Apple Container CLI

This skill activates when working with Apple Container for running Linux containers natively on Apple silicon Macs.

当你使用Apple Container在Apple Silicon Mac上原生运行Linux容器时，可启用本技能。

When to Use This Skill

适用场景

Activate when:

Running Linux containers on macOS 26+ with Apple silicon
Managing container lifecycle (run, stop, exec, logs, inspect)
Building OCI-compatible container images
Managing container images (pull, push, tag, save, load)
Configuring container networks and volumes
Managing the container system service
Migrating between Apple Container versions (0.5.x to 0.9.x)

在以下场景启用本技能：

在搭载Apple Silicon芯片、运行macOS 26及以上版本的Mac上运行Linux容器
管理容器生命周期（运行、停止、执行命令、查看日志、检查详情）
构建兼容OCI标准的容器镜像
管理容器镜像（拉取、推送、打标签、保存、加载）
配置容器网络和卷
管理容器系统服务
在Apple Container不同版本间迁移（从0.5.x升级到0.9.x）

What is Apple Container?

什么是Apple Container？

Apple Container is a macOS-native tool for running Linux containers as lightweight virtual machines on Apple silicon:

Swift-based: Built on Apple's Virtualization.framework
OCI-compatible: Produces and runs standard OCI container images
Apple silicon only: Requires Apple silicon Mac (M1 or later)
Pre-1.0: Currently at version 0.9.0, breaking changes expected between minor versions
Lightweight VMs: Each container runs as a lightweight Linux VM

Apple Container是一款macOS原生工具，可在Apple Silicon芯片上以轻量级虚拟机的形式运行Linux容器：

基于Swift开发：构建于Apple的Virtualization.framework之上
兼容OCI标准：生成并运行标准OCI容器镜像
仅支持Apple Silicon：需要搭载M1或后续系列芯片的Mac
预1.0版本：当前版本为0.9.0，小版本更新间可能存在破坏性变更
轻量级虚拟机：每个容器以独立的轻量级Linux虚拟机运行

Prerequisites

前置条件

macOS 26 or later (Tahoe)
Apple silicon Mac (M1, M2, M3, M4 series)
Install via signed
```
.pkg
```
from GitHub releases

macOS 26或更高版本（Tahoe）
搭载Apple Silicon芯片的Mac（M1、M2、M3、M4系列）
通过GitHub发布页下载签名的
```
.pkg
```
安装包进行安装

System Management

系统管理

Manage the container system service that runs in the background:

bash

undefined

管理在后台运行的容器系统服务：

bash

undefined

Start the system service

启动系统服务

container system start

Stop the system service

停止系统服务

container system stop

Check service status

检查服务状态

container system status

Show CLI version

查看CLI版本

container system version

View system logs

查看系统日志

container system logs

Show disk usage

查看磁盘使用情况

container system df

undefined

container system df

undefined

System Properties

系统属性

Configure system-level settings (consolidated in 0.5.0):

bash

undefined

配置系统级设置（0.5.0版本起整合）：

bash

undefined

List all properties

列出所有属性

container system property list

Get a specific property

获取指定属性

container system property get <key>

Set a property

设置属性

container system property set <key> <value>

Clear a property

清除属性

container system property clear <key>

undefined

container system property clear <key>

undefined

System DNS

系统DNS

Manage DNS configuration for containers:

bash

undefined

管理容器的DNS配置：

bash

undefined

Create a DNS entry

创建DNS条目

container system dns create <name> <ip>

Delete a DNS entry

删除DNS条目

container system dns delete <name>

List DNS entries

列出所有DNS条目

container system dns list

undefined

container system dns list

undefined

Custom Kernel

自定义内核

Set a custom Linux kernel for containers:

bash

undefined

为容器设置自定义Linux内核：

bash

undefined

Set custom kernel

设置自定义内核

container system kernel set <path>

Force set (0.5.0+)

