Invalid virtual machine configuration

[benoitf]

When running vfkit 0.5.1 from https://github.com/crc-org/vfkit/releases/download/v0.5.1/vfkit

I have when running it

Error: Error Domain=VZErrorDomain Code=2 Description="Invalid virtual machine configuration. The process doesn’t have the “com.apple.security.virtualization” entitlement." UserInfo={
    NSLocalizedFailure = "Invalid virtual machine configuration.";
    NSLocalizedFailureReason = "The process doesn\U2019t have the \U201ccom.apple.security.virtualization\U201d entitlement.";
}

sudo wget https://github.com/crc-org/vfkit/releases/download/v0.5.1/vfkit -O /usr/local/bin/vfkit

 /usr/local/bin/vfkit --cpus 6 --memory 2048 --bootloader efi,variable-store=/Users/benoitf/.local/share/containers/podman/machine/applehv/efi-bl-podman-machine-default,create --device virtio-blk,path=/Users/benoitf/.local/share/containers/podman/machine/applehv/podman-machine-default-arm64 --device virtio-rng --device virtio-serial,logFilePath=/var/folders/_s/rlbw3qg15vx0j6vr4l7kd1hm0000gn/T/podman/podman-machine-default.log --device virtio-vsock,port=1025,socketURL=/var/folders/_s/rlbw3qg15vx0j6vr4l7kd1hm0000gn/T/podman/podman-machine-default.sock,listen --device virtio-net,unixSocketPath=/var/folders/_s/rlbw3qg15vx0j6vr4l7kd1hm0000gn/T/podman/podman-machine-default-gvproxy.sock,mac=5a:94:ef:e4:0c:ee --device virtio-fs,sharedDir=/Users,mountTag=Users --device virtio-fs,sharedDir=/private,mountTag=private --device virtio-fs,sharedDir=/var/folders,mountTag=var-folders --restful-uri tcp://localhost:63535 --device virtio-gpu,width=800,height=600 --device virtio-input,pointing --device virtio-input,keyboard --gui
INFO[0000] &{6 2048    {[efi variable-store=/Users/benoitf/.local/share/containers/podman/machine/applehv/efi-bl-podman-machine-default create] true}  [virtio-blk,path=/Users/benoitf/.local/share/containers/podman/machine/applehv/podman-machine-default-arm64 virtio-rng virtio-serial,logFilePath=/var/folders/_s/rlbw3qg15vx0j6vr4l7kd1hm0000gn/T/podman/podman-machine-default.log virtio-vsock,port=1025,socketURL=/var/folders/_s/rlbw3qg15vx0j6vr4l7kd1hm0000gn/T/podman/podman-machine-default.sock,listen virtio-net,unixSocketPath=/var/folders/_s/rlbw3qg15vx0j6vr4l7kd1hm0000gn/T/podman/podman-machine-default-gvproxy.sock,mac=5a:94:ef:e4:0c:ee virtio-fs,sharedDir=/Users,mountTag=Users virtio-fs,sharedDir=/private,mountTag=private virtio-fs,sharedDir=/var/folders,mountTag=var-folders virtio-gpu,width=800,height=600 virtio-input,pointing virtio-input,keyboard] tcp://localhost:63535  true}
INFO[0000] boot parameters: &{EFIVariableStorePath:/Users/benoitf/.local/share/containers/podman/machine/applehv/efi-bl-podman-machine-default CreateVariableStore:true}
INFO[0000]
INFO[0000] virtual machine parameters:
INFO[0000]  vCPUs: 6
INFO[0000]  memory: 2048 MiB
INFO[0000]
INFO[0000] Adding virtio-blk device (imagePath: /Users/benoitf/.local/share/containers/podman/machine/applehv/podman-machine-default-arm64)
INFO[0000] Adding virtio-rng device
INFO[0000] Adding virtio-serial device (logFile: /var/folders/_s/rlbw3qg15vx0j6vr4l7kd1hm0000gn/T/podman/podman-machine-default.log)
INFO[0000] Adding virtio-vsock device
INFO[0000] Adding virtio-net device (nat: false macAddress: [5a:94:ef:e4:0c:ee])
INFO[0000] Using unix socket /var/folders/_s/rlbw3qg15vx0j6vr4l7kd1hm0000gn/T/podman/podman-machine-default-gvproxy.sock
INFO[0000] local: /Users/benoitf/Library/Application Support/vfkit/net-34310-2014855774.sock remote: /var/folders/_s/rlbw3qg15vx0j6vr4l7kd1hm0000gn/T/podman/podman-machine-default-gvproxy.sock
INFO[0000] Adding virtio-fs device
INFO[0000] Adding virtio-fs device
INFO[0000] Adding virtio-fs device
INFO[0000] Adding virtio-gpu device
INFO[0000] Adding virtio-input pointing device
INFO[0000] Adding virtio-input keyboard device
Error: Error Domain=VZErrorDomain Code=2 Description="Invalid virtual machine configuration. The process doesn’t have the “com.apple.security.virtualization” entitlement." UserInfo={
    NSLocalizedFailure = "Invalid virtual machine configuration.";
    NSLocalizedFailureReason = "The process doesn\U2019t have the \U201ccom.apple.security.virtualization\U201d entitlement.";
}
Usage:
  vfkit [flags]

