Logging in with my Apple ID anywhere in the system (feedback assistant, Xcode, iCloud, etc.) fails when running under virtualization. Is this a known 'issue'? (networking in general is working fine)

I m trying to identify if my launched process is running on a local mac machine(desktop/laptop) or a virtual macOS X instance like AWS EC2, Azure, MacStadium etc. I have followed this link which searched for its limited providers in the output, but I m not bound to any limited providers and looking for a general solution which is applicable to all the providers. Is there some hardware/network/virtualization-related information that can be used to identify if the process is launched on a virtual MacOS instance? OR is there some system Information that I can use to be sure that my process is running on a local machine?

Virtualization framework is a high-level API to create macOS and Linux virtual machines. Hypervisor is a low-level API to build virtualization solutions without the need for a kernel extension. If you’re interested in containers on the Mac, check out the Containerization package and its associated container tool. Virtualization: Forums subtopic: App & System Services > Core OS Forums tag: Virtualization Virtualization framework documentation Using iCloud with macOS virtual machines documentation article Use iCloud on a virtual machine support article Running macOS in a virtual machine on Apple silicon sample code Running Linux in a Virtual Machine sample code Running GUI Linux in a virtual machine on a Mac sample code Building macOS apps with Xcode 26 on macOS 26 VM forums thread — This thread describes how the development experience in VMs has improved recently, and one remaining issue that you might bump in to. Hypervisor: Forums subtopic: App & System Services > Core OS Forums tag: Hypervisor Hypervisor framework documentation Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

According to the thread at https://developer.apple.com/forums/thread/787500?answerId=863361022#863361022, we should now be able to set VMs provisioning identifiers to run developer builds. However, the identifier check seems to be case-sensitive. I have an identifier from an old VM that was input (automatically via Xcode) to the portal as all-caps. However, now it's showing up as all lower-case (on the device). When I try to launch my application, the system logs report that the provisioning identifer doesn't match, so my application will not launch: # Error log error 13:41:36.173151-0600 taskgated-helper embedded provisioning profile not valid: file:///Applications/my-app.app/Contents/embedded.provisionprofile error: Error Domain=CPProfileManager Code=-212 "Provisioning profile does not allow this device." UserInfo={NSLocalizedDescription=Provisioning profile does not allow this device.} # Device's identifier $ system_profiler SPHardwareDataType Hardware: ... Provisioning UDID: 9d136dc4ae3ce80124756cc5bcb40cd1117c04b6 # Embedded provision (from developer portal) $ security cms -D -i /Applications/my-app.app/Contents/embedded.provisionprofile <key>ProvisionedDevices</key> <array> <string>9D136DC4AE3CE80124756CC5BCB40CD1117C04B6</string> </array> I have tried disabling the previous record and adding it again (with lower-case) on the developer portal - but all that does is reenable the previous (all-caps) record. Either the check needs to be case-insensitive, or there needs to be a way to change the registration on the developer portal to properly match.

I'm trying to setup a macOS 26 build environment in a VM (using UTM and the virtualization framework Apple provides). I have Xcode 26 installed and have logged into my Apple ID and verified that the team and other configuration looks fine in Xcode settings. When trying to build the macOS app, I see errors saying the VM's device ID has not been registered. I have confirmed that the device ID is registered both in the Provisioning portal AND the downloaded .provisionprofiles (in Library > Developer > Xcode > UserData). This problem appears on multiple targets (e.g. the main app and extensions). If I try to manually provision the app, using the Provisioning portal, I can build the product, but it will not launch because of Gatekeeper issues. Finally, signing to run locally doesn't work either. As the app launches, frameworks refuse to load because Team IDs don't match. With ad hoc provisioning, there are no Team IDs. I've come to the conclusion that this just isn't possible. Which is a shame because I need to support products with a build environment on macOS 15 and cannot move over to macOS 26 yet. I suspect many developers outside of Apple are in a similar position.

for the Tahoe host and guest: does guest login to app store work, and does xcode in guest work? in my environment: I upgraded host and guest to Tahoe, the guest still cannot login to app store with error: an unknown error occurred