强制设置（0.5.0及以上版本）

container system kernel set --force <path>

undefined

container system kernel set --force <path>

undefined

Container Lifecycle

容器生命周期

Run Containers

运行容器

bash

undefined

bash

undefined

Run interactively

交互式运行

container run -it ubuntu:latest /bin/bash

Run detached

后台运行

container run -d --name myapp nginx:latest

Run with port mapping

端口映射运行

container run -d -p 8080:80 nginx:latest

Run with volume mount

挂载卷运行

container run -v /host/path:/container/path ubuntu:latest

Run with environment variables

设置环境变量运行

container run -e FOO=bar -e BAZ=qux myimage:latest

Run with auto-remove

自动删除模式运行

container run --rm -it alpine:latest /bin/sh

Combined common flags

常用参数组合

container run -d --name web -p 8080:80 -v ./html:/usr/share/nginx/html -e ENV=prod nginx:latest

Run with resource limits (0.9.0+)

资源限制运行（0.9.0及以上版本）

container run -d --name app --cpus 2 --memory 4g myapp:latest

Run with read-only rootfs (0.8.0+)

只读根文件系统运行（0.8.0及以上版本）

container run --read-only -v tmpdata:/tmp myapp:latest

Run with Rosetta x86_64 emulation (0.7.0+)

启用Rosetta x86_64模拟运行（0.7.0及以上版本）

container run --rosetta -it amd64-image:latest /bin/bash

Run with DNS configuration

配置DNS运行

container run --dns 8.8.8.8 --dns-search example.com myapp:latest

Run with custom MAC address (0.7.0+)

设置自定义MAC地址运行（0.7.0及以上版本）

container run --mac-address 02:42:ac:11:00:02 --network mynet myapp:latest

Access host from container (0.9.0+)

从容器访问主机（0.9.0及以上版本）

Use host.docker.internal to reach host services

使用host.docker.internal访问主机服务

container run -e API_URL=http://host.docker.internal:3000 myapp:latest

undefined

container run -e API_URL=http://host.docker.internal:3000 myapp:latest

undefined

Manage Running Containers

管理运行中的容器

bash

undefined

bash

undefined

List running containers

列出运行中的容器

container list container ls

List all containers (including stopped)

列出所有容器（包括已停止的）

container list --all

Start a stopped container

启动已停止的容器

container start <name-or-id>

container start <名称或ID>

Stop a running container

停止运行中的容器

container stop <name-or-id>

container stop <名称或ID>

Kill a container (force stop)

强制终止容器

container kill <name-or-id>

container kill <名称或ID>

Remove a container

删除容器

container delete <name-or-id> container rm <name-or-id>

container delete <名称或ID> container rm <名称或ID>

Execute command in running container

在运行中的容器内执行命令

container exec -it <name-or-id> /bin/bash

container exec -it <名称或ID> /bin/bash

Execute command detached (0.7.0+)

后台执行命令（0.7.0及以上版本）

container exec -d <name-or-id> /usr/bin/background-task

container exec -d <名称或ID> /usr/bin/background-task

View container logs

查看容器日志

container logs <name-or-id> container logs --follow <name-or-id>

container logs <名称或ID> container logs --follow <名称或ID>

Inspect container details

查看容器详情

container inspect <name-or-id>

container inspect <名称或ID>

Container resource stats

查看容器资源统计

container stats

Remove all stopped containers

删除所有已停止的容器

container prune

undefined

container prune

undefined

Create Without Starting

创建容器但不启动

bash

undefined

bash

undefined

Create container without starting

创建容器但不启动

container create --name myapp nginx:latest

Start it later

后续启动容器

container start myapp

undefined

container start myapp

undefined

Image Management

镜像管理

bash

undefined

bash

undefined

Pull an image

拉取镜像

container image pull ubuntu:latest

Pull with platform specification

指定平台拉取镜像

container image pull --platform linux/arm64 nginx:latest container image pull --arch arm64 --os linux nginx:latest

