Support using UTM's build of QEMU (for stability, GPU acceleration, sudo-less vmnet)

[AkihiroSuda]

UTM's build of QEMU seems more stable and also supports GPU acceleration:

• QEMU on macOS 15.2 on Apple M4: qemu-system-aarch64: Property 'host-arm-cpu.sme' not found #3032
• qemu: support OpenGL acceleration (VirGL) #2086

Not sure how to launch it though

$ file /Applications/UTM.app/Contents/Frameworks/qemu-x86_64-softmmu.framework/Versions/A/qemu-x86_64-softmmu 
/Applications/UTM.app/Contents/Frameworks/qemu-x86_64-softmmu.framework/Versions/A/qemu-x86_64-softmmu: Mach-O universal binary with 2 architectures: [x86_64:Mach-O 64-bit dynamically linked shared library x86_64] [arm64]
/Applications/UTM.app/Contents/Frameworks/qemu-x86_64-softmmu.framework/Versions/A/qemu-x86_64-softmmu (for architecture x86_64):	Mach-O 64-bit dynamically linked shared library x86_64
/Applications/UTM.app/Contents/Frameworks/qemu-x86_64-softmmu.framework/Versions/A/qemu-x86_64-softmmu (for architecture arm64):	Mach-O 64-bit dynamically linked shared library arm64

$ /Applications/UTM.app/Contents/XPCServices/QEMUHelper.xpc/Contents/MacOS/QEMULauncher.app/Contents/MacOS/QEMULauncher /Applications/UTM.app/Contents/Frameworks/qemu-x86_64-softmmu.framework/Versions/A/qemu-x86_64-softmmu 
Trace/BPT trap: 5

An alternative way is to push UTM's patches to Homebrew, but not sure whether Homebrew maintainers will like it.

[AkihiroSuda]

Looks like sudo-less vmnet can be enabled too when UTM.app is signed
utmapp/UTM@4a22d43

[balajiv113]

UTM.app is signed

Exactly, If the app have the network entitlement them we don't need sudo for vmnet.

[jandubois]

Exactly, If the app have the network entitlement them we don't need sudo for vmnet.

What entitlements would allow this? I thought it would require com.apple.vm.networking, which is only available upon request to developers of virtualization software that is distributed through the app store (so has no access to run anything as root).

It was my understanding that it is impossible to get this entitlement if you want to distribute outside the app store; you are supposed to run as root instead.

I guess UTM is distributed through the app store, and they may have been given the entitlement by Apple.

I'm pretty sure we would need to be a GUI app to distribute Lima through the app store, and even then I wonder if we could get the entitlement as an open source project.

[AkihiroSuda]

The free version (brew install utm) seems to have the entitlement too.
ps -ef shows -netdev vmnet-bridged,id=net0,ifname=en0

[norio-nomura]

You can check the entitlements for each application using the following commands:

qlmanage -p "/Applications/UTM.app/Contents/embedded.provisionprofile"

It seems that VMware Fusion, which is distributed outside the App Store, also has the com.apple.vm.networking entitlement:

qlmanage -p "/Applications/VMware Fusion.app/Contents/embedded.provisionprofile"

[nirs]

If we can get "com.apple.vm.networking" for lima we don't need socket_vmnet. We can use VZBridgedNetworkDeviceAttachment in lima.

This is much faster (40 Gbits/s with iperf3 vs 2.5 Gbits/s) and consume no additional cpu in socket_vment and limactl.

VZ does not support shared network like host mode socekt_vmnet, so we can keep socket_vment for this special case.

[cfergeau]

I thought it would require com.apple.vm.networking, which is only available upon request to developers of virtualization software that is distributed through the app store (so has no access to run anything as root).

It was my understanding that it is impossible to get this entitlement if you want to distribute outside the app store; you are supposed to run as root instead.

This is the first time I hear about this "distributed through the app store" requirement, I'm only aware of the requirement that this is used by a virtualization program.

[jandubois]

I think it eventually comes from xhyve being used by Go console app… | Apple Developer Forums

However, I have to set some expectations here.

com.apple.vm.networking

was intended to allow VM apps to ship in the Mac App Store (where privilege escalation is outlawed) and thus it’s going to be a hard sell for non-app products shipping outside the store.

It is great to hear that it will be granted to non-store apps.

[AkihiroSuda]

Update: this wrapper seems to work

/*

clang -o qemu_wrapper qemu_wrapper.c \
  -F/Applications/UTM.app/Contents/Frameworks \
  -framework qemu-aarch64-softmmu \
  -Wl,-rpath,/Applications/UTM.app/Contents/Frameworks

*/
extern int qemu_init(int argc, char **argv, char **envp);
extern void *qemu_main_loop(void);
extern void *qemu_cleanup(void);

int main(int argc, char **argv, char **envp) {
        int rc = qemu_init(argc, argv, envp);
        if (rc < 0) {
                return rc;
        }
        qemu_main_loop();
        qemu_cleanup();
}

I still don't know how to use /Applications/UTM.app/Contents/XPCServices/QEMUHelper.xpc/Contents/MacOS/QEMULauncher.app/Contents/MacOS/QEMULauncher.