I have successfully booted the Linux Kernel with VirtIOFS as the rootfs, but file permission issues render it completely unusable. A file on the macOS host belongs to uid 0, gid 0, but on the Linux guest, this file belongs to uid 1000, gid 10. Why does this happen? How are file permissions directly mapped between the host and the guest? If there is no mapping mechanism in place, why does this discrepancy occur? This leads to errors in Linux, such as: sudo: /etc/sudo.conf is owned by uid 1000, should be 0 sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set bootLoader.commandLine = "console=hvc0 rootfstype=virtiofs root=myfs rw" let directorySharingDevice = VZVirtioFileSystemDeviceConfiguration(tag: "myfs") directorySharingDevice.share = VZSingleDirectoryShare(directory: VZSharedDirectory(url: rootURL!, readOnly: false)) The VMM is running as root.

I'm just getting started w/ container. I've been using lima. I thought that container should be investigated. I installed the .4.1 package, and started the tutorial. Imagine my surprise when the local dns entry could be created, but not set as a property. The command container system --help doesn't show property as a valid subcommand? OVERVIEW: Manage system components USAGE: container system <subcommand> OPTIONS: --version Show the version. -h, --help Show help information. SUBCOMMANDS: dns Manage local DNS domains logs Fetch system logs for `container` services start Start `container` services stop Stop all `container` services status Show the status of `container` services kernel Manage the default kernel configuration See 'container help system <subcommand>' for detailed help. > ~ container system property Error: Unexpected argument 'property' Usage: container system <subcommand> See 'container system --help' for more information. Some logs container system status apiserver is not running and not registered with launchd > ~ container system start Verifying apiserver is running... Installing base container filesystem... > ~ container system status Verifying apiserver is running... apiserver is running > ~ container system property Error: Unexpected argument 'property' Usage: container system <subcommand> See 'container system --help' for more information. I'm obviously missing something. Advice appreciated

Starting Xcode 14, iOS Simulator is able to communicate with APNs in order to register for notification in the sandbox environment. I created a sample test for this. A dumb iOS application that registers for notifications. It has UITests to automatize the tap on the consent popup (it is not possible to ask for the permission via CLI sadly). Once the application registers, the AppDelegate method didRegisterForRemoteNotificationsWithDeviceToken is called and the device token is sent to a local server application (node.js). The test itself creates an iOS 18.6 Simulator with xcrun simctl, builds such app and run the tests through through CLI with xcodebuild. Running this on my personal Macbook Pro M1 2021 goes well every time, so I wanted to bring it on Github Actions (arm64 macOS machines), in order to test the works on a open source library I'm building (hapns). Contacting Github support led me to test this on a macOS image running inside a VM inside a Veertu Anka container on my personal Macbook Pro, due to an VM architectural limit suspicion. The results were the same: iOS simulator isn't able to receive the device token. Not even didFailToRegisterForRemoteNotificationsWithError is called (tested through some network probes-requests that communicate to the server which checkpoints the process reached). So, as asked, I've setup a repro-case to be run in the VM and I've collected VM diagnostics ready to be tested and attached. Does anyone know if there is some unspecified (or specified but buried in the documentation) limit for this? Thanks. Github discussion link for further details, repro-case and so on: https://github.com/actions/runner-images/issues/12747

