Skip to main content

A quick look at Apple's new Container framework

· 4 min read

I've been occasionally called upon to do more offensive security work.

Traditionally, the basic toolset would be Kali Linux in a virtual machine.

However, a few years ago it become possible to run it directly in Windows under WSL2, as a much neater and quicker approach.

Later, for an even lighter solution, Docker images of Kali became available.

Earlier this year, Apple released native containerisation support in MacOS, and running Kali containers on Macs becames an intriguing option.

Background

Official summary can be found in the Apple announcement

In short, the announcement states that "The Containerization framework enables developers to create, download, or run Linux container images directly on Mac.".

Examples of some use cases are provided.

More details are available on container Github page

To sum up:

  • It's well integrated and fast
  • One VM & IP per container
  • No docker compose
  • Officially supported only in the next MacOS release
  • Some networking limitations
    • That I have not yet been able to replicate
    • Some other teething problems (see below)

Trying to figure it out

Searching around published posts brings exactly the same guidance in each, as a simple 1-2-3 sequence:

install the container framework (install any extras too):

brew install --cask container

start the container services:

container system start

Launch Kali Linux container - same syntax as docker:

container run --rm -it kalilinux/kali-rolling

Or, same but with a local directory mount (aka shared folder):

container run --rm -it -v $(pwd):/mnt -w /mnt kalilinux/kali-rolling

However... that doesn't quite work.

The Missing Parts

The install works fine and Kali launches.

However there are no tools at all.

Searching for a bit will show the official docs suggest that while rolling is the correct choice, we need to install the kali-linux-headless package to get the tools.

Before going ahead with that - actually trying to do so will throw up this error:

debconf: (Can't locate Term/ReadLine.pm in @INC (you may need to install the Term::ReadLine module)

Ignoring that leads to a forced "choose your keymap" dialog and there is no English option available.

One solution is to suppress the dialogs like so:

apt install apt-utils

echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections

Once that's done, we can go ahead and make Kali functional:

apt update && apt -y install kali-linux-headless

With the above done, we now have the default tools such as nmap, various msf* utilities, and so on.

Initial experience

The good

With the install out of the way: this thing flies.

The launch is almost instant, tools run fast, and the first few minutes are very promising.

The container commands appear to be exactly the same as docker terminal commands, so there is container ls to list what's running, container stop etc - this makes this very easy jump into if your familiar with Docker. It's basically that, without compose, but quicker.

The not so good

As reported elsewhere, there are some teething problems with networking, that I have yet to replicate.

In my case however, I've ran into issues stopping containers, which is clearly another teething problem. Neither stop nor kill options would do anything, even container system stop hangs.

Being an early, actively developed piece of software, there are bound to be issues - as can be seen from the Github issues page.

Summary

I am looking forward to seeing where this goes. The performance is great.

Like any new project, there are abound to be issues - and especially as the expected platform is the next MacOS release, not the current one, there are definitely going to be issues that would require an OS upgrade to address.

In the mean time, I am going to continue to rely on a VM for my use cases but will watch this development with keen interest.