Flags:
  -b, --bootloader strings      bootloader configuration (default [])
  -c, --cpus uint               number of virtual CPUs (default 1)
  -d, --device stringArray      devices
      --gui                     display the contents of the virtual machine onto a graphical user interface
  -h, --help                    help for vfkit
  -i, --initrd string           path to the virtual machine initrd
  -k, --kernel string           path to the virtual machine linux kernel
  -C, --kernel-cmdline string   linux kernel command line
      --log-level string        set log level
  -m, --memory uint             virtual machine RAM size in mibibytes (default 512)
      --restful-uri string      URI address for RestFul services (default "none://")
  -t, --timesync string         sync guest time when host wakes up from sleep
  -v, --version                 version for vfkit

Error Domain=VZErrorDomain Code=2 Description="Invalid virtual machine configuration. The process doesn’t have the “com.apple.security.virtualization” entitlement." UserInfo={
    NSLocalizedFailure = "Invalid virtual machine configuration.";
    NSLocalizedFailureReason = "The process doesn\U2019t have the \U201ccom.apple.security.virtualization\U201d entitlement.";
}

If I replace by https://github.com/crc-org/vfkit/releases/download/v0.5.0/vfkit

it works

sudo wget https://github.com/crc-org/vfkit/releases/download/v0.5.0/vfkit -O /usr/local/bin/vfkit