List images

列出镜像

container image list container image ls

Tag an image

为镜像打标签

container image tag ubuntu:latest myregistry/ubuntu:v1

Push to registry

推送镜像到仓库

container image push myregistry/ubuntu:v1

Save image to archive

将镜像保存为归档文件

container image save ubuntu:latest -o ubuntu.tar

Load image from archive

从归档文件加载镜像

container image load -i ubuntu.tar

Delete an image

删除镜像

container image delete ubuntu:latest

Force delete an image (0.9.0+, verify flag with --help)

强制删除镜像（0.9.0及以上版本，使用--help验证参数）

container image delete --force ubuntu:latest

Inspect image metadata (enhanced output in 0.9.0+)

查看镜像元数据（0.9.0及以上版本增强输出）

container image inspect ubuntu:latest

Remove unused images

删除未使用的镜像

container image prune

Remove all unused images, not just dangling (0.7.0+)

删除所有未使用的镜像（不仅是悬空镜像，0.7.0及以上版本）

container image prune -a

undefined

container image prune -a

undefined

Platform Flags

平台参数

When pulling or building images, specify the target platform:

bash

--platform linux/arm64       # Full platform string
--arch arm64                 # Architecture only
--os linux                   # OS only
--scheme oci                 # Image scheme

Architecture aliases (0.8.0+):

amd64

=

x86_64

,

arm64

=

aarch64

拉取或构建镜像时，可指定目标平台：

bash

--platform linux/arm64       # 完整平台字符串
--arch arm64                 # 仅指定架构
--os linux                   # 仅指定操作系统
--scheme oci                 # 镜像格式

架构别名（0.8.0及以上版本）：

amd64

=

x86_64

，

arm64

=

aarch64

Build

构建镜像

Build OCI-compatible images from Dockerfiles or Containerfiles:

bash

undefined

从Dockerfile或Containerfile构建兼容OCI标准的镜像：

bash

undefined

Build from current directory

从当前目录构建

container build -t myimage:latest .

Build with specific Dockerfile

指定Dockerfile构建

container build -t myimage:latest -f Dockerfile.prod .

Build with build arguments

带构建参数构建

container build -t myimage:latest --build-arg VERSION=1.0 .

Build without cache

不使用缓存构建

container build -t myimage:latest --no-cache .

Multi-stage build with target

多阶段构建指定目标

container build -t myimage:latest --target builder .

Build with platform

指定平台构建

container build -t myimage:latest --platform linux/arm64 .

Build with output

指定输出目录构建

container build -t myimage:latest -o type=local,dest=./output .

Build with multiple tags (0.6.0+)

多标签构建（0.6.0及以上版本）

container build -t myimage:latest -t myimage:v1.0 .

Build with no network access (0.6.0+)

无网络构建（0.6.0及以上版本）

container build -t myimage:latest --network none .

Build with DNS configuration (0.9.0+)

配置DNS构建（0.9.0及以上版本）

container build -t myimage:latest --dns 8.8.8.8 .

Build from stdin (0.7.0+)

从标准输入构建（0.7.0及以上版本）

container build -t myimage:latest -f - . <<EOF FROM alpine:latest RUN echo "hello" EOF


**Note**: When no `Dockerfile` is found, the builder falls back to `Containerfile` (0.6.0+).

container build -t myimage:latest -f - . <<EOF FROM alpine:latest RUN echo "hello" EOF


**注意**：当未找到`Dockerfile`时，构建器会自动 fallback 到`Containerfile`（0.6.0及以上版本）。

Builder Management

构建器管理

The builder runs as a separate process:

bash

undefined

构建器以独立进程运行：

bash

undefined

Start the builder

启动构建器

container builder start

Stop the builder

停止构建器

container builder stop

Delete the builder

删除构建器

container builder delete

Check builder status

检查构建器状态

container builder status

undefined

container builder status

undefined

Network Management

网络管理

Create and manage container networks:

bash

undefined

创建并管理容器网络：

bash

undefined

Create a network

创建网络

container network create mynetwork

Create with subnet

创建带子网的网络

container network create --subnet 10.0.0.0/24 mynetwork

Create with labels

创建带标签的网络

container network create --labels env=dev mynetwork

List networks

列出网络

container network list

Inspect a network

查看网络详情

container network inspect mynetwork

Delete a network

删除网络

container network delete mynetwork

Remove unused networks

删除未使用的网络

container network prune


**Network capabilities (0.8.0+)**: Full IPv6 support. Host-only and isolated network modes available in 0.9.0+ (verify flag syntax with `container network create --help`).

