At WWDC 2025, Apple announced a groundbreaking new feature for macOS: the ability to run Kali Linux natively within Apple’s own container system. This enhancement, available beginning with macOS Sequoia 15.5 and slated for deeper integration in macOS Tahoe 26, marks a significant step forward for both developers and cybersecurity professionals seeking advanced Linux capabilities directly on their Mac devices.
A Native Solution for Linux Containers
This new containerization solution is Apple’s answer to the demand for robust Linux support on macOS, offering functionality reminiscent of Microsoft’s Windows Subsystem for Linux (WSL2) but with several key advantages. Apple’s container framework is tightly coupled with the system’s Virtualization.framework and Hypervisor.framework, resulting in each container running inside its own lightweight virtual machine (VM). Unlike Docker Desktop, which typically shares a LinuxKit VM across containers, Apple’s approach provides:
- Stronger Security: Each container is isolated in its own VM, minimizing the risk of attacks spreading between environments.
- Performance: Containers can start up in under a second, with near-native input/output speeds and reduced resource consumption.
- Seamless Integration: Users can access a familiar, Docker-like workflow directly through Apple’s new
containerCLI tool, removing the need for additional software.
Kali Linux Support Out-of-the-Box
Kali Linux, a popular distribution for penetration testing and security research, is among the first to provide official images fully compliant with the Open Container Initiative (OCI) format. This means that Mac users can launch a Kali Linux container with a simple command:
container run --rm -it kalilinux/kali-rolling
For those needing persistent storage, directories can be mounted into the container:
container run --rm -it -v $(pwd):/mnt -w /mnt kalilinux/kali-rolling
Getting Started
To access this powerful integration, users need the following:
- Apple Silicon is required (Intel-based Macs are not supported).
- macOS Sequoia 15.5 or newer installed on the device.
- Container CLI can be installed via Homebrew:
install --cask container - Initialize the container system:
container system start(This step will prompt users to download a lightweight Kata Containers kernel.) - Run Kali Linux as outlined above.
Networking and System Notes
Kali Linux containers utilize the latest aarch64 Linux kernel, as maintained by the Kali team. Basic networking is supported out of the box, though early users on macOS Sequoia may encounter occasional DNS or IP assignment quirks—anticipated fixes are scheduled with the release of macOS Tahoe 26.
Why This Matters
With native containerization, Apple has positioned macOS as a top-tier operating system for professionals in security, development, and IT operations. This new framework delivers lower overhead, superior performance, and the seamless convenience of running a full-featured Kali Linux environment—all without the need to manage heavy virtual machines or install Docker Desktop.
