Virtualization Framework: Does it require administrative privileges to use?

I'd like to be able to run Linux in a virtual environment on my M1 macOS Monterey system that is managed by my IT department. Can I use the Virtualization Framework Virtualization Framework to do the installation without any admin privileges?

Are there other virtualization products (eg, Parallels, VMware, VirtualBox) that are usable without admin privileges? The side-by-side comparison that I found (at https://www.pcmag.com/picks/the-best-virtualization-software) doesn't have any indication either way. In asking about these 3rd-party ones, I'm not looking for a recommendation per se, but just a yay/nay on being able to work within an unprivileged account.

Post not yet marked as solved Up vote post of rsindlin Down vote post of rsindlin
1.8k views
Posted by
rsindlin
Reply
Add a Comment

Replies

Virtualization framework doesn't require admin privileges. It is designed to work without giving much privileges to the hosting process for security.

Products built on top of Virtualization or Hypervisor frameworks may or may not require admin privileges based on other services they provide. Better check with those vendors directly.

Posted by
BenjaminApple
Up vote reply of BenjaminApple Down vote reply of BenjaminApple
Add a Comment

There may be issues with networking. The vmnet framework ( https://developer.apple.com/documentation/vmnet ) needs either a special entitlement or to be a privileged process. If you install an app from the App Store it may have the special entitlement.

There are alternatives to vmnet for networking.

Personally I used qemu 7.0 via Homebrew to run a Debian VM. vmnet support is added in qemu 7.1, so for now I’m using their “user mode networking”. This means the VM doesn’t get its own IP address. I don’t think this requires any special privileges but I could be wrong.

Posted by
endecotp
Up vote reply of endecotp Down vote reply of endecotp
Add a Comment

The vmnet framework … needs either a special entitlement or to be a privileged process.

Only in bridged mode (VMNET_BRIDGED_MODE). In NAT (VMNET_SHARED_MODE) or host mode (VMNET_HOST_MODE), vmnet does not require the com.apple.vm.networking entitlement.

This fact is reflected in the Virtualization framework. A bridged network device (VZBridgedNetworkDeviceAttachment) requires com.apple.vm.networking but the others do not.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment