Linux virtual machines, with a focus on running containers
On macOS hosts, Lima now asks the user to sign the QEMU binary with the com.apple.security.hypervisor
entitlement if the binary is not properly signed:
$ limactl start
INFO[0000] Using the existing instance "default"
WARN[0000] QEMU binary "/usr/local/bin/qemu-system-x86_64" is not properly signed with the "com.apple.security.hypervisor" entitlement error="failed to run [codesign --verify /usr/local/bin/qemu-system-x86_64]: exit status 1 (out=\"/usr/local/bin/qemu-system-x86_64: invalid signature (code or signature have been modified)\\nIn architecture: x86_64\\n\")"
? Try to sign "/usr/local/bin/qemu-system-x86_64" with the "com.apple.security.hypervisor" entitlement? (Y/n)
...
Choose Y
to sign the binary.
This signing is usually not needed on users' side. However, the Homebrew bottle of QEMU v8.0.4 needs this signing due to a temporary issue of Homebrew's build infrastructure:
The Homebrew bottle of QEMU v8.0.3 is not affected by this issue.
QEMU:
Full changes: https://github.com/lima-vm/lima/milestone/37?closed=1 Thanks to @afbjorklund
[macOS]$ limactl create
[macOS]$ limactl start
...
INFO[0029] READY. Run `lima` to open the shell.
[macOS]$ lima uname
Linux
The binaries were built automatically on GitHub Actions. The build log is available for 90 days: https://github.com/lima-vm/lima/actions/runs/5851291166
The sha256sum of the SHA256SUMS file itself is 006f022e19d2b03869c33ee30be694217937d8c774af7b9714e2d7659da31aa5
.
This release fixes incompatibility with Go 1.21 (#1729).
Misc:
Apptainer:
apptainer.lima
: Use APPTAINER_BINDPATH
instead of APPTAINER_HOME
(#1716, thanks to @afbjorklund)Templates:
nomad
, as Nomad is no longer free software (#1728)Full changes: https://github.com/lima-vm/lima/milestone/36?closed=1 Thanks to @afbjorklund
[macOS]$ limactl create
[macOS]$ limactl start
...
INFO[0029] READY. Run `lima` to open the shell.
[macOS]$ lima uname
Linux
The binaries were built automatically on GitHub Actions. The build log is available for 90 days: https://github.com/lima-vm/lima/actions/runs/5843580169
The sha256sum of the SHA256SUMS file itself is eb92c7f2bf0d3ed9787ac5130860900e09573c3ec7568bde151025038186b59e
.
This release adds the limactl create
command.
Now it is discouraged (not deprecated) to use limactl start
for creating new instances.
Discouraged form:
limactl start --name=foo template://docker
Recommended form:
limactl create --name=foo template://docker
limactl start foo
The limactl create
command also takes several flags like --cpus=1 --memory=2 --vm-type=vz --mount-writable=true
for modifying the template.
Some of these flags are similar to the flags of colima start
.
limactl
CLI:
limactl create
(#1643, #1677).--cpus
, --memory
, --mount-type
, --vm-type
, ..., --video
(#1468, #1696, #1709)YAML:
VZ:
qemu-img
binary for converting qcow2 to raw (#1507)vmType == vz
(#1613)QEMU:
serialv.log
in the instance directory (#1674, #1693)serialp.log
for making more boot logs visible on ARM (#1703)nerdctl:
Templates:
template://experimental/rke2
(#1650, thanks to @Hirozy)template://docker
to Tier 1 (#1694)Misc:
make minimal
(#1673)Full changes: https://github.com/lima-vm/lima/milestone/35?closed=1 Thanks to @ArmingLou @Hirozy @afbjorklund @a-palchikov @balajiv113 @fyuan1316 @jandubois @refi64 @unidevel
[macOS]$ limactl create
[macOS]$ limactl start
...
INFO[0029] READY. Run `lima` to open the shell.
[macOS]$ lima uname
Linux
The binaries were built automatically on GitHub Actions. The build log is available for 90 days: https://github.com/lima-vm/lima/actions/runs/5757601750
The sha256sum of the SHA256SUMS file itself is 17389cba1ccc7429968fddea3427d85eddc1f37eaa3a57f3750c3552f661c4ed
.
This release adds an experimental support for the user-v2
network driver: limactl start template://experimental/net-user-v2
.
The user-v2
network driver enables VM-to-VM networking without the root privilege on the host.
This should be useful for simulating multi-node Kubernetes clusters on a laptop.
