[qalmakka]

macOS sandboxing is deliberately limited just enough to prevent anyone from truly implement Darwin-on-Darwin containers. People have been discussing about this for a while, see https://github.com/apple/container/discussions/611

In general I understand the rationale behind Apple's decision. They sell hardware, and there's real demand for macOS on servers to run build jobs and other Mac-only tools. Giving you the ability to run multiple containers on a single Mac would end up turning a 10 Mac Mini order into a 2 Mac Minis order for most people. Rest assured, even if it would be technically possible they'd find a way to cap it somehow via the EULA or whatever

[coldtea]

I doubt this insignificant statistically speaking market (compared to the overall units they move) is what prevents them.

[inejge]

Domino theory as applied to business, plus one should never underestimate the lengths to which a company will go to wring the last ounce of profit from a market.

[larodi]

and how is this, having containers run hardware one owns, a bad or even shameful idea, given people do it and want to do it with their hardware all the time?

[qalmakka]

> aving containers run hardware one owns, a bad or even shameful idea

what? it isn't, it's absolutely a right you surely have. The problem is that

a. Apple forces people to buy Macs to build, notarise and deploy iOS and macOS apps b. Apple refuses to implement jails which is something that every OS, including Windows, has nowadays c. Apple only allows you to have 2 VMs - full, fat, with GUI - on each Mac computer, running at once c. Jails/Containers would allow you to easily deploy multiple jobs, which would allow you to have N jobs in parallel, which would mean you'd need way less Mac Studios/Mini in your local CI