The only problem is, sometimes the new OS will not install on the current version of VMware Fusion or Parallels Desktop. Running the new os in a virtualized environment is the way to go. MacAdmins need to start testing the new OS right way. Like clockwork, Apple delivers a new macOS every year.
And learning how to use Docker will suck up months of your time.Install macOS Big Sur 11 on VMware Fusion & Parallels Desktop How To Install macOS Big Sur on VMware Fusion and Parallels Desktop. Docker only runs Linux containers anyway.
Is this what Docker does? I've not yet used it, but it sounds like maybe I want a "container" rather than a full separate VM. (Alas, the snapshot feature is harder to use in version 1.5.) It is really convenient to just reset the VM. The current version is good too, but I wasn't able to get my 10.9 VM working in version 1.5. It is one of the few products I can't recommend strongly enough. The Mac App Store version 1.3.3 has been rock-solid.
(In all fairness, I do test each update to see if it is any better than the free version I have. I was lucky enough to get it when it first came out, so I'm running it for free. It runs great and no kernel extensions are required. I use Parallels Desktop from the Mac App Store. The biggest problem is disk space because a Mac VM with a modern operating system will take about 40 GB of storage.Īnother problem is system stability and system modifications. So there is no reason for a Mac developer not to use VMs. That is really the minimum requirements just to run Xcode anyway. If you have a modern Mac with 16 GB RAM and an SSD, then you won't have any problem. Let myEmail = "eskimo" + "1" + any of these VM products let me run another macOS while not doubling my RAM requirements? In other words can I tell them to share the parts of the system.
Quinn “The Eskimo!” Developer Technical Support Apple There’s not much use running a program within a sandbox if there’s no supported way to specify the details of that sandbox. This, btw, is why sandbox-exec has been deprecated. Creating a custom sandbox requires you to craft a bunch of code in the sandbox specification language (a Scheme derivative) and that language is not documented for third-party use. An app can opt in to the App Sandbox but that’s too general for your purposes. Writes, except for directories X,Y,Z, and disallowing networkĬonnections, except for listening on port 1234."macOS’s sandbox facilities would be a good match for this but they aren’t supported for third-party development. So I want to say "run this binary, while disallowing file reads and
However, building a Mac-on-Mac virtualisation tool would require a significant investment on your part.Īre there other solutions that people use?I use an off-the-shelf virtualisation solution (VMware Fusion, but that specific choice is due to an accident of history). The lower-level Hypervisor framework can be used to virtualise anything, including macOS. MacOS, to serve like a sandbox?The Virtualization framework is designed to virtualise Linux. Would these APIs allow me to start and control a virtual copy of my So I want to say "run this binary, while disallowing file reads and writes, except for directories X,Y,Z, and disallowing network connections, except for listening on port 1234." Now I want to run that without worrying that some hacker injected a piece of evil code to copy my files and send them somewhere. It's a typical open source project – you unpack a source tgz, then run configure make and get a binary. Would these APIs allow me to start and control a virtual copy of my macOS, to serve like a sandbox?Īre there other solutions that people use?Īs an example, say that I need to download and run a copy of memcached. I notice there is some new stuff in the Apple docs about "hypervisors" and "virtualization". Unfortunately sandbox-exec is marked as deprecated and the APIs in sandbox.h say "No longer supported".
Like most software devs I have to download and run lots of code from the internet and the danger of this really annoys me. I want something like sandbox-exec, so I can run things that I don't trust, and restrict their ability to read or write files to only certain locations.