This release also fixes a relatively minor vulnerability CVE-2023-32684. This vulnerability is very unlikely to be exploitable as long as you are using the official templates of Lima.
limactl
CLI:
limactl snapshot (apply|create|delete|list)
commands (#1054, thanks to @afbjorklund)limactl shell
(#1501, thanks to @sam-berning).audio.device
(#1527, #1532, #1561, #1589, thanks to @afbjorklund @balajiv113)user-v2
network driver to enable VM-to-VM networking without root (#1383, thanks to @balajiv113)Full changes: https://github.com/lima-vm/lima/milestone/34?closed=1 Thanks to @afbjorklund @balajiv113 @bumpsoo063 @cpach @jandubois @pendo324 @sam-berning
[macOS]$ limactl start
...
INFO[0029] READY. Run `lima` to open the shell.
[macOS]$ lima uname
Linux
The binaries were built automatically on GitHub Actions. The build log is available for 90 days: https://github.com/lima-vm/lima/actions/runs/5118006806
The sha256sum of the SHA256SUMS file itself is 2062c42688128dca55331fc1a8f4841cbf41ed9dd11867d48decdf6880afde87
.
This release adds support for QEMU 8.0.
limactl
CLI:
--log-level
flag (#1308, thanks to @afbjorklund)limactl edit
: add --set <YQ EXPRESSION>
(#1412, thanks to @afbjorklund)*.gz
, *.bz2
, *.xz
, *.zst
) (#1439, thanks to @afbjorklund)pdppe1gb
on Intel Mac, for supporting QEMU 8.0 (#1487)limactl stop
(#1494, #1497, thanks to @balajiv113)Full changes: https://github.com/lima-vm/lima/milestone/33?closed=1 Thanks to @afbjorklund @balajiv113 @e-minguez @jandubois @lobshunter @ningziwen @pendo324
[macOS]$ limactl start
...
INFO[0029] READY. Run `lima` to open the shell.
[macOS]$ lima uname
Linux
The binaries were built automatically on GitHub Actions. The build log is available for 90 days: https://github.com/lima-vm/lima/actions/runs/4709036669
The sha256sum of the SHA256SUMS file itself is 91cb421f8488916b6e7ae387446c21c86e4e972bda32a7e377eee58508699911
.
This release experimentally implements yq expressions for customizing the templates (#1359), e.g.,
limactl start --set='.cpus = 2 | .memory = "2GiB"'
This release is also remarkable for automatic forwarding of Kubernetes NodePorts and LoadBalancers (#1355).
Also, in this release we welcome new maintainers Anders F Björklund (@afbjorklund) and Balaji Vijayakumar (@balajiv113) :tada:
containerd <= v1.6.16 creates /etc/cni
with permission 0700 when running in the rootful mode.
This causes an error like open /etc/cni/tuning/allowlist.conf: permission denied
for CNI tuning plugin >= v1.2.0 when running in the rootless mode.
Lima users may face this error during upgrading nerdctl to >= v1.2.0 (Lima >= v0.15.0).
Run lima sudo chmod 0755 /etc/cni
to dismiss this error.
limactl
CLI
limactl start
: Experimentally add limactl start --set <YQ EXPRESSION>
: to customize the template (#1359, thanks to @afbjorklund).
e.g., limactl start --set='.cpus = 2 | .memory = "2GiB"'
limactl list
: Dynamically hide columns depending on the terminal width (#1266, thanks to @afbjorklund)YAML:
.copyToHost
for copying files from the guest to the host (#1301, thanks to @afbjorklund).video.vnc
for experimental VNC support (#1004, thanks to @afbjorklund)SSH:
~/.lima/<INSTANCE>/ssh.config
. The file can be passed to ssh -F
. (#1326)QEMU:
VZ:
Kubernetes:
kubectl.lima
script for wrapping kubectl
(#1302, thanks to @afbjorklund)DNS:
nerdctl:
Templates:
aarch64
image due to 404 (#1388)Project:
Full changes: https://github.com/lima-vm/lima/milestone/30?closed=1 Thanks to @Nino-K @afbjorklund @balajiv113 @deitch @jandubois @lobshunter @pnasrat @ryancurrah @suyanhanx
[macOS]$ limactl start
...
INFO[0029] READY. Run `lima` to open the shell.
[macOS]$ lima uname
Linux
The binaries were built automatically on GitHub Actions. The build log is available for 90 days: https://github.com/lima-vm/lima/actions/runs/4292802059
The sha256sum of the SHA256SUMS file itself is 50c50e8ab02b0187b2d795b191834bfcaa66757c6abbaa708be6a13658495d48
.