container network prune


**网络功能（0.8.0及以上版本）**：完整IPv6支持。0.9.0及以上版本支持仅主机模式和隔离模式（使用`container network create --help`验证参数语法）。

Multi-Container Networking

多容器网络通信

bash

undefined

bash

undefined

Create a shared network

创建共享网络

container network create app-net

Run containers on the network

在共享网络上运行容器

container run -d --name db --network app-net postgres:latest container run -d --name web --network app-net -p 8080:80 myapp:latest

Containers can reach each other by name

容器间可通过名称互相访问

container exec web curl http://db:5432

undefined

container exec web curl http://db:5432

undefined

Volume Management

卷管理

Create and manage persistent volumes:

bash

undefined

创建并管理持久化卷：

bash

undefined

Create a volume

创建卷

container volume create mydata

Create with size limit

创建带大小限制的卷

container volume create -s 10G mydata

Create with labels

创建带标签的卷

container volume create --label env=prod mydata

Create with driver options

创建带驱动选项的卷

container volume create --opt type=tmpfs mydata

List volumes

列出卷

container volume list

Inspect a volume

查看卷详情

container volume inspect mydata

Delete a volume

删除卷

container volume delete mydata

Remove unused volumes

删除未使用的卷

container volume prune

undefined

container volume prune

undefined

Using Volumes

使用卷

bash

undefined

bash

undefined

Mount a named volume

挂载命名卷

container run -v mydata:/data myimage:latest

Mount a host directory (bind mount)

挂载主机目录（绑定挂载）

container run -v /host/path:/container/path myimage:latest

Read-only mount

只读挂载

container run -v mydata:/data:ro myimage:latest

undefined

container run -v mydata:/data:ro myimage:latest

undefined

Registry

仓库认证

Authenticate with container registries:

bash

undefined

与容器仓库进行认证：

bash

undefined

Log in to a registry

登录仓库

container registry login <registry-url>

container registry login <仓库地址>

Log out from a registry

登出仓库

container registry logout <registry-url>


**Note**: In 0.5.0, the keychain ID changed from `com.apple.container` to `com.apple.container.registry`. Re-login is required after upgrading from 0.4.x.

container registry logout <仓库地址>


**注意**：在0.5.0版本中，钥匙串ID从`com.apple.container`变更为`com.apple.container.registry`。从0.4.x版本升级后需要重新登录。

Version Differences (0.5.0 to 0.9.0)

版本差异（0.5.0到0.9.0）

Breaking Changes

破坏性变更

Version	Change	Migration
0.6.0	Image store directory moved from `.build` to `builder`	Update paths referencing `.build`
0.7.0	`--disable-progress-updates` removed	Use `--progress none\|ansi` instead
0.8.0	Client API reorganization	Update API consumers
0.8.0	Subnet allocation defaults changed	Review network configurations

版本	变更内容	迁移说明
0.6.0	镜像存储目录从 `.build` 迁移到 `builder`	更新所有引用 `.build` 路径的配置
0.7.0	移除 `--disable-progress-updates` 参数	使用 `--progress none\|ansi` 替代
0.8.0	客户端API重构	更新所有API调用代码
0.8.0	子网分配默认值变更	检查并调整网络配置

New Features by Release

各版本新增功能

0.6.0: Multiple

--tag

on build,

--network none

,

network create --subnet

, anonymous volumes,

volume prune

, Containerfile fallback, DNS list

--format

/

--quiet

0.7.0:

--rosetta

flag, image download progress, stdio save/load, Dockerfile from stdin,

container stats

, port range publishing,

--mac-address

,

system df

,

image prune -a

,

exec -d

(detached), network creationDate

0.8.0:

