macOS Sequoia Unleashes Native Linux Containers: Kali Linux Now Runs Natively on Apple Silicon
Amid the growing integration of Linux-based tools into user-facing systems, Apple has taken a significant step toward supporting information security professionals. With the release of macOS Sequoia, the company has introduced a native containerization system that enables the execution of Linux distributions within an isolated virtual environment on Apple Silicon devices. Among the first supported distributions is Kali Linux—the widely used platform for penetration testing and security analysis.
At WWDC 2025, Apple unveiled a new framework named Container, modeled after the Windows Subsystem for Linux 2. This mechanism allows Linux to run through macOS’s built-in virtualization layer, eliminating the need for third-party hypervisors. The technology is available exclusively on machines powered by Apple’s ARM-based chips, rendering it inaccessible to Intel-based Macs.
The container environment can be installed via Homebrew using the command brew install --cask container
, after which it is activated with container system start
. Users can then launch Kali using container run --rm -it kalilinux/kali-rolling
, which pulls the image from DockerHub and runs it within a macOS virtual machine. For greater interactivity, one can mount local directories into the container using --volume
and set the working directory with --workdir
, allowing Kali direct access to host files.
Nevertheless, Apple’s implementation is not without limitations. Kali Linux has issued advisories regarding network interface issues on Sequoia 15—containers may lack an IP address or experience complete network isolation. The team advises users to consult Apple’s official documentation when attempting to troubleshoot these disruptions. Furthermore, any tasks requiring direct access to physical hardware are inherently unsupported in this configuration, as containers are fundamentally abstracted from the underlying system.
Despite these caveats, the ability to run Kali on macOS without configuring a full-fledged virtual machine or dual-boot setup dramatically streamlines daily workflows for penetration testers and security analysts. This is especially beneficial for those who favor macOS as their primary operating system but frequently rely on Linux-based tooling. The new framework’s ease of use—comparable to Docker—offers a balance of convenience, security, and performance.
For Apple, this move signals a broader acknowledgment of Linux’s vital role in professional computing environments. For the cybersecurity community, it represents a long-awaited bridge between two ecosystems that have historically been separated by architectural divides.