Hello, I'm Maneshwar. I'm working on git-lrc: a Git hook for Checking AI generated code.
Today started with what was supposed to be a simple task: install LiveReview on my macOS machine so I could validate changes before sending a PR to my lead.Except… my company had completely blocked Docker Desktop.
The installer was flagged by macOS security and wouldn’t run.
Apparently Docker Desktop is a “nope” on our machines now.
But the PR hadto go out. LiveReview needs Docker. So giving up wasn’t an option.
A friend dropped a tip:
“Try OrbStack. It runs Docker on macOS differently.”
I didn’t expect much, but I installed it anyway.
At first, macOS security grumbled, there was only two options, done/move to bin. I tried done, but it wouldn't let me run it. I removed it, restored it from the Bin to Applications, and—somehow it launched. "Run Anyways" in the angry pop-up.
I opened Terminal, ran docker ps, and… containers actually worked. LiveReview spun up, and I got my review done.
After the adrenaline wore off, I had a bigger question:
How did OrbStack run Docker when Docker Desktop itself was blocked?
That rabbit hole turned into this write-up.
What OrbStack actually is
OrbStack is a fast, lightweight replacement for Docker Desktop on macOS.
Under the hood, it runs a Docker Engine inside a highly optimized Linux VM and forwards the Docker socket to macOS, so your normal docker / docker compose commands just work.
It also lets you run full Linux “machines” (VMs) with tight macOS integration.
Why it felt different on my Mac
Here’s the technical picture, minus the marketing fluff:
- Official Apple virtualization OrbStack builds on Apple’s Virtualization.framework and a tuned Linux VM rather than older stacks; the VM is small and tightly integrated with macOS.
-
Docker Engine inside the VM, socket forwarded to macOS
OrbStack runs Docker Engine alongside its Linux machines and forwards the Docker socket to your host, so the host
dockerCLI talks to that engine transparently. - Fast file sharing File mounts use VirtioFS with custom dynamic caching (bind mounts and host-file access are snappy).
- x86/amd64 on Apple Silicon via Rosetta On Apple Silicon, OrbStack can run Intel-only Linux binaries/images using Rosetta for Linux, which is generally much faster than plain QEMU emulation. You can even create full Intel (amd64) machines with a flag.
-
Networking that follows your Mac
It ships a custom virtual network stack that respects your Mac’s VPN/DNS settings and supports direct container IP access, host networking, and
localhostport forwards.
None of this guarantees it’ll sidestep your company’s controls. Enterprise security policies vary a lot.
In my case OrbStack launched where Docker Desktop didn’t—but that’s an anecdote, not a promise.
Docker Desktop in 2025: what’s changed
A few years ago it was accurate to say “Docker Desktop uses slow osxfs and QEMU.” That’s outdated:
- File sharing: Docker Desktop has VirtioFS and has for a while.
- x86/amd64 on Apple Silicon: Docker Desktop can use Rosetta for Linux (toggle in Settings).
- VM tech: Docker Desktop now supports multiple VMMs (Apple Virtualization.framework, a new Docker VMM on Apple Silicon, and legacy options); QEMU as a VMM is being deprecated.
So performance deltas depend on workload and configuration.
OrbStack’s edge is its focused design (single purpose, lots of low-level tuning for Mac) rather than “the other guy is ancient tech.”
How OrbStack “runs Docker” on macOS (in plain English)
- It boots a small, optimized Linux VM using Apple’s virtualization APIs.
- It runs a Docker Engine inside that VM.
- It forwards the Docker socket to macOS so the host
dockerCLI and tools talk to that engine. - It accelerates file mounts (VirtioFS + smart caching) and streamlines networking so local-dev tasks feel native. ([OrbStack Docs][3])
OrbStack vs Docker Desktop vs “native Docker on Linux”
| Area | Docker on Linux | Docker Desktop (macOS, 2025) | OrbStack (macOS) |
|---|---|---|---|
| Kernel / runtime | Native Linux | Linux VM using Apple Virtualization.framework or Docker VMM (legacy HyperKit/QEMU paths exist) | Lightweight Linux VM with deep macOS integration |
| Docker CLI compatibility | Native | Native |
Drop-in (docker, docker compose) |
| File sharing | Native FS | VirtioFS (plus alternatives) | VirtioFS + dynamic caching |
| x86/amd64 on Apple Silicon | N/A (native) | Rosetta for Linux option | Rosetta for machines/containers |
| Networking | Native | VM networking (varies by VMM; follows host) | Custom stack that follows macOS VPN/DNS, direct IP, host networking |
| Kubernetes | Yes (if installed) | Built-in option | Supported (docs & features) |
My verdict after that hectic day
OrbStack wasn’t just a workaround. It gave me:
- a clean
dockerCLI that “just worked,” - fast mounts and a responsive dev loop,
- and fewer moving parts to micromanage.
Most importantly: it let me run LiveReview and ship the PR while Docker Desktop was blocked on my machine.
If Docker Desktop is restricted in your environment or you just want a leaner Mac-native setup, OrbStack is absolutely worth a try.
*AI agents write code fast. They also silently remove logic, change behavior, and introduce bugs -- without telling you. You often find out in production.
git-lrc fixes this. It hooks into git commit and reviews every diff before it lands. 60-second setup. Completely free.*
Any feedback or contributors are welcome! It's online, source-available, and ready for anyone to use.
⭐ Star it on GitHub:
HexmosTech
/
git-lrc
Free, Unlimited AI Code Reviews That Run on Commit
git-lrc
Free, Unlimited AI Code Reviews That Run on Commit
AI agents write code fast. They also silently remove logic, change behavior, and introduce bugs -- without telling you. You often find out in production.
git-lrc fixes this. It hooks into git commit and reviews every diff before it lands. 60-second setup. Completely free.
See It In Action
See git-lrc catch serious security issues such as leaked credentials, expensive cloud operations, and sensitive material in log statements
git-lrc-intro-60s.mp4
Why
- 🤖 AI agents silently break things. Code removed. Logic changed. Edge cases gone. You won't notice until production.
- 🔍 Catch it before it ships. AI-powered inline comments show you exactly what changed and what looks wrong.
- 🔁 Build a habit, ship better code. Regular review → fewer bugs → more robust code → better results in your team.
- 🔗 Why git? Git is universal. Every editor, every IDE, every AI…
Top comments (0)