Hi everyone! I've considered this — what if Apple added a native system-wide feature in all of iOS, iPadOS, and macOS called “CrossRun” where you can natively execute non-App Store software like Windows or Linux apps natively on your device? But not in a sluggish emulator—this would use intelligent Apple-signed Just-In-Time (JIT) compilation inside the virtual containers, and the experience would actually perform fast and feel natural. This is my vision for CrossRun: Every developer, student, creative professional, and enterprise user who relies on specialized software—whether it’s legacy Windows tools, Linux-only applications, or vintage DOS and Classic Mac utilities—feels the pain of platform lock‑in. Artists can’t run niche Linux‑based graphics programs on their iPads. Engineers can’t test x64‑only binaries on Apple Silicon without juggling emulators. Retro‑gaming fans miss their favorite DOS titles. Even enterprises struggle to standardize on Apple hardware because critical Windows‑only applications won’t run seamlessly. If we don’t push for CrossRun now, the Apple ecosystem remains siloed: iPads and iPhones will continue limited to App Store apps, Macs will still need multiple third‑party VM tools, and countless workflows stay fragmented across devices. That means slower development cycles, extra licensing costs for virtualization software, and lost opportunities for education, creativity, and business efficiency. Without CrossRun’s universal runtime, we’ll still be rebooting into different environments or paying for separate virtualization apps—year after year. Apple already provides the building blocks: Rosetta 2, Virtualization.framework, Apple Silicon—and QEMU thrives as open‑source, battle‑tested code. With the next wave of Apple Silicon devices on the horizon, demand for cross‑architecture support, legacy‑app compatibility, and enterprise containerization is only growing. Delaying another year will cost developers, businesses, and users real time and money. Let’s show Apple that the community is ready for a truly universal, system‑integrated solution—right now. Key features we should demand in CrossRun: Built‑in Apple‑signed QEMU for all ISAs (x86, ARM, RISC‑V, PowerPC, 68k, MIPS, etc.) Rosetta 2 JIT for seamless macOS and Windows x64 support Metal‑backed 3D GPU passthrough and Vulkan→Metal / Direct3D→Metal translation Downloadable OS and app containers via the App Store or verified repositories (Ubuntu, Windows ARM/x64, Android, Haiku, ReactOS, FreeBSD, retro OSes) Predictive ML pre‑warm cache to speed cold starts Dynamic resource scaling (CPU, GPU, RAM) per container iCloud‑synced snapshots and shareable VM links for cross‑device continuity Customizable on‑screen controls (D‑pad, virtual buttons, trackpad, keyboard) on iPhone, iPad, and macOS Secure sandboxing via Virtualization.framework with VM disk encryption and MDM policy enforcement Virtual LAN and VPN passthrough for container networking Developer tooling (crossrunctl CLI, Xcode debugger integration, CI/CD support) Plugin ecosystem and container SDK for community‑published templates and translation layers Let Apple know it’s time to bake CrossRun into the system and unlock a universal runtime for every app, past and future, across iOS, iPadOS, and macOS.

After upgrading the virtual machines used for building and testing our macOS application, it seems that something new in Sequoia is preventing virtual machines from running anything signed with a Mac Development certificate. At first glance the issue seems very similar to this thread, but it could be unrelated. We are using the tart toolset to build and run our VMs. People seem to be having related issues there with Sequoia in particular. I have added the VM's hardware UUID to the Devices list of our account. I have included that device in the devices list of our Mac Development provisioning profile. I have re-downloaded the profile, ensured that it is properly getting built into the app, and ensured that the hardware UUID of the VM matches the embedded provisioning profile: Virtual-Machine App.app/Contents % system_profiler SPHardwareDataType | grep UUID Hardware UUID: 0CAE034E-C837-53E6-BA67-3B2CC7AD3719 Virtual-Machine App.app/Contents % grep 0CAE034E-C837-53E6-BA67-3B2CC7AD3719 ../../App.app/Contents/embedded.provisionprofile Binary file ../../App.app/Contents/embedded.provisionprofile matches However, when I try to run the application, it fails, and while I have searched the system logs to find a more informative error message, the only thing I can find is that the profile doesn't match the device somehow: Virtual-Machine App.app/Contents % open ../../App.app The application cannot be opened for an unexpected reason, error=Error Domain=RBSRequestErrorDomain Code=5 "Launch failed." UserInfo={NSLocalizedFailureReason=Launch failed., NSUnderlyingError=0x6000039440f0 {Error Domain=NSPOSIXErrorDomain Code=153 "Unknown error: 153" UserInfo={NSLocalizedDescription=Launchd job spawn failed}}} Virtual-Machine App.app/Contents % log show --info --debug --signpost --last 3m | grep -i embedded.provisionprofile 2025-01-21 16:33:32.369829+0000 0x65ba Error 0x0 2872 7 taskgated-helper: (ConfigurationProfiles) [com.apple.ManagedClient:ProvisioningProfiles] embedded provisioning profile not valid: file:///private/tmp/builds/app/.caches/Xcode/DerivedData/Build/Products/Debug/App.app/Contents/embedded.provisionprofile error: Error Domain=CPProfileManager Code=-212 "Provisioning profile does not allow this device." UserInfo={NSLocalizedDescription=Provisioning profile does not allow this device.} I don't understand why the provisioning profile wouldn't allow the device if the hardware UUID matches. I have also attempted to add the Provisioning UDID in the devices list instead, but the form rejects that value because it's a different format (the form specifically requests a hardware UUID for macOS development, and a provisioning UDID for everything else). If there is any debugging tool that lets me check a provisioning profile against the running hardware and print a more verbose reason for why it's not allowed on the device, please let me know. Otherwise I'd have to conclude that, since I haven't experienced this issue before on an earlier OS, it has something to do with virtual machines running macOS Sequoia. (The same Mac Development-signed application runs just fine on my MacBook Pro running 15.2, as well as the VM host, which is also running 15.2.) I have also tried resetting the VM's hardware UUID and adding that one to the devices list, to no effect. This is obviously seriously impacting our CI/CD pipelines to allow for proper UI testing of our application. If anyone is aware of any workarounds, I would love to hear them!

