The Lima container drivers #3829

afbjorklund · 2025-08-13T18:00:11Z

afbjorklund
Aug 13, 2025
Maintainer

Currently we have one such Lima driver, namely WSL2 for Windows.

And one under construction, the new Apple Container (AC) for macOS:

But it is also possible to run original Docker Containers (DC) on Linux:

runc is the default OCI runtime (no VM)
--runtime runc
runv is now: Kata containers (KVM)
--runtime runv
--runtime io.containerd.kata.v2
runq where the Q is for QEMU (KVM)
--runtime runq

The three drivers are very similar, wsl.exe vs container vs docker

These drivers don't run with a regular cloud image, but instead they use a rootfs in a tarball (without kernel or initrd).

The kernel is either shared (like with WSL2 and DC/runc), or one kernel per container (like with AC and DC/runv)

On top of the base OCI image, we need to add some programs (like sudo) and some servers (like sshd).

To manage the processes and services, we need an init and a supervisor - such as systemd or OpenRC.

Normally we would also need cloud-init, but Lima comes with some shell scripts to create the basics (lima-init)

Another big difference is that the process (eg "pid file") and disk images can be stored outside of the instance directory...

Currently we don't want to pull images or artifacts from an OCI registry.

The images are smaller:

Apple

INFO[0001] Decompressing the image (debian-rootfs-arm64.tar.gz) 
59.60 MiB / 59.60 MiB [-----------------------------------] 100.00% 358.09 MiB/s

Docker

INFO[0001] Decompressing the image (debian-rootfs-amd64.tar.gz) 
59.87 MiB / 59.87 MiB [------------------------------------] 100.00% 77.28 MiB/s

And the boot time is faster.

Typically boots in a second for a MicroVM, or half a second for containers.

Compared to something like 10 seconds, for the regular images and VMs.

We import the rootfs tarball into a container image, and then we create a container from the image.

The initial boot script is run through exec, but after that we can connect with ssh as with a normal VM.