Windows 11 Introduces WSL Containers: A New Way to Run Linux Containers
Windows 11 now allows users to build, run, and manage Linux containers natively, eliminating the need for Docker Desktop as a background runtime. This new feature, called WSL Containers, has been introduced as a public preview. After installing and testing it with real workloads, here's an overview of its capabilities, limitations, and setup process.
What is WSL Container in Windows 11?
WSL Container is a built-in feature of the Windows Subsystem for Linux (WSL). It enables users to create, run, and manage Linux containers directly from Windows without requiring third-party runtimes like Docker Desktop or Podman Desktop. It operates in two parts:
- Windows applications can silently spin up Linux containers in the background to execute Linux-only code, with no visible signs of Linux involvement. For example, Microsoft demonstrated this by running Moonray, an open-source Linux rendering engine, inside a Windows executable.
- Each Windows application using the API gets its own Hyper-V-backed virtual machine for container isolation. This approach prioritizes security over resource efficiency, making it enterprise-ready.
The container runtime inside the Linux VM is Moby, the same open-source engine that powers Docker. WSL Containers do not reinvent containers but rather offer Windows a first-party interface for container management.
How to Install WSL Container on Windows 11
WSL Container is currently available only in the pre-release channel of WSL. To get started, users need to opt into this channel and update their WSL installation.
- Install the latest pre-release version of WSL.
- If the
wslccommand is not recognized, restart the terminal or the PC. - Ensure virtualization is enabled in the BIOS or UEFI for Hyper-V-backed isolation.
Note: Some developers have reported issues like Catastrophic failure (Error code: E_UNEXPECTED) during initial runs, though these were not encountered during our tests. WSL Container does not require a Copilot+ PC but does depend on modern CPU virtualization support.
Building and Running a Container with WSL Container
Once wslc was set up, we bypassed basic examples and tested it with a real use case by building a custom image and exposing a service. Below are the steps:
- Sanity Check: Pulled and ran a Debian container interactively using
wslc run -it debian:latest. Runninguname -aconfirmed the use of a real Linux kernel. - Detach and Reattach: Detached the container with
Ctrl+P, Ctrl+Q, listed containers withwslc ps -a, and reattached usingwslc attach [container-name]. - Custom Image: Created a Containerfile (similar to a Dockerfile) for a Linux inspection utility that packages tools like
file,exiftool, andbinutils. Built the image usingwslc build -t my-linux-inspector .. - Run Service: Started the container with a port mapping using
wslc run -d -p 5000:5000 --name inspector my-linux-inspector. Accessed the Flask server on127.0.0.1:5000from Windows without additional networking setup.
This demonstrated a Linux kernel-powered service accessible through localhost on Windows, all without third-party software.
Testing GPU Access Inside a WSL Container
GPU passthrough is crucial for AI and machine learning workloads. WSL Container supports this with the --gpus all flag, matching Docker’s syntax. In our tests, a container with GPU access significantly outperformed its CPU-only counterpart when running a compiled PyTorch model.
WSL Container for Enterprise Environments
Microsoft positions WSL Container as enterprise-ready, even in its preview phase. Key enterprise features include:
- Security Monitoring: Microsoft Defender for Endpoint now tracks container events through its WSL plugin, providing visibility into container activities.
- Policy Control: IT admins can manage WSL Containers via Group Policy and ADMX policies. Full Intune dashboard support is expected soon.
- Development Tools: VS Code’s Dev Containers extension supports
wslc, requiring minimal configuration changes.
What is Still Missing from WSL Container
While promising, WSL Container has several limitations in its current state:
- No support for Docker Compose, making it unsuitable for multi-service projects requiring a
compose.yamlfile. - Absence of a GUI dashboard or features like Docker Scout for scanning images.
- Lack of an extensive plugin ecosystem compared to Docker Desktop.
Microsoft has introduced experimental networking features like Consomme, which routes Linux traffic through the Windows networking stack, fixing VPN and proxy issues. These features, along with the new virtiofs file system for faster file access, are currently exclusive to WSL Container but may extend to regular WSL distros in the future.
Should You Switch from Docker Desktop?
For single-container scenarios, WSL Container is a viable alternative to Docker Desktop, especially since it doesn’t require a separate license. However, for complex workflows involving Compose files, multiple services, or Docker’s plugin ecosystem, Docker Desktop remains the more complete solution.
Microsoft aims for WSL Container’s general availability by fall 2026. Its CLI closely mirrors Docker’s, suggesting that missing features will likely be added over time. For now, running WSL Container alongside Docker Desktop offers a cost-free way to explore this new functionality.


STEAM
PC Game