--read-only

for run/create, architecture aliases (amd64/arm64/x86_64/aarch64),

network prune

, full IPv6, volume relative paths, env vars from named pipes, CVE-2026-20613 fix

0.9.0: Resource limits (

--cpus

/

--memory

),

host.docker.internal

, host-only/isolated networks,

--dns

on build,

--force

on image delete, zstd compression, container prune improvements, enhanced image inspection, Kata 3.26.0 kernel

0.6.0：构建时支持多个

--tag

参数、

--network none

、

network create --subnet

、匿名卷、

volume prune

、Containerfile fallback、DNS列表的

--format

/

--quiet

参数

0.7.0：

--rosetta

参数、镜像下载进度显示、标准输入输出保存/加载、从标准输入读取Dockerfile、

container stats

、端口范围发布、

--mac-address

参数、

system df

、

image prune -a

、

exec -d

（后台执行）、网络创建时间

0.8.0：运行/创建容器时的

--read-only

参数、架构别名（amd64/arm64/x86_64/aarch64）、

network prune

、完整IPv6支持、卷相对路径、从命名管道读取环境变量、修复CVE-2026-20613漏洞

0.9.0：资源限制（

--cpus

/

--memory

）、

host.docker.internal

、仅主机/隔离网络、构建时的

--dns

参数、镜像删除的

--force

参数、zstd压缩、容器清理优化、增强镜像检查、Kata 3.26.0内核

Migration Checklist (0.5.x to 0.9.0)

迁移检查清单（0.5.x到0.9.0）

Replace

--disable-progress-updates

with

--progress none

in scripts

Update any paths referencing
```
.build
```
directory to
```
builder
```
Review subnet configurations (allocation defaults changed in 0.8.0)
Update API consumers for client API reorganization (0.8.0)
Test build workflows with updated dependencies

在脚本中用

--progress none

替代

--disable-progress-updates

将所有引用
```
.build
```
目录的路径更新为
```
builder
```
检查子网配置（0.8.0版本变更了分配默认值）
更新客户端API调用代码以适配0.8.0版本的API重构
测试依赖更新后的构建工作流

Dependencies

依赖版本

Version	Containerization	Other
0.5.0	0.9.1	Builder shim 0.6.1
0.6.0	0.12.1
0.7.0	0.16.0	Builder shim 0.7.0
0.8.0	0.21.1
0.9.0	0.24.0	Kata 3.26.0

See

templates/<version>/commands.md

for version-specific details (0.4.1, 0.5.0, 0.6.0, 0.7.0, 0.8.0, 0.9.0).

版本	容器化组件	其他组件
0.5.0	0.9.1	Builder shim 0.6.1
0.6.0	0.12.1
0.7.0	0.16.0	Builder shim 0.7.0
0.8.0	0.21.1
0.9.0	0.24.0	Kata 3.26.0

查看

templates/<version>/commands.md

获取各版本的详细说明（0.4.1、0.5.0、0.6.0、0.7.0、0.8.0、0.9.0）。

Scripts

脚本

This skill includes focused Nushell scripts for container management:

本技能包含用于容器管理的Nushell脚本：

container-system.nu

System service management with health checks:

bash

undefined

带健康检查的系统服务管理脚本：

bash

undefined

Start system service

启动系统服务

nu scripts/container-system.nu start

Check status

检查状态

nu scripts/container-system.nu status

Full health check (status + disk + container count)

完整健康检查（状态+磁盘+容器数量）

nu scripts/container-system.nu health

View disk usage

查看磁盘使用情况

nu scripts/container-system.nu df

Show version

查看版本

nu scripts/container-system.nu version

undefined

nu scripts/container-system.nu version

undefined

container-images.nu

Image lifecycle operations:

bash

undefined

镜像生命周期管理脚本：

bash

undefined

List images

列出镜像

nu scripts/container-images.nu list

Pull an image

拉取镜像

nu scripts/container-images.nu pull ubuntu:latest

Build from Dockerfile

从Dockerfile构建镜像

nu scripts/container-images.nu build -t myimage:latest .