I see this in Tahoe Beta release notes macOS now supports the Apple Sparse Image Format (ASIF). These space-efficient images can be created with the diskutil image command-line tool or the Disk Utility application and are suitable for various uses, including as a backing store for virtual machines storage via the Virtualization framework. See VZDiskImageStorageDeviceAttachment. (152040832) I'm developing a macOS app using the Virtualization framework and need to create disk images in the ASIF (Apple Sparse Image Format) to make use of the new feature in Tahoe Is there an official way to create/resize ASIF images programmatically using Swift? I couldn’t find any public API that supports this directly. Any guidance or recommendations would be appreciated. Thanks!

We have a Mac app that uses some restricted macOS entitlements, thus to test it we embed a development provisioning profile, that needs to contain the correct provisioning UDID. Typically, for test VMs, we extract the provisioning and UDID and add it to the developer portal and then re-generate the provisioning profiles. However when we try to do this in our newly created VM (Apple Silicon), our executable won't run, and macOS logs that the provisioning profile doesn't allow the device: 2025-06-12 12:37:52.168 E taskgated-helper[27489:e97da] [com.apple.ManagedClient:ProvisioningProfiles] embedded provisioning profile not valid: file:///Applications/foo.app/Contents/embedded.provisionprofile error: Error Domain=CPProfileManager Code=-212 "Provisioning profile does not allow this device." UserInfo={NSLocalizedDescription=Provisioning profile does not allow this device.} 2025-06-12 12:37:52.169 E taskgated-helper[27489:e97da] [com.apple.ManagedClient:ProvisioningProfiles] Disallowing com.company.foo because no eligible provisioning profiles found 2025-06-12 12:37:52.169 Df amfid[112:e99b0] [com.apple.xpc:connection] [0xb34c74a00] invalidated because the current process cancelled the connection by calling xpc_connection_cancel() 2025-06-12 12:37:52.169 Df taskgated-helper[27489:e97da] [com.apple.xpc:connection] [0x839144000] invalidated because the client process (pid 112) either cancelled the connection or exited 2025-06-12 12:37:52.169 E amfid[112:e91ac] [com.apple.MobileFileIntegrity.framework:default] Failure validating against provisioning profiles: &lt;private&gt; 2025-06-12 12:37:52.169 E amfid[112:e91ac] [com.apple.MobileFileIntegrity.framework:default] Restricted entitlements not validated, bailing out. Error: Error Domain=AppleMobileFileIntegrityError Code=-413 "No matching profile found" UserInfo={NSURL=&lt;private&gt;, NSLocalizedDescription=No matching profile found} 2025-06-12 12:37:52.169 Df amfid[112:e91ac] /Applications/foo.app/Contents/MacOS/foo not valid: Error Domain=AppleMobileFileIntegrityError Code=-413 "No matching profile found" UserInfo={NSURL=file:///Applications/foo.app/, NSLocalizedDescription=No matching profile found} The UDID for this VM does look weird, in System Profiler: But I can verify that this UDID string is present in the provisioning profile embedded in the app bundle: $ security cms -D -i /Applications/foo.app/Contents/embedded.provisionprofile | grep -i 7cd9234e9aa4fa8ba528ee417f857b2c993a20a3 &lt;string&gt;7CD9234E9AA4FA8BA528EE417F857B2C993A20A3&lt;/string&gt; I also tried deleting the manually added device from the Developer portal and installing Xcode on the VM and letting Xcode register the device, but I end up in the same situation there. Even after letting Xcode itself register the device, it says that "this device not registered to your account" and then when I click "Register device" it changes into " already exists". Has anyone else managed to get Mac development provisioning profiles to work in a VM?

