Virtualization sample code erratum?

I have been building virtual machines and running macOS 12 & 13 on them for over a week now using the "macOSVirtualMachineSampleApp" referenced in wwdc2022-10002 session "Create macOS or Linux virtual machines", but not without some initial issues and only after considerable sleuthing.

I need someone to explain what's going on.

I followed the instruction given at: "https://developer.apple.com/documentation/virtualization/running_macos_in_a_virtual_machine_on_apple_silicon_macs"

I ran "InstallationTool-Swift" and it created "VM.bundle" in my home directory as per the documentation. However...

Running "macOSVirtualMachineSampleApp-Swift" the VM fails to load and the app returns :"Thread 1: Fatal error: Missing Virtual Machine Bundle at /Users/myUserName/Library/Containers/com.example.apple-samplecode.macOSVirtualMachineSampleAppBA8MNGZ7WS.macOSVirtualMachineSampleApp/Data/VM.bundle/. Run InstallationTool first to create it."

The app seems to have created a series of nested folders in myUserName/Library/Containers/ and is looking for "VM.bundle" there!

Only after I copy "VM.bundle" to the location above will the VM load and run without issue.

"Path.swift" sets vmBundlePath = NSHomeDirectory() + "/VM.bundle/" and one would think "macOSVirtualMachineSampleApp" would look for it there.

Why isn't it? What am I missing?

Where in the code in "vmBundlePath" is being changed if that is in fact what's happening?

I want to teak the code so that when the installer creates "VM.bundle", the app runs it from there.

NOTE: "vmBundlePath" cannot be set to the location where "macOSVirtualMachineSampleApp" currently wants to find it because only after that app runs does the path get created but the installer needs that path to create the bundle.

It sounds like the macOSVirtualMachineSampleApp-Swift app is being run with App Sandbox enabled. Could it be that you enabled App Sandbox by accident?

If not, could you please share your version of macOS and Xcode? We can try reproducing the issue.

The App Sandbox WAS very definitely enabled, as per "Step 1" of Apple's documentation found here: https://developer.apple.com/documentation/virtualization/adding_the_virtualization_entitlement_to_your_project

...and that WAS the problem. After setting App Sandbox entitlement to "NO", "macOSVirtualMachineSampIeApp" runs and the Virtual machine boots from the VM.bundle located at "vmBundlePath". Thank you

Now the question: why are we instructed to add App Sandbox entitlement, in light of the above?

The instructions are only about the com.apple.security.virtualization entitlement. The app sandbox is only there in the screenshot because it's a standard property in new projects.

Thanks for this feedback, this is useful. We'll look into making the documentation better.

Are we looking at the same instructions? It reads: "In your project’s “Signing & Capabilities” panel, turn on the App Sandbox. This creates a new entitlement file in your project with the same name as the app target." Confusing, since the project already has an entitlement file that includes that entitlement.

In any case, your help was instrumental in my getting VMs built and running both Monterey and Ventura betas on an M1 running 12.4, simultaneously.

Now, to get authentication with Apple services to work. Has there been any progress on that front?

Thanks again

Oh, right. I didn't notice that on the first point.

Yes, that is wrong. Sandbox is supported but not mandatory.

Now, to get authentication with Apple services to work. Has there been any progress on that front?

This is not supported at the moment.

I understand from threads here and elsewhere that it is not supported. Perhaps you can offer some insight into exactly where the shortfall is.

Is it that of the project, lacking an implementation of a restricted entitlement perhaps, or simply lacking an existing method?

Or is it that the Virtualization framework lacks a method to implement, one that is required but still in development?

It is not a problem with your project.

Without going into the details, virtual machine lacks the characteristics needed to connect to the services.

Ben, I'm sorry and I don't mean to be a nudge but I need some level of detail.

For instance, is it even possible for Apple's cloud services to recognize requests coming from a virtual machine instance and authenticate with those services, or are inherent security features built into those services that would prevent a virtual machine from connecting?

Or, are we waiting for those methods to be built into Virtualization Framework?

Or is it something else?

If this is not the forum to go into those detail, perhaps we can take this offline or you could direct me to where I can begin to get such questions answered?

Thank you

[Quinn puts on his public-facing hat…]

I'd like to return to this:

Perhaps you can offer some insight into exactly where the shortfall is.

In general, Apple does not discuss our internal processes. What I can say is that any fix to this will require changes from Apple. As to what those exact changes would be, that's not something we're going to discuss here on DevForums.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[Buzz wearing his "dog-waiting-for-a-bone-from-Apple-developer face whist shelving his ultra-cool VM app]

Thank you

Virtualization sample code erratum?
 
 
Q