/usr/local/bin/vfkit --cpus 6 --memory 2048 --bootloader efi,variable-store=/Users/benoitf/.local/share/containers/podman/machine/applehv/efi-bl-podman-machine-default,create --device virtio-blk,path=/Users/benoitf/.local/share/containers/podman/machine/applehv/podman-machine-default-arm64 --device virtio-rng --device virtio-serial,logFilePath=/var/folders/_s/rlbw3qg15vx0j6vr4l7kd1hm0000gn/T/podman/podman-machine-default.log --device virtio-vsock,port=1025,socketURL=/var/folders/_s/rlbw3qg15vx0j6vr4l7kd1hm0000gn/T/podman/podman-machine-default.sock,listen --device virtio-net,unixSocketPath=/var/folders/_s/rlbw3qg15vx0j6vr4l7kd1hm0000gn/T/podman/podman-machine-default-gvproxy.sock,mac=5a:94:ef:e4:0c:ee --device virtio-fs,sharedDir=/Users,mountTag=Users --device virtio-fs,sharedDir=/private,mountTag=private --device virtio-fs,sharedDir=/var/folders,mountTag=var-folders --restful-uri tcp://localhost:63535 --device virtio-gpu,width=800,height=600 --device virtio-input,pointing --device virtio-input,keyboard --gui
INFO[0000] &{6 2048    {[efi variable-store=/Users/benoitf/.local/share/containers/podman/machine/applehv/efi-bl-podman-machine-default create] true}  [virtio-blk,path=/Users/benoitf/.local/share/containers/podman/machine/applehv/podman-machine-default-arm64 virtio-rng virtio-serial,logFilePath=/var/folders/_s/rlbw3qg15vx0j6vr4l7kd1hm0000gn/T/podman/podman-machine-default.log virtio-vsock,port=1025,socketURL=/var/folders/_s/rlbw3qg15vx0j6vr4l7kd1hm0000gn/T/podman/podman-machine-default.sock,listen virtio-net,unixSocketPath=/var/folders/_s/rlbw3qg15vx0j6vr4l7kd1hm0000gn/T/podman/podman-machine-default-gvproxy.sock,mac=5a:94:ef:e4:0c:ee virtio-fs,sharedDir=/Users,mountTag=Users virtio-fs,sharedDir=/private,mountTag=private virtio-fs,sharedDir=/var/folders,mountTag=var-folders virtio-gpu,width=800,height=600 virtio-input,pointing virtio-input,keyboard] tcp://localhost:63535  true}
INFO[0000] boot parameters: &{EFIVariableStorePath:/Users/benoitf/.local/share/containers/podman/machine/applehv/efi-bl-podman-machine-default CreateVariableStore:true}
INFO[0000]
INFO[0000] virtual machine parameters:
INFO[0000]  vCPUs: 6
INFO[0000]  memory: 2048 MiB
INFO[0000]
INFO[0000] Adding virtio-blk device (imagePath: /Users/benoitf/.local/share/containers/podman/machine/applehv/podman-machine-default-arm64)
INFO[0000] Adding virtio-rng device
INFO[0000] Adding virtio-serial device (logFile: /var/folders/_s/rlbw3qg15vx0j6vr4l7kd1hm0000gn/T/podman/podman-machine-default.log)
INFO[0000] Adding virtio-vsock device
INFO[0000] Adding virtio-net device (nat: false macAddress: [5a:94:ef:e4:0c:ee])
INFO[0000] Using unix socket /var/folders/_s/rlbw3qg15vx0j6vr4l7kd1hm0000gn/T/podman/podman-machine-default-gvproxy.sock
INFO[0000] local: /Users/benoitf/Library/Application Support/vfkit/net-35658-701763277.sock remote: /var/folders/_s/rlbw3qg15vx0j6vr4l7kd1hm0000gn/T/podman/podman-machine-default-gvproxy.sock
INFO[0000] Adding virtio-fs device
INFO[0000] Adding virtio-fs device
INFO[0000] Adding virtio-fs device
INFO[0000] Adding virtio-gpu device
INFO[0000] Adding virtio-input pointing device
INFO[0000] Adding virtio-input keyboard device
[GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.

[GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in production.
 - using env:   export GIN_MODE=release
 - using code:  gin.SetMode(gin.ReleaseMode)

[GIN-debug] GET    /vm/state                 --> github.com/crc-org/vfkit/pkg/rest.VirtualMachineStateHandler.GetVMState-fm (3 handlers)
[GIN-debug] POST   /vm/state                 --> github.com/crc-org/vfkit/pkg/rest.VirtualMachineStateHandler.SetVMState-fm (3 handlers)
[GIN-debug] GET    /vm/inspect               --> github.com/crc-org/vfkit/pkg/rest.VirtualMachineInspector.Inspect-fm (3 handlers)
[GIN-debug] [WARNING] You trusted all proxies, this is NOT safe. We recommend you to set a value.
Please check https://pkg.go.dev/github.com/gin-gonic/gin#readme-don-t-trust-all-proxies for details.
[GIN-debug] Listening and serving HTTP on localhost:63535
INFO[0000] virtual machine is running
INFO[0000] Exposing vsock port 1025 on /var/folders/_s/rlbw3qg15vx0j6vr4l7kd1hm0000gn/T/podman/podman-machine-default.sock (listening)
INFO[0000] waiting for VM to stop

or if I use the brew tap

[gbraad]

Perhaps something went wrong with: https://github.com/crc-org/vfkit/blob/1bad6aea2e70f1296550bf4485fb108da9d93625/Makefile#L21

[cfergeau]

Thanks for the report, I forgot to add the entitlement when I signed the binary. vfkit-unsigned should work fine. I've resigned/reuploaded the signed vfkit binary.