I installed the WWDC beta on UTM and I'm unable to find the option to disable the so-called "Natural Scrolling". Has this been removed and if so, can we get it put back? I use a mouse with scroll wheel and everything is going opposite the direction I expect in the macOS 26 VM.

We are using VZVirtualMachine instances in a Swift actor. It works fine but we hit a major problem when we decided that we want to attach it to a VZVirtualMachineView to show it / allow user interactions. VZVirtualMachineView and its virtualMachine property is isolated to @MainActor, so if we directly assign our vm instance to it, we receive a concurrency error: @MainActor public func createView() -> VZVirtualMachineView { let view = VZVirtualMachineView() view.virtualMachine = vm // x: Actor-isolated property 'vm' can not be referenced from the main actor return view } Is there any way we can make this work?

I'm pleased to share some significant updates that have recently been released for our Hypervisor and Virtualization frameworks. We've focused on enhancing efficiency, expanding capabilities, and addressing common developer needs. I believe these will be valuable for many of you. Here’s a look at what’s new: Hypervisor Updates We've introduced support for configuring the intermediate physical address (IPA) memory granularity of a VM. This allows for more granular memory mappings, enabling granularity sizes down to 4KB. This is particularly useful for certain specialized device drivers requiring finer memory control. Virtualization Framework Updates More Efficient VM Image Storage with ASIF: We've integrated support for the Apple Sparse Image Format (ASIF). This results in a smaller disk footprint and optimized transfer for VM disk images when using VZDiskImageStorageDeviceAttachment, improving storage efficiency. Custom Network Topologies with vmnet: We've added support for vmnet custom network topologies. This enables more flexible VM-to-VM communication based on logical networks with customized configurations, useful for complex testing or development environments. See VZVmnetNetworkDeviceAttachment to get started. Simplified VM Queue Discovery: It's now easier to discover a VM’s on-process thanks to a new property on VZVirtualMachine. This should aid in development and debugging when interacting directly with the VM's queue. These are some of the key highlights of the first beta, and I'm looking forward to seeing how these improvements will be utilized. I encourage you to explore the documentation for full details on these features.

Can the Xcode 26 code assist feature be used in a macOS 26 virtual machine? I am not seeing a way to enable it... Also asking on https://github.com/insidegui/VirtualBuddy/discussions/524

