[outworlder]

> Docker on Mac has never felt as snappy as on Linux

It's extremely slow compared to Linux and I'm pointing my fingers at the virtualization layer without any hard evidence because it's the most likely suspect.

With all this focus on sandboxing apps of late, I'm wondering how far the OSX kernel is from having a feature set that resembles cgroups and network namespaces.

[ploxiln]

I used docker inside a vagrant+virtualbox VM running ubuntu, on macOS, for a few years. It's more reliable, and more debuggable, than docker for mac. It's some easy-auto-transparent storage and networking layers that make docker-for-mac so flaky.

[GGfpc]

So you have your setup documented anywhere?

[my123]

They have containers already in a sense, whatever the iOS Simulator.app uses is not VMs, and it's a container in more ways than just one.

[astrange]

It's a launchd namespace. It's not meant to be secure in the same way a container would be, but it could be used for something.

[BillinghamJ]

That is not exactly designed to deliver any kind of isolation though - it just runs normal processes