Hello,
I have tried to create a VZVirtualMachine macOS virtual machine on an Apple Silicon Mac.
I have installed Docker Desktop inside this virtual machine.
Docker is not working: I get this error message: "Hyopervisor check failed".
Is there a way to run Docker inside a VZVirtualMachine ?
Thanks a lot
Post not yet marked as solved
Still no hypervisor support in iPadOS 17
Hypervisor is indeed physically possible on any of the M series chips included in the iPad Airs and iPad Pros, but locked away the iPadOS.
Block hypervisor on iOS is reasonable to me, because it consume powers, not frendly for battery and not sutable for a mobile phone.
But for iPadOS, the limitation is not reasonable to me.
First, the Guideline 2.5.2 of iOS and iPadOS blocks code execution that loads dynamically, it may protect users because apps may load malicious code after it passes the revew from app store.
But if we load codes in the hypervisor, any malicious can only run in the VM, and the safety of the VM is not an issue. Escape from a VM is even harder than escape from the sandbox of the safari browser.
Even there are still other concerns about load arbitrary codes to hypervisor, we can limit it only load user selected code to the hypervisor, blocks app load code from interent without user intention.
Running user selected code in the hypervisor won't threaten the security at all, there is no reason for Guideline 2.5.2 applies to hypervisor.
Second, iPad a laptop replacement in the advertisement.
As a laptop, it can't execute any user generated code on it, it can only be interpreted. As a software develper, it means iPadOS basically not useable. I can only run code on a remote server, and use iPad as a thin client. It can't be a standalone devices, even it has a powerful M2 chip.
For the xcode on iPad, if apple concerns xcode on iPad breaks the security model, we can run the compiled code in the hypervisor, which isolates the reviewed code and user generated code. iPad has a powerful M2 chip, but iPadOS limit the power for it.
Post not yet marked as solved
How does VMWare access USB devices without have any specifics of the USB device? Does it use the same profile/entitlement process or does it take a different approach?
Hi.
I want to use 4k-aligned page mapping through the hv_vm_* apis. But my mac's page size is 16k, so it would occur an error when I do that.
Is there a way to change the permission of a 4k-aligned guest memory?
Thank you.
Post not yet marked as solved
I use UTM.app for virtualisation.
I have full virtualise "Fedora 38-aarch64" in UTM.app with rosetta enabled.
After upgrading Sonoma to 14.3 it stop properly virtualised shared memory.
I have this test file:
#include <stdio.h>
#include <sys/shm.h>
#include <sys/stat.h>
int main ()
{
int segment_id;
char* shared_memory;
struct shmid_ds shmbuffer;
int segment_size;
const int shared_segment_size = 0x6400;
/* Allocate a shared memory segment. */
segment_id = shmget (IPC_PRIVATE, shared_segment_size,
IPC_CREAT | IPC_EXCL | S_IRUSR | S_IWUSR);
/* Attach the shared memory segment. */
shared_memory = (char*) shmat (segment_id, 0, 0);
printf ("shared memory attached at address %p\n", shared_memory);
/* Determine the segment's size. */
shmctl (segment_id, IPC_STAT, &shmbuffer);
segment_size = shmbuffer.shm_segsz;
printf ("segment size: %d\n", segment_size);
/* Write a string to the shared memory segment. */
sprintf (shared_memory, "Hello, world.");
/* Detach the shared memory segment. */
shmdt (shared_memory);
/* Reattach the shared memory segment, at a different address. */
shared_memory = (char*) shmat (segment_id, (void*) 0x5000000, 0);
printf ("shared memory reattached at address %p\n", shared_memory);
/* Print out the string from shared memory. */
printf ("%s\n", shared_memory);
/* Detach the shared memory segment. */
shmdt (shared_memory);
/* Deallocate the shared memory segment. */
shmctl (segment_id, IPC_RMID, 0);
return 0;
}
Command to compile it is
gcc -Wall a.c && ./a.out
When I compile it in virtualised Fedora work properly show this:
shared memory attached address
segment size:
shared memory reattached address
Hello, world.
