vmnet entitlement unusable for apps distributed as source

Originator:phillip.ennen
Number:rdar://FB8987131 Date Originated:2021-02-02
Status:Open Resolved:
Product:macOS Product Version:11.1
Classification: Reproducible:Yes
 
Hi!
I'm working on a networking extension for [QEMU](https://qemu.org) backed by vmnet. QEMU is distributed as source, but the com.apple.vm.networking entitlement is tied to a provisioning profile. As we can't distribute QEMU along with a developer account, we're unable to use this entitlement.

One option we're now looking at, in lieu of signing with this entitlement, is running the vmnet interface in a root-owned XPC service that communicates with the main QEMU process. Another option will be to begin distributing bespoke macOS QEMU builds signed with this entitlement, but this offers poor UX for users that want to build QEMU locally.

Being able to sign the QEMU binary with this entitlement, without needing a provisioning profile, would allow QEMU to continue being distributed as source and offer vmnet networking without requiring root access.

Thanks very much!

Comments


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!