Prune unused images

清理未使用的镜像

nu scripts/container-images.nu prune

undefined

nu scripts/container-images.nu prune

undefined

container-lifecycle.nu

Container run/stop/exec/logs:

bash

undefined

容器运行/停止/执行/日志管理脚本：

bash

undefined

List running containers

列出运行中的容器

nu scripts/container-lifecycle.nu ps

Run a container

运行容器

nu scripts/container-lifecycle.nu run ubuntu:latest

View logs

查看日志

nu scripts/container-lifecycle.nu logs mycontainer

Execute command

执行命令

nu scripts/container-lifecycle.nu exec mycontainer /bin/bash

undefined

nu scripts/container-lifecycle.nu exec mycontainer /bin/bash

undefined

container-cleanup.nu

Prune and disk usage:

bash

undefined

清理和磁盘使用情况脚本：

bash

undefined

Prune everything unused

清理所有未使用的资源

nu scripts/container-cleanup.nu prune-all

Prune only containers

仅清理容器

nu scripts/container-cleanup.nu prune-containers

Show disk usage

查看磁盘使用情况

nu scripts/container-cleanup.nu df

undefined

nu scripts/container-cleanup.nu df

undefined

Mise Tasks

Mise任务

Copy

templates/mise.toml

to add container management tasks to any project:

bash

mise container:start      # Start system service
mise container:stop       # Stop system service
mise container:status     # Show formatted status
mise container:run        # Run container (accepts image arg)
mise container:ps         # List running containers
mise container:images     # List images
mise container:build      # Build from Dockerfile/Containerfile
mise container:prune      # Clean up unused resources
mise container:health     # System status + disk + container count
mise container:df         # Disk usage
mise container:version    # CLI version

复制

templates/mise.toml

到任意项目中，添加容器管理任务：

bash

mise container:start      # 启动系统服务
mise container:stop       # 停止系统服务
mise container:status     # 显示格式化状态
mise container:run        # 运行容器（接受镜像参数）
mise container:ps         # 列出运行中的容器
mise container:images     # 列出镜像
mise container:build      # 从Dockerfile/Containerfile构建镜像
mise container:prune      # 清理未使用的资源
mise container:health     # 系统状态+磁盘+容器数量检查
mise container:df         # 磁盘使用情况
mise container:version    # CLI版本

Common Workflows

常见工作流

Quick Start

快速入门

bash

undefined

bash

undefined

Start the system

启动系统服务

container system start

Pull and run an image

拉取并运行镜像

container run -it --rm ubuntu:latest /bin/bash

Check what's running

检查运行中的容器

container ls

undefined

container ls

undefined

Build and Run

构建并运行

bash

undefined

bash

undefined

Build your image

构建镜像

container build -t myapp:latest .

Run it

运行容器

container run -d --name myapp -p 8080:80 myapp:latest

Check logs

查看日志

container logs --follow myapp

undefined

container logs --follow myapp

undefined

Multi-Container with Networking

多容器网络部署

bash

undefined

bash

undefined

Create network

创建网络

container network create mynet

Start database

启动数据库

container run -d --name postgres --network mynet
-e POSTGRES_PASSWORD=secret
-v pgdata:/var/lib/postgresql/data
postgres:16

Start application

启动应用

container run -d --name app --network mynet
-p 3000:3000
-e DATABASE_URL=postgres://postgres:secret@postgres:5432/mydb
myapp:latest

undefined

container run -d --name app --network mynet
-p 3000:3000
-e DATABASE_URL=postgres://postgres:secret@postgres:5432/mydb
myapp:latest

