Skip Navigation
Article

Running Intel Binaries in Linux VMs with Rosetta

Run x86_64 Linux binaries under ARM Linux on Apple silicon.

Overview

In macOS 13 and later on Mac computers with Apple silicon chips, the Virtualization framework supports Rosetta in ARM Linux virtual machines (VMs). Rosetta is a translation process that allows users to run apps that contain x86_64 instructions on Apple silicon. In macOS, this allows apps built for Intel-based Mac computers to run seamlessly on Apple silicon; Rosetta allows the same capability for Intel Linux apps in ARM Linux VMs.

Test for Rosetta Availability

Before trying to install, run, or activate Rosetta, your app should check to ensure that the capability is available in the version of macOS running on the host computer. The availability class method returns a value from the VZLinuxRosettaAvailability enumeration that describes whether the current host supports Rosetta or if the capability is already installed on the host Mac. The example below shows the process for checking for Rosetta availability:

import Virtualization


let rosettaAvailability = VZLinuxRosettaDirectoryShare.availability


switch rosettaAvailability {
case notSupported:
    // Alert the user the capability isn't available; offer 
    // continuation options according to your app's requirements.


case notInstalled:
    // Ask the user for permission to install Rosetta, and 
    // start the installation process if they grant permission.


case installed:
    break // Ready to go.
}

Install Rosetta

Installing Rosetta is a one-time process per computer that requires the user to grant permission for the system to install Rosetta. If Rosetta is already installed in macOS, the system activates it for use under the Virtualization framework; if Rosetta isn’t installed, the framework downloads the installer from the network and performs the installation. The installer interactively prompts the user for authorization, and your app should handle any of the possible error conditions that could occur during the authorization, download, and installation process. The example below shows how to start the installation:

do {
    try await VZLinuxRosettaDirectoryShare.installRosetta()
    // Success: The system installs Rosetta on the host system.
} catch let error {
    switch error.code {
    case networkError:
        // A network error prevented the download from completing successfully.
    case outOfDiskSpace:
        // Not enough disk space on the system volume to complete the installation.
    case userCancelled:
        // The user cancelled the installation.
    case notSupported:
        // Rosetta isn't supported on the host Mac or macOS version.


    default:
        break // A non installer-related error occurred.
    }
}

Create the Rosetta Directory Share

After installing Rosetta, your app needs to configure a Rosetta directory share in the Linux guest. The shared directory must have a tag that uniquely identifies the share and that you validate using validateTag(_:) to ensure it conforms to the length and format for file system tags:

let tag = "EXAMPLE_TAG"  
let configuration = VZVirtualMachineConfiguration()
do {
    try let validationError = VZVirtioFileSystemDeviceConfiguration.validateTag(tag)
    let rosettaDirectoryShare = try VZLinuxRosettaDirectoryShare()
    let fileSystemDevice = VZVirtioFileSystemDeviceConfiguration(tag: tag)
    fileSystemDevice.share = rosettaDirectoryShare


    configuration.directorySharingDevices = [ fileSystemDevice ]
} catch VZError.invalidVirtualMachineConfiguration {
    // Rosetta is unavailable.
}

Mount the Shared Directory and Register Rosetta

In order to use Rosetta in the Linux guest, the user must mount the Rosetta share in the guest VM and install Rosetta as the application the system uses to run x86_64 binaries using the following process:

  1. Install the update-binfmts command, if necessary. The command is part of the binfmt-support package in most Linux distributions; installation methods vary by distribution. Additionally, in order to run this command, the user must be able to use the sudo command, which requires adding their username to the system’s /etc/sudoers file.

  2. Create a directory as a mount point.

  3. Mount the VirtioFS file system tag to the mount point. This is the file system tag the app uses to identify the share and must be the same as the tag the user specifies on the command line demonstrated here.

  4. Check if the mounted directory has the Rosetta runtime. You should see rosetta in the mounted directory.

  5. Register the Rosetta runtime binary as the handler for x86_64 ELF format executable files using the update-binfmts command. The magic parameter describes the first 20 bytes of the ELF header for x86_64 binaries. The Linux kernel performs a bitwise logical AND with the first 20 bytes of a binary a user attempts to run with the mask value. If it matches the magic value, the kernel uses the registered handler as the interpreter for that binary. If the system can’t find a handler for the specified binary, it reports an error.

The example below lists the commands, with the exception of the update-binfmts command installation, required to enable Rosetta in the Linux guest:

% mkdir /tmp/mountpoint
% sudo mount -t virtiofs EXAMPLE_TAG /tmp/mountpoint
% ls /tmp/mountpoint rosetta
% sudo /usr/sbin/update-binfmts --install rosetta /tmp/mountpoint/rosetta \
    --magic "\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00" \
    --mask "\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff" \
    --credentials yes --preserve yes --fix-binary yes

Ensure Shared Libraries are Available for Dynamically Linked Apps

Rosetta can run statically linked x86_64 binaries without additional configuration. Binaries that are dynamically linked and that depend on shared libraries require the installation of the shared libraries, or library hierarchies, in the Linux guest in paths that are accessible to both the user and to Rosetta.

Configure Rosetta’s ahead of time (AOT) caching options

In macOS 14 and later, Rosetta supports options that allow you control the ahead of time (AOT) cache characteristics; this can improve the performance of some X86 workloads.

There are two modes of operation for AOT caching: The first is communication using a Unix Domain Socket where the Virtualization framework shares a file that represents the socket between the Rosetta daemon and Rosetta runtime through a symlink or bind-mount. The second is communication through an abstract socket where the framework defines a shared name rather than a shared file. 

You enable these options after you create the Rosetta directory share by setting one of the VZLinuxRosettaDirectoryShare.CachingOptions using setCachingOptions(_:). This example shows how to configure Rosetta’s caching options in a new virtual machine configuration using a Unix Domain Socket though a shared, named file:

    let configuration = VZVirtualMachineConfiguration()
    do {
        let rosettaDirectoryShare = try VZLinuxRosettaDirectoryShare()
        try rosettaDirectoryShare.setCachingOptions(cachingOptions: .unixSocket("/valid/path/rosetta.sock"))


        let fileSystemDevice = VZVirtioFileSystemDeviceConfiguration(tag: "example-tag")
        fileSystemDevice.share = rosettaDirectoryShare


        configuration.directorySharingDevices = [ fileSystemDevice ]
    } catch VZError.invalidVirtualMachineConfiguration {
        // Rosetta for Linux is unavailable or failed to initialize Rosetta caching options.
        // If Rosetta for Linux is unavailable, clients may install the resources or proceed without them.
        // If Rosetta caching options failed to initialize, clients may gracefully fail or proceed without caching.
    }

The following example shows how to configure Rosetta’s caching options in a new virtual machine configuration using an abstract socket:

    let configuration = VZVirtualMachineConfiguