vz: add support for nested virtualization

Signed-off-by: Abiola Ibrahim <[email protected]>

Author: abiosoft

pkg/limayaml/defaults.go

@@ -735,6 +735,16 @@ func FillDefault(y, d, o *LimaYAML, filePath string) {
 		y.Rosetta.BinFmt = ptr.Of(false)
 	}
 
+	if y.NestedVirtualization == nil {
+		y.NestedVirtualization = d.NestedVirtualization
+	}
+	if o.NestedVirtualization != nil {
+		y.NestedVirtualization = o.NestedVirtualization
+	}
+	if y.NestedVirtualization == nil {
+		y.NestedVirtualization = ptr.Of(false)
+	}
+
 	if y.Plain == nil {
 		y.Plain = d.Plain
 	}

pkg/limayaml/defaults_test.go

@@ -106,7 +106,8 @@ func TestFillDefault(t *testing.T) {
 		CACertificates: CACertificates{
 			RemoveDefaults: ptr.Of(false),
 		},
-		Plain: ptr.Of(false),
+		NestedVirtualization: ptr.Of(false),
+		Plain:                ptr.Of(false),
 	}
 
 	defaultPortForward := PortForward{
@@ -293,6 +294,8 @@ func TestFillDefault(t *testing.T) {
 		BinFmt:  ptr.Of(false),
 	}
 
+	expect.NestedVirtualization = ptr.Of(false)
+
 	FillDefault(&y, &LimaYAML{}, &LimaYAML{}, filePath)
 	assert.DeepEqual(t, &y, &expect, opts...)
 
@@ -420,6 +423,7 @@ func TestFillDefault(t *testing.T) {
 			Enabled: ptr.Of(true),
 			BinFmt:  ptr.Of(true),
 		},
+		NestedVirtualization: ptr.Of(true),
 	}
 
 	expect = d
@@ -634,6 +638,7 @@ func TestFillDefault(t *testing.T) {
 			Enabled: ptr.Of(false),
 			BinFmt:  ptr.Of(false),
 		},
+		NestedVirtualization: ptr.Of(false),
 	}
 
 	y = filledDefaults
@@ -690,6 +695,8 @@ func TestFillDefault(t *testing.T) {
 	}
 	expect.Plain = ptr.Of(false)
 
+	expect.NestedVirtualization = ptr.Of(false)
+
 	FillDefault(&y, &d, &o, filePath)
 	assert.DeepEqual(t, &y, &expect, opts...)
 }

pkg/limayaml/limayaml.go

@@ -38,11 +38,12 @@ type LimaYAML struct {
 	DNS          []net.IP          `yaml:"dns,omitempty" json:"dns,omitempty"`
 	HostResolver HostResolver      `yaml:"hostResolver,omitempty" json:"hostResolver,omitempty"`
 	// `useHostResolver` was deprecated in Lima v0.8.1, removed in Lima v0.14.0. Use `hostResolver.enabled` instead.
-	PropagateProxyEnv *bool          `yaml:"propagateProxyEnv,omitempty" json:"propagateProxyEnv,omitempty"`
-	CACertificates    CACertificates `yaml:"caCerts,omitempty" json:"caCerts,omitempty"`
-	Rosetta           Rosetta        `yaml:"rosetta,omitempty" json:"rosetta,omitempty"`
-	Plain             *bool          `yaml:"plain,omitempty" json:"plain,omitempty"`
-	TimeZone          *string        `yaml:"timezone,omitempty" json:"timezone,omitempty"`
+	PropagateProxyEnv    *bool          `yaml:"propagateProxyEnv,omitempty" json:"propagateProxyEnv,omitempty"`
+	CACertificates       CACertificates `yaml:"caCerts,omitempty" json:"caCerts,omitempty"`
+	Rosetta              Rosetta        `yaml:"rosetta,omitempty" json:"rosetta,omitempty"`
+	Plain                *bool          `yaml:"plain,omitempty" json:"plain,omitempty"`
+	TimeZone             *string        `yaml:"timezone,omitempty" json:"timezone,omitempty"`
+	NestedVirtualization *bool          `yaml:"nestedVirtualization,omitempty" json:"nestedVirtualization,omitempty"`
 }
 
 type (

pkg/vz/vm_darwin.go

@@ -15,6 +15,7 @@ import (
 	"syscall"
 
 	"github.com/Code-Hex/vz/v3"
+	"github.com/coreos/go-semver/semver"
 	"github.com/docker/go-units"
 	"github.com/lima-vm/go-qcow2reader"
 	"github.com/lima-vm/go-qcow2reader/image/raw"
@@ -25,6 +26,7 @@ import (
 	"github.com/lima-vm/lima/pkg/nativeimgutil"
 	"github.com/lima-vm/lima/pkg/networks"
 	"github.com/lima-vm/lima/pkg/networks/usernet"
+	"github.com/lima-vm/lima/pkg/osutil"
 	"github.com/lima-vm/lima/pkg/store"
 	"github.com/lima-vm/lima/pkg/store/filenames"
 	"github.com/sirupsen/logrus"
@@ -239,6 +241,21 @@ func attachPlatformConfig(driver *driver.BaseDriver, vmConfig *vz.VirtualMachine
 	if err != nil {
 		return err
 	}
+
+	// nested virt
+	if *driver.Yaml.NestedVirtualization {
+		macOSProductVersion, err := osutil.ProductVersion()
+		if err != nil {
+			return fmt.Errorf("failed to get macOS product version: %w", err)
+		}
+
+		if macOSProductVersion.LessThan(*semver.New("15.0.0")) {
+			return fmt.Errorf("nested virtualization requires macOS 15 or newer")
+		}
+
+		platformConfig.SetNestedVirtualizationEnabled(true)
+	}
+
 	vmConfig.SetPlatformVirtualMachineConfiguration(platformConfig)
 	return nil
 }

pkg/vz/vz_driver_darwin.go

@@ -40,6 +40,7 @@ var knownYamlProperties = []string{
 	"Mounts",
 	"MountType",
 	"MountInotify",
+	"NestedVirtualization",
 	"Networks",
 	"OS",
 	"Param",