undefined

Persistent Data with Volumes

卷持久化数据

bash

undefined

bash

undefined

Create a volume

创建卷

container volume create appdata

Run with volume

挂载卷运行容器

container run -d --name db -v appdata:/var/lib/data mydb:latest

Volume persists after container removal

容器删除后卷仍保留

container rm db container run -d --name db2 -v appdata:/var/lib/data mydb:latest

undefined

container rm db container run -d --name db2 -v appdata:/var/lib/data mydb:latest

undefined

Troubleshooting

故障排除

System Not Started

系统服务未启动

bash

undefined

bash

undefined

Check status

检查状态

container system status

Start if not running

未运行则启动

container system start

View logs for errors

查看日志排查错误

container system logs

undefined

container system logs

undefined

Image Pull Failures

镜像拉取失败

bash

undefined

bash

undefined

Check system is running

检查系统服务是否运行

container system status

Try with explicit platform

尝试指定平台拉取

container image pull --platform linux/arm64 <image>

container image pull --platform linux/arm64 <镜像名>

Check registry authentication

检查仓库认证状态

container registry login <registry>

undefined

container registry login <仓库地址>

undefined

Volume Permission Issues

卷权限问题

bash

undefined

bash

undefined

Check volume exists

检查卷是否存在

container volume list

Inspect volume for mount details

查看卷挂载详情

container volume inspect <name>

container volume inspect <卷名>

Run container with specific user

指定用户运行容器

container run -u 1000:1000 -v myvol:/data myimage:latest

undefined

container run -u 1000:1000 -v myvol:/data myimage:latest

undefined

Builder Issues

构建器问题

bash

undefined

bash

undefined

Check builder status

检查构建器状态

container builder status

Restart builder

重启构建器

container builder stop container builder start

Delete and recreate if stuck

若构建器卡住，删除后重建

container builder delete container builder start

undefined

container builder delete container builder start

undefined

Key Principles

核心原则

Pre-1.0 software: Breaking changes expected between minor versions
Apple silicon only: No Intel Mac support
macOS 26+ required: Not available on earlier macOS versions
OCI-compatible: Standard container images work as expected
Lightweight VMs: Each container is an isolated lightweight VM
System service: Start the system service before running containers

预1.0软件：小版本更新间可能存在破坏性变更
仅支持Apple Silicon：不支持Intel芯片的Mac
需要macOS 26+：不兼容更早版本的macOS
兼容OCI标准：标准容器镜像可正常使用
轻量级虚拟机：每个容器是独立的轻量级虚拟机
依赖系统服务：运行容器前需先启动系统服务

container

Original

Translation

Apple Container CLI

Apple Container CLI

When to Use This Skill

适用场景

What is Apple Container?

什么是Apple Container？

Prerequisites

前置条件

System Management

系统管理

Start the system service

启动系统服务

Stop the system service

停止系统服务

Check service status

检查服务状态

Show CLI version

查看CLI版本

View system logs

查看系统日志

Show disk usage

查看磁盘使用情况

System Properties

系统属性

List all properties

列出所有属性

Get a specific property

获取指定属性

Set a property

设置属性

Clear a property

清除属性

System DNS

系统DNS

Create a DNS entry

创建DNS条目

Delete a DNS entry

删除DNS条目

List DNS entries

列出所有DNS条目

Custom Kernel

自定义内核

Set custom kernel

设置自定义内核

Force set (0.5.0+)

强制设置（0.5.0及以上版本）

Container Lifecycle

容器生命周期

Run Containers

运行容器

Run interactively

交互式运行

Run detached

后台运行

Run with port mapping

端口映射运行

Run with volume mount

挂载卷运行

Run with environment variables

设置环境变量运行

Run with auto-remove

自动删除模式运行

Combined common flags

常用参数组合

Run with resource limits (0.9.0+)

资源限制运行（0.9.0及以上版本）

Run with read-only rootfs (0.8.0+)

只读根文件系统运行（0.8.0及以上版本）

Run with Rosetta x86_64 emulation (0.7.0+)

启用Rosetta x86_64模拟运行（0.7.0及以上版本）

Run with DNS configuration

配置DNS运行

Run with custom MAC address (0.7.0+)

设置自定义MAC地址运行（0.7.0及以上版本）

Access host from container (0.9.0+)

从容器访问主机（0.9.0及以上版本）

Use host.docker.internal to reach host services