When I compile directly on M1 mac id it die
shared memory attached address
segment size:
shared memory reattached address
Segmentation fault:
I'm try it also in docker x86 in virtualised fedora and also show error
In "Fedora 38-aarch64 virtualised" run x86 docker "docker run -it --platform linux/amd64 oraclelinux:7.9 bash"
Install gcc in docker shell "yum install -y gcc"
After compile and run it die with
shared memory attached address
segment size:
shared memory reattached address
Hello, world.
assertion failed [rem_idx != ]: Unable find existing allocation shared memory segment to unmap
(VMAllocationTracker.cpp remove_shared_mem)
Trace/breakpoint (core dumped)
How can I fix it?
On previous version of Sonoma works properly.
Thank you
Post not yet marked as solved
I used to run VirtualBox on macOS to run Windows guests for some reasons.
Recently I bought a new Mac mini M1, now I have a problem - VB does not have a stable release for arm (yet).
What other options do I have?
BTW, I came across this doc article (https://developer.apple.com/documentation/virtualization/running_macos_in_a_virtual_machine_on_apple_silicon). I read thru it, but could not conclude if it offers the same functionalities as a full-blown VM suite; and more specifically I want to run Windows guests.
Post not yet marked as solved
Hi, everyone!
I want to know whether I can check my app is running on a virtual machine or not. If so, how can I do that in C++ or Objective-C? The code needs to support both Intel processors and Apple Silicon. Thanks!
Leo
Post not yet marked as solved
I am following the Running Linux in a Virtual Machine guide on MacOS 14 w/ ARM. Fedora kernel and RAM disk images were acquired for aarch64.
I opened LinuxVirtualMachine.xcodeproj from the example; selecting 'LinuxVirtualMachine' under 'Targets', and navigating to 'Signing and Capabilities', I linked my Personal Team (needed to connect my Apple ID) under 'Signing->Team'. Clicking 'run' outputs the following:
Usage: /Users/shea/Library/Developer/Xcode/DerivedData/LinuxVirtualMachine-baalsbzvoxxbspgicozzllxbyqmh/Build/Products/Debug/LinuxVirtualMachine <kernel-path> <initial-ramdisk-path>
Program ended with exit code: 64
So I execute the following in Terminal from a directory containing the two images from Fedora:
% /Users/shea/Library/Developer/Xcode/DerivedData/LinuxVirtualMachine-baalsbzvoxxbspgicozzllxbyqmh/Build/Products/Debug/LinuxVirtualMachine ./vmlinuz ./initrd.img
And receive the output:
Failed to start the virtual machine. Error Domain=VZErrorDomain Code=1 "The virtual machine failed to start." UserInfo={NSLocalizedFailure=Internal Virtualization error., NSLocalizedFailureReason=The virtual machine failed to start.}
An old thread seems to imply this may be because the kernel image used to be compressed but is no longer? Another commenter suggests it is because vmlinuzis a gz file and to extract it, but file vmlinuzoutputs vmlinuz: PE32+ executable (EFI application) Aarch64 (stripped to external PDB), for MS Windows and gzip won't work even with the .gz extension. Did I miss a step?
The Running Linux in a Virtual Machine sample code demonstrates starting a Linux Virtual Machine.
But the example only boots to the RAM disk, leaving you in an emergency shell. It does not show how to boot to a disk containing the Linux filesystem.
With the sample code unaltered, I can use the Ubuntu RAM disk and kernel files from https://cloud-images.ubuntu.com/releases/23.10/release/unpacked/ to boot Linux like this:
./LinuxVirtualMachine /Users/username/Downloads/ubuntu-23.10-server-cloudimg-arm64-vmlinuz-generic /Users/username/Downloads/ubuntu-23.10-server-cloudimg-arm64-initrd-generic
But this fails to fully boot Ubuntu because no root is specified in the bootloader:
Begin: Mounting root file system ... Begin: Running /scripts/local-top ... done.
Begin: Running /scripts/local-premount ... [ 2.013998] Btrfs loaded, zoned=yes, fsverity=yes
Scanning for Btrfs filesystems
done.
No root device specified. Boot arguments must include a root= parameter.
And so Ubuntu drops you to the emergency BusyBox shell.
