Overview
The/convert-to-apple-container skill switches NanoClaw’s container runtime from Docker to Apple Container, providing native macOS container isolation without requiring Docker Desktop.
This skill is macOS-only. Apple Container does not work on Linux or Windows.
What It Changes
Runtime Binary
docker→container
Mount Syntax
- Docker:
-v path:path:ro - Apple Container:
--mount type=bind,source=...,target=...,readonly
Startup Checks
- Docker:
docker info - Apple Container:
container system statuswith auto-start
Build Process
- Updates
container/build.shto usecontainercommand - Adjusts Dockerfile for Apple Container compatibility
Prerequisites
Install Apple Container
Download from github.com/apple/container/releasesInstall the
.pkg file for your macOS version.How to Apply
- Check if already applied (reads
.nanoclaw/state.yaml) - Verify current runtime
- Apply code transformations via skills engine
- Rebuild container image
- Verify the new runtime works
What Changes
Modified Files
src/container-runtime.ts- Runtime detection and commandssrc/container-runner.ts- Mount syntax and container spawncontainer/build.sh- Build script runtimecontainer/Dockerfile- Entrypoint adjustments for.envshadowing
Behavioral Changes
- Main group containers start as root to use
mount --bindfor.envshadowing - Privileges dropped via
setprivafter mount - Non-main containers still use
--userflag (no change)
Advantages
Native macOS
No need for Docker Desktop license
Lighter Weight
Smaller memory footprint than Docker
Apple Support
Maintained by Apple as part of macOS
Security
macOS-native container isolation
Verification
After conversion, verify:Rollback
To switch back to Docker:- Restore from backup branch (skill creates one automatically)
- Or manually edit
src/container-runtime.tsto usedocker - Rebuild:
npm run build && ./container/build.sh
Related Documentation
Container Isolation
How container security works
macOS Deployment
macOS-specific setup