12 Jun
2025
12 Jun
'25
2:01 p.m.
On Thu, 12 Jun 2025 13:37:10 +1200, Peter Reutemann qwuoted:
'Container runs standard OCI images, but it doesn't use a single shared Linux VM. Instead, it creates a small Linux virtual machine for every container you spin up. That sounds heavy at first, but the VMs are lightweight and boot quickly. Each one is isolated, which Apple claims improves both security and privacy.'
Or they could run proper Linux containers under a single Linux VM, to make things even more lightweight while taking advantage of built-in Linux capabilities that improve both security and privacy.