是一项旨在为 macOS 开发者提供轻量级原生 Linux 环境的新工具。与标准的 OCI 容器不同，这些机器支持持久化和文件系统挂载，从而提供比传统 Linux 虚拟机更具整合性的体验。这一消息在 Hacker News 上引发了热烈讨论。许多用户希望这项技术最终能够取代 Docker Desktop 等资源密集型替代方案，通过将庞大的共享后台虚拟机替换为更小巧的苹果原生虚拟机来实现这一目标。在技术层面，关于架构支持的问题依然存在，特别是该工具是否会像 Colima 等替代方案那样，为 ARM64 Mac 提供 x86 仿真支持。此外，参与者指出该项目似乎仅限于 Apple Silicon，一些人将其解读为一种战略举措，旨在推动用户从英特尔硬件迁移。虽然一些开发者对性能提升和整合潜力感到兴奋，但另一些人仍持怀疑态度，理由是现有的第三方解决方案更为成熟，且该平台在资源管理方面仍面临挑战。

原文

Container machine provides a highly integrated Linux environment that works seamlessly on your Mac. Container machines are fast, lightweight and persistent. They are based on standard OCI images that can be built and shared. Host integrations such as automatic user and home directory sharing provide quick and easy access to your Linux environment no matter where you are in a terminal.

Containers are typically modeled after an application. A container machine is modeled after a Linux environment. It runs the image's init system allowing you to register long running services or test your application under a process supervisor. A container machine automatically maps your username and home directory into the Linux environment. Your repositories and dotfiles are available on both platforms. Use editors and tools directly on macOS simultaneously building and running your application inside of the Linux environment.

Edit on the Mac, build inside. Your repo lives in $HOME on macOS and is mounted at /Users/<username> inside the container machine. Use your macOS editor or IDE; compile and run inside your container machine.
Use macOS-native tooling against Linux artifacts. Profilers, screenshot tools, browsers, and GUI debuggers on your Mac all see the same files the container machine sees — there is no copy step between "I built it" and "I am inspecting it".
Real Linux services for testing. Run a database or whatever your stack needs as a system service — systemctl start postgresql works on images with systemd installed.
One environment per target distro. Create as many container machines as you have target distros — alpine, ubuntu, debian. Each has the same $HOME and the same dotfiles from your Mac. Quickly test your application in various distributions.

container machine create alpine:latest --name dev
container machine run -n dev whoami       # your host username, not root
container machine run -n dev pwd          # /home/<you> — your Mac home dir, mounted in
container machine run -n dev              # interactive shell; cd into your repos in $HOME

container machine run is how you get a shell or run a single command. If the container machine is stopped, run boots it first.

Working in a container machine

Open a shell, or run a single command

With no command, container machine run opens an interactive shell as a user that matches your host account:

container machine run -n dev

Pass a command to run it once and exit:

container machine run -n dev uname -a
container machine run -n dev -- cat /proc/cpuinfo

Pick a default container machine so you can drop the -n flag:

container machine set-default dev
container machine run                 # operates on dev

List, inspect, stop, delete

container machine ls                  # list all container machines
container machine inspect dev         # JSON detail for one
container machine stop dev            # stop the container machine
container machine rm dev              # delete, including its persistent storage

container machine has the alias m, so m ls, m run, etc. all work.

Resize CPUs, memory, or change the home-mount

container machine set updates configuration on disk. Changes take effect after the next stop and start:

container machine set -n dev cpus=4 memory=8G
container machine stop dev
container machine run -n dev -- nproc

Memory defaults to half of host memory. The home-mount can be rw (default), ro, or none.

Bring your own container machine image

Any Linux image that includes /sbin/init works as a container machine. For example, this Dockerfile builds an Ubuntu 24.04 container machine image with systemd and common command-line tools:

FROM ubuntu:24.04

ENV container container

RUN apt-get update && \
    apt-get install -y \
    dbus systemd openssh-server net-tools iproute2 iputils-ping curl wget vim-tiny man sudo && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/* && \
    yes | unminimize

RUN >/etc/machine-id
RUN >/var/lib/dbus/machine-id

RUN systemctl set-default multi-user.target
RUN systemctl mask \
      dev-hugepages.mount \
      sys-fs-fuse-connections.mount \
      systemd-update-utmp.service \
      systemd-tmpfiles-setup.service \
      console-getty.service
RUN systemctl disable \
      networkd-dispatcher.service

RUN sed -i -e 's/^AcceptEnv LANG LC_\*$/#AcceptEnv LANG LC_*/' /etc/ssh/sshd_config

Build it and create a container machine from it:

container build -t local/ubuntu-machine:latest .
container machine create local/ubuntu-machine:latest --name ubuntu

By default, container runs a built-in setup script on first boot to provision the user described above. To use your own setup instead, add an executable script at /etc/machine/create-user.sh to the image. It runs once, as root, on first boot, with these variables set:

CONTAINER_GID
CONTAINER_HOME
CONTAINER_MACHINE_ID
CONTAINER_UID
CONTAINER_USER