I’m encountering an issue when trying to start a macOS VM using Apple’s Virtualization framework in a sandboxed environment. When I create a standalone Xcode project, the VM launches successfully. However, when I integrate the same code into my existing project—where the VM is launched by a service started via launchd and running in a sandbox—it fails with the following error: Internal Virtualization Error: Failed to issue USB HCI sandbox extension To resolve this, I tried adding the com.apple.security.device.usb entitlement. But after doing that, the app started crashing with the following trace : Application Specific Signatures: SYSCALL_SET_USERLAND_PROFILE Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 libsystem_secinit.dylib 0x19a7141bc _libsecinit_appsandbox.cold.9 + 84 1 libsystem_secinit.dylib 0x19a713324 _libsecinit_appsandbox + 2080 2 libsystem_trace.dylib 0x18c2326cc _os_activity_initiate_impl + 64 3 libsystem_secinit.dylib 0x19a712ab0 _libsecinit_initializer + 80 4 libSystem.B.dylib 0x19a72a32c libSystem_initializer + 280 5 dyld 0x18c162efc invocation function for block in dyld4::Loader::findAndRunAllInitializers(dyld4::RuntimeState&) const + 444 6 dyld 0x18c19f864 invocation function for block in dyld3::MachOAnalyzer::forEachInitializer(Diagnostics&, dyld3::MachOAnalyzer::VMAddrConverter const&, void (unsigned int) block_pointer, void const*) const + 324 7 dyld 0x18c1bf58c invocation function for block in mach_o::Header::forEachSection(void (mach_o::Header::SectionInfo const&, bool&) block_pointer) const + 240 8 dyld 0x18c1bc318 mach_o::Header::forEachLoadCommand(void (load_command const*, bool&) block_pointer) const + 208 9 dyld 0x18c1bda58 mach_o::Header::forEachSection(void (mach_o::Header::SectionInfo const&, bool&) block_pointer) const + 124 10 dyld 0x18c19f334 dyld3::MachOAnalyzer::forEachInitializer(Diagnostics&, dyld3::MachOAnalyzer::VMAddrConverter const&, void (unsigned int) block_pointer, void const*) const + 516 11 dyld 0x18c162cb4 dyld4::Loader::findAndRunAllInitializers(dyld4::RuntimeState&) const + 176 12 dyld 0x18c16e530 dyld4::PrebuiltLoader::runInitializers(dyld4::RuntimeState&) const + 44 13 dyld 0x18c1848b0 dyld4::APIs::runAllInitializersForMain() + 88 14 dyld 0x18c147e00 dyld4::prepare(dyld4::APIs&, mach_o::Header const*) + 3092 15 dyld 0x18c1471d8 dyld4::start(dyld4::KernelArgs*, void*, void*)::$_0::operator()() const + 236 16 dyld 0x18c146b4c start + 6000 I suspect this might be due to the provisioning profile, which doesn’t seem to include the required entitlement. However, I haven’t found a way to explicitly add this entitlement to the provisioning profile. My questions are: How can I add com.apple.security.device.usb to the provisioning profile? Is there a way to confirm that adding this entitlement would resolve the issue? Are there recommended steps to debug and test Virtualization framework usage in a sandboxed environment (especially when launched as a service)? I also tried disabling SIP and AMFI, but the crash still occurs. Is there a better way to work around or test this in development? Any insights or suggestions would be greatly appreciated!

Hello, According to the official documentation, the macOS Virtualization Framework currently supports only macOS and Linux guest operating systems. I would like to know if there is any way—officially or through a supported workaround—to run Windows 11 as a guest using this framework. Additionally, is there any indication or roadmap suggesting that support for Windows guests might be introduced in a future release, such as in macOS 16? Any insights or official clarification would be greatly appreciated. Thank you.

Hello, I'm developing a macOS application that uses the Virtualization framework to run Linux virtual machines (specifically Ubuntu and Fedora) on Apple Silicon Macs. I've noticed that while the macOS host properly supports all trackpad gestures, the two-finger tap gesture for right-click does not work within the Linux guest. Only the primary click is recognized. This behavior is consistent across different Linux distributions and desktop environments (GNOME, KDE, etc.). I would like to confirm: Is the macOS Virtualization framework expected to support trackpad gestures such as two-finger tap for right-click within Linux guest VMs? If not currently supported, is there a known workaround to enable right-click functionality for the trackpad in Linux guests? (e.g., configuration changes in the VM, Linux kernel input modules, or framework-level adjustments.) Any insights or suggestions would be greatly appreciated. Thank you!

I’ve developed a virtual machine manager application using the macOS Virtualization framework. The application currently supports both NAT and bridged networking configurations. I’m now looking to implement host-only networking, where the guest VM can communicate with the host but not with external networks. Is this networking mode supported by the Virtualization framework, and if so, what is the recommended approach to set it up? Additionally, I would like to implement port forwarding from the host to the guest (e.g., redirecting traffic from a specific port on the host to a port on the guest). Is there a way to configure port forwarding using the built-in APIs of the Virtualization framework, or would this require a custom networking solution? Any guidance or best practices for implementing these features within the constraints of the framework would be greatly appreciated.