VZ:
NSInvalidArgumentException
on headless hosts, such as EC2 mac2.metal
(#1261)limactl
CLI:
limactl start
: support reading template from stdin (limactl start --name=NAME --tty=false -
) (#1250, thanks to @deitch)limactl info
: add vmTypes []string
to the JSON output (#1262)Templates:
Full changes: https://github.com/lima-vm/lima/milestone/32?closed=1 Thanks to @deitch
[macOS]$ limactl start
...
INFO[0029] READY. Run `lima` to open the shell.
[macOS]$ lima uname
Linux
The binaries were built automatically on GitHub Actions. The build log is available for 90 days: https://github.com/lima-vm/lima/actions/runs/3766201229
The sha256sum of the SHA256SUMS file itself is 682c7d5e520914cc513d8af440de9ea3608817bbb475a45e893e238b7d14d0af
.
This release fixes a regression #1242 in Lima v0.14.0:
On colima, docker data, such as containers and images in /var/lib/docker
were unmounted and they looked as if they were removed.
The actual data are not removed, and can be rescued by upgrading Lima to this v0.14.1 release (or downgrading to v0.13.0).
Only the following instances are known to have been affected:
alpine
instances that were created with Lima before v0.13.0The default
(ubuntu
) instances are unaffected.
growpart
is installed before calling it (#1243, thanks to @jandubois)Full changes: https://github.com/lima-vm/lima/milestone/31?closed=1 Thanks to @hftsin @jandubois
[macOS]$ limactl start
...
INFO[0029] READY. Run `lima` to open the shell.
[macOS]$ lima uname
Linux
The binaries were built automatically on GitHub Actions. The build log is available for 90 days: https://github.com/lima-vm/lima/actions/runs/3692334791
The sha256sum of the SHA256SUMS file itself is 11c0e020d62d8192e40249c9aa978f7dc15ea6e250aa8d66879045812b807d02
.
This release adds an experimental support for Apple's Virtualization.framework
aka vz
.
limactl start template://experimental/vz
Pros:
virtiofs
)
Cons:
serial.log
Virtualization.framework
does not seem availableUsing Virtualization.framework
with Lima needs macOS 13.0 or later.
See also docs/vmtype.md
.
Virtualization.framework (VZ):
vzNAT
networking (#1207)vmnet:
socket_vmnet
path (#1220)YAML:
network
and useHostResolver
(#1186)limactl
CLI:
$SSH
as a custom SSH binary path (#1132, thanks to @antoineco)limactl disk (create|delete|list)
commands for attaching multiple disks to instances (#1065, thanks to @sam-berning)limactl start --timeout=<TIMEOUT>
for setting custom timeout (#1143, thanks to @antoineco)nerdctl:
Templates: (#1159, #1194, #1215, #1236)
Misc:
Full changes: https://github.com/lima-vm/lima/milestone/29?closed=1 Thanks to @afbjorklund @antoineco @balajiv113 @chancez @chrisx8 @estesp @jandubois @pendo324 @sam-berning
[macOS]$ limactl start
...
INFO[0029] READY. Run `lima` to open the shell.
[macOS]$ lima uname
Linux
The binaries were built automatically on GitHub Actions. The build log is available for 90 days: https://github.com/lima-vm/lima/actions/runs/3676969854
The sha256sum of the SHA256SUMS file itself is adcc4b9c798aba356c5c3a5140a77edf8443b8df9e195d7ba89d976ef5074ed3
.
This release adds an experimental support for Apple's Virtualization.framework
aka vz
.
limactl start template://experimental/vz
Pros:
virtiofs
)Cons:
serial.log
Virtualization.framework
does not seem availableUsing Virtualization.framework
with Lima needs macOS 13.0 or later.
(To be documented) Since beta.0, the support for Rosetta was added.
Full changes: https://github.com/lima-vm/lima/milestone/29?closed=1 Thanks to @afbjorklund @antoineco @balajiv113 @chancez @chrisx8 @jandubois @pendo324 @sam-berning
[macOS]$ limactl start
...
INFO[0029] READY. Run `lima` to open the shell.
[macOS]$ lima uname
Linux
The binaries were built automatically on GitHub Actions. The build log is available for 90 days: https://github.com/lima-vm/lima/actions/runs/3531739770
The sha256sum of the SHA256SUMS file itself is daebd6289f6327f70abd14616747e906244cd3f5665b5662e93242d9b6368732
.