Build virtualization solutions on top of a lightweight hypervisor, without the need for third-party kernel extensions.
- macOS 10.10+
The Hypervisor framework provides C APIs for interacting with virtualization technologies in user-space, without the need for writing kernel extensions (KEXTs). As a result, apps created using this framework are suitable for distribution on the Mac App Store.
Hardware-facilitated virtual machines (VMs) and virtual processors (vCPUs) can be created and controlled by an entitled sandboxed user space process, the hypervisor client. The Hypervisor framework abstracts virtual machines as tasks and virtual processors as threads.
The Hypervisor framework has the following requirements:
A sandboxed user space process must have the
com entitlement in order to use Hypervisor APIs.
Generally, machines with an Intel VT-x feature set that includes Extended Page Tables (EPT) and Unrestricted Mode are supported. You can determine the availability of Hypervisor APIs on a particular machine at runtime with the
sysctl(8) command, passing
kern as an argument.
Example VM Life Cycle
The following figure illustrates a simplified life cycle of creating and running a virtual machine with one or more virtual CPUs using the Hypervisor Framework API.
At the start of a task, create a VM, map a region in the virtual address space of the task into the guest physical address space of the VM, and create POSIX Threads. Then, create one or more virtual CPUs, run the task on a POSIX thread, handle the VMEXIT event, and then destroy the virtual CPU. After virtual CPUs are destroyed, end the POSIX threads, unmap the memory region, and finally destroy the VM.