Hacker News new | past | comments | ask | show | jobs | submit login

       (5) Docker Image      (amd64)
                ^
                |
       (4) QEMU Binfmt       (arm64 <-> amd64 binary emulation layer)
                ^
                |
        (3) Linux VM         (arm64)
                ^
                |
   (2) Hypervisor.framework  (arm64, macOS native virtualization framework)
                ^
                |
      (1) Docker for Mac
Linux Kernel has a feature to allow using a wrapper to execute userspace program based on file header (binfmt[1]). In this case, Linux VM in (3) has QEMU user mode emulation registered as binfmt, so any amd64 binaries are automatically wrapped into `qemu-x86_64-static /path/to/bin` and run. Docker Image itself doesn't run a Linux kernel but use one from the VM host, so this scenario is possible.

This is also how multiarch[2] works (for amd64 to arm64/ppc64le/etc.) which might even be what Docker is using. In case of multiarch, the qemu-*-static binary is provided as a container running in privileged mode.

[1]: https://www.kernel.org/doc/html/latest/admin-guide/binfmt-mi...

[2]: https://github.com/multiarch/qemu-user-static




Step 4 was what I was missing.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: