macOS Containers v0.0.1

• rund

  4 417 8.5 Go

  OCI Container Runtime for Darwin

  

> Also not sure if it can be dynamically set by a parent process for a child?

Yes, it can. See sandbox-exec tool. And I actually plan to use it: https://github.com/macOScontainers/rund/issues/15

• darwin-jail

  3 64 7.7 Python

  Chroot jail for Darwin

  

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• containerd

  125 16,292 9.9 Go

  An open and reliable container runtime

  

This is a failed attempt to upstream part of containerd changes: https://github.com/containerd/containerd/pull/8789

Other part of containerd changes waits for gods-know-what: https://github.com/containerd/containerd/pull/9054

But I haven't gave up yet.

• containerd

  2 7 0.0 Go

  An open and reliable container runtime (by darwin-containers)

  

Nope, that PR was an attempt to upstream my changes: https://github.com/macOScontainers/containerd/commits/macos

Vanilla containerd cannot mount anything on macos.

• homebrew-formula

  1 613 7.5 Ruby
  

https://github.com/macOScontainers/homebrew-formula

"macOS native containers"

Cool, this sounds interesting.

"Disable System Identity Protection."

Eesh.

• HomeBrew

  1,281 39,373 10.0 Ruby

  🍺 The missing package manager for macOS (or Linux)

  

Perhaps they are talking about Homebrew the package manager [1].

[1] https://brew.sh

• inara

  2 19 4.7 Lua

  Tools to create JOSS/JOSE publishing artifacts

  

> i haven't found any issues with it that i could not get over in the past 2+ years of m1.

I'm currently running a Journal of Open Source Software x86 container on aarch64 and it's terribly slow. Takes 12GB of RAM and 3 minutes to build a LaTeX document, see https://github.com/openjournals/inara/issues/30. Any tips?

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• yabai

  218 21,317 9.1 C

  A tiling window manager for macOS based on binary space partitioning

SIP is a feature that protects you from malicious actors with root (admin) access on your device. After they've encrypted your photos and drives and changed your passwords, it prevents them from making your machine unbootable by deleting or altering system binaries. As a side effect of this protection, you give up certain freedoms to customize your system.

https://github.com/koekeishiya/yabai

For instance requires SIP to be disabled.

• macos-image-templates

  1 177 8.4 HCL
  

> What's the licensing situation on this?

1. This project didn't take explicit permission from Apple to redistribute binaries

2. There are multiple jurisdictions where you don't need to explicitly have such permission, it is implied by law

3. Usage of this software implies you already have macOS system. I'm not a lawyer, but it looks to be covered by section 3 of macOS EULA.

4. There are existing precedents of redistribution of macOS binaries for multiple years aready:

- https://github.com/cirruslabs/macos-image-templates/pkgs/con...

- https://hub.docker.com/r/sickcodes/docker-osx

- https://app.vagrantup.com/jhcook/boxes/macos-sierra

And so on.

• Docker-OSX

  132 35,279 5.7 Shell

  Run macOS VM in a Docker! Run near native OSX-KVM in Docker! X11 Forwarding! CI/CD for OS X Security Research! Docker mac Containers.

> What's the licensing situation on this?

1. This project didn't take explicit permission from Apple to redistribute binaries

2. There are multiple jurisdictions where you don't need to explicitly have such permission, it is implied by law

3. Usage of this software implies you already have macOS system. I'm not a lawyer, but it looks to be covered by section 3 of macOS EULA.

4. There are existing precedents of redistribution of macOS binaries for multiple years aready:

- https://github.com/cirruslabs/macos-image-templates/pkgs/con...

- https://hub.docker.com/r/sickcodes/docker-osx

- https://app.vagrantup.com/jhcook/boxes/macos-sierra

And so on.

• orbstack

  36 4,317 6.2 Shell

  Fast, light, simple Docker containers & Linux machines for macOS

  

OrbStack doesn’t require breaking security: https://orbstack.dev/

• runner-images

  51 9,082 9.8 PowerShell

  GitHub Actions runner images

  

Reminds me: Still waiting for native ARM support on GitHub Actions https://github.com/actions/runner-images/issues/5631

• moby

  1 8 0.0 Go

  Moby Project - a collaborative project for the container ecosystem to assemble container-based systems (by darwin-containers)

  

• buildkit

  1 1 9.8 Go

  concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit (by darwin-containers)

  

• go

  2,068 119,564 10.0 Go

  The Go programming language

  

• semver

  720 7,020 2.3

  Semantic Versioning Specification

  

Oh, it was easier than I thought: https://semver.org/#spec-item-2

    A normal version number MUST take the form X.Y.Z where X, Y, and Z are

• buildkit

  53 7,669 9.8 Go

  concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit

  

• Moby

  212 67,716 10.0 Go

  The Moby Project - a collaborative project for the container ecosystem to assemble container-based systems

  

• SaaSHub

  www.saashub.com sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Suggest a related project