Containerization Theory
This section covers the theory behind containerization, including container runtimes, virtualization, and virtualization boundaries.
🐳 Docker Virtualization on macOS (Colima Architecture)
Because containerization relies heavily on Linux-specific kernel features such as namespaces (for resource isolation) and control groups (cgroups for resource limiting), containers cannot run natively on macOS.
Instead, a virtualization layer is required. Colima is an open-source tool that manages this virtualization layer transparently.
graph TD
Mac[macOS Host OS] --> VM[Linux VM - managed by Colima]
VM --> DockerEngine[Docker Daemon / containerd]
DockerEngine --> ContainerA[Container A]
DockerEngine --> ContainerB[Container B]
Mac -. API Commands .-> Socket[Mapped docker.sock Socket]
Socket --> DockerEngine1. The Linux VM Layer
Colima utilizes Lima (Linux on Mac) and the macOS native Hypervisor framework (Virtualization.framework or QEMU) to launch a minimal, headless Linux virtual machine in the background.
2. Socket Mapping & Communication
The Docker CLI installed on your Mac is just a client. Colima forwards the Docker API Unix socket (/var/run/docker.sock) from the guest Linux VM back to the macOS host. When you execute docker or docker-compose commands on your Mac, they communicate with the daemon inside the VM via this mapped socket.
3. Shared Directory Volumes
For files to be accessible inside containers (e.g. your source code), Colima mounts directory volumes from the Mac host to the guest Linux VM using protocols like sshfs, virtiofs, or 9p.
Filesystem Event Propagation Barrier
Because directory mounts are synchronized across network/virt layers, native filesystem events (like inotify or watchman) are often not forwarded from the host OS (macOS) to the guest OS (Linux VM). This prevents standard in-container file watchers from picking up changes instantly unless they are explicitly configured to use directory polling (active directory scanning).