If I mount the root disk image from the release page at https://cloud-images.ubuntu.com/releases/23.10/release/ and specify the root in the bootloader, we get a little further, but Linux can not see the mounted disk:
diff --git a/LinuxVirtualMachine/main.swift b/LinuxVirtualMachine/main.swift
index bf32924..0977b9e 100644
--- a/LinuxVirtualMachine/main.swift
+++ b/LinuxVirtualMachine/main.swift
@@ -10,7 +10,7 @@ import Virtualization
// MARK: Parse the Command Line
-guard CommandLine.argc == 3 else {
+guard CommandLine.argc == 4 else {
printUsageAndExit()
}
@@ -25,6 +25,11 @@ configuration.memorySize = 2 * 1024 * 1024 * 1024 // 2 GiB
configuration.serialPorts = [ createConsoleConfiguration() ]
configuration.bootLoader = createBootLoader(kernelURL: kernelURL, initialRamdiskURL: initialRamdiskURL)
+let diskImageURL = URL(fileURLWithPath: CommandLine.arguments[3], isDirectory: false)
+let diskImageAttachment = try VZDiskImageStorageDeviceAttachment(url: diskImageURL, readOnly: false)
+let storageDeviceConfiguration = VZVirtioBlockDeviceConfiguration(attachment: diskImageAttachment)
+configuration.storageDevices = [storageDeviceConfiguration]
+
do {
try configuration.validate()
} catch {
@@ -71,7 +76,11 @@ func createBootLoader(kernelURL: URL, initialRamdiskURL: URL) -> VZBootLoader {
// Use the first virtio console device as system console.
"console=hvc0",
// Stop in the initial ramdisk before attempting to transition to the root file system.
- "rd.break=initqueue"
+ "rd.break=initqueue",
+ // Give time for the boot image to be available.
+ "rootdelay=5",
+ // Specify the boot image.
+ "root=/dev/vda"
]
bootLoader.commandLine = kernelCommandLineArguments.joined(separator: " ")
@@ -104,6 +113,6 @@ func createConsoleConfiguration() -> VZSerialPortConfiguration {
}
func printUsageAndExit() -> Never {
- print("Usage: \(CommandLine.arguments[0]) <kernel-path> <initial-ramdisk-path>")
+ print("Usage: \(CommandLine.arguments[0]) <kernel-path> <initial-ramdisk-path> <bootable-filesystem-image-path>")
exit(EX_USAGE)
}
Output:
./LinuxVirtualMachine /Users/username/Downloads/ubuntu-23.10-server-cloudimg-arm64-vmlinuz-generic /Users/username/Downloads/ubuntu-23.10-server-cloudimg-arm64-initrd-generic /Users/username/Downloads/ubuntu-23.10-server-cloudimg-arm64.img
...snip...
Gave up waiting for root file system device. Common problems:
- Boot args (cat /proc/cmdline)
- Check rootdelay= (did the system wait long enough?)
- Missing modules (cat /proc/modules; ls /dev)
ALERT! /dev/vda does not exist. Dropping to a shell!
If I instead create a RAW disk image formatted as APFS with the contents of the root drive from the Ubuntu releases page, the mount works but Linux can not read the disk (presumably due to the APFS formatting?):
./LinuxVirtualMachine /Users/username/Downloads/ubuntu-23.10-server-cloudimg-arm64-vmlinuz-generic /Users/username/Downloads/ubuntu-23.10-server-cloudimg-arm64-initrd-generic /Users/username/Desktop/ubuntu-23.10-server.dmg
...snip...
Warning: Type of root file system is unknown, so skipping check.
mount: mounting /dev/vda on /root failed: Invalid argument
done.
Begin: Running /scripts/local-bottom ... done.
Begin: Running /scripts/init-bottom ... mount: mounting /dev on /root/dev failed: No such file or directory
mount: mounting /dev on /root/dev failed: No such file or directory
done.
mount: mounting /run on /root/run failed: No such file or directory
To make that disk image, I did:
hdiutil create -size 2g -fs "HFS+" -volname "EmptyImage" ubuntu-23.10-server
hdiutil attach ubuntu-23.10-server.dmg
diskutil eraseDisk APFS UbuntuFS disk4 // where disk4 is the mounted drive number from the previous step
sudo cp -R /path/to/extracted-ubuntu-root-filesystem/* /Volumes/UbuntuFS/
hdiutil detach disk4
What am I missing in order to transition from booting from the RAM disk to booting from the root filesystem?
Post not yet marked as solved
Hello,
I am trying to understand how macOS virtualization framework and Virtualization products work on M1 chips.
I have tried Parallels Desktop. There are no third party kernel extensions (kext) installed with this product. When i plug an USB device on my mac, i get a popup asking me if i want to plug this device to my host mac or to the current Parallels virtual machine. How can this be possible without kext ? Device management is handled at kernel level... and there are no virtualization framework API for that...
I have create a Linux virtual machine with Virtualization framework (similar to GNULinuxVirtualMachineSampleApp project):
It works but I don't understand why i can't run Windows Virtual machines. Parallels Desktop seems to work with Virtualization framework too and this product can run ARM Windows Virtual Machine. How can they do that ?
Is there a way to simulate key sending with Virtualization framework ?
I have create a 64Gb disk (VZDiskImageStorageDeviceAttachment). I have a 64Gb file on my host mac, but i am using only 10Gb on the virtual machine at this moment. Is there a way to optimize the disk image file size ?
VZVirtualMachine provides a "pause" method. I don't understand where the virtual machine state (RAM memory, ...) is saved on the host.
Thanks a lot
Post not yet marked as solved
I m trying to identify if my launched process is running on a local mac machine(desktop/laptop) or a virtual macOS X instance like AWS EC2, Azure, MacStadium etc.
I am using the below check for this:
1 . If running on native Apple hardware, the returned value contains the model name of the hardware:
$ sysctl -n hw.model
Macmini8,1
On virtualized hardware, the value may contain the hypervisor name:
$ sysctl -n hw.model
VMware7,0
If the command output doesn't contain the "Mac" substring, the malware considers that it is running in a virtual machine.
2. Checking USB device vendor names
The commands used:
ioreg -rd1 -c IOUSBHostDevice | grep "USB Vendor Name"
Sample output on native Apple hardware:
"USB Vendor Name" = "Apple Inc."
"USB Vendor Name" = "Apple Inc."
"USB Vendor Name" = "Apple, Inc."
On virtualized hardware, the value may contain the hypervisor name:
"USB Vendor Name" = "VirtualBox"
"USB Vendor Name" = "VirtualBox"
A virtual machine can be detected by checking if the command output contains a hypervisor name, for example "VirtualBox", "VMware", etc.
3 . Checking the "IOPlatformExpertDevice" registry class
The command used:
ioreg -rd1 -c IOPlatformExpertDevice
The following fields of the IOPlatformExpertDevice class can be checked in order to detect a virtual machine:
I wanted to know can a combination of these be used to identify a process running on a Cloud VM with certainity?
Post not yet marked as solved
Hello,
When building and running the GUILinuxVirtualMachineSampleApp, I immediately get the error :
"Failed to retrieve the machine identifier data."
The app runs with a black window and an infinite loop icon without the file picker prompt as expected.
Hardware : MacBook Pro M2
OS : macOS 13.2.1
Can't understand what's causing it relatively to the VZGenericMachineIdentifier object.
Any insight or suggestion would be more than appreciated.
Thanks in advance :).
Sincerely,
hex0x40
Some APIs seem to require entitlements for any use (sandboxed or not) but don't have any indication where we might sign up. The particular usage here is com.apple.vm.networking for vmnet, as it looks like we can't even get started in development without it.
Post not yet marked as solved
I'm used to test all the Beta version on Virtual OS ...
With the new framework there is no way to sign with iCloud account. so no way to put an account to update the VM with a new beta who is released.
The only solution is to setup a new VM.
that is a real limitation as update process is important to test too...
Any one have a solution?
Post not yet marked as solved
Hi,
I am trying to create a virtual-machine using Virtualization.Framework (Reference) and trying to use VZFileHandleNetworkDeviceAttachment (Referece) as network device.
The creation and starting of VM are successful but am not receiving any raw packets via the created datagram socket.
Is there any working example for using VZFileHandleNetworkDeviceAttachment.
Thanks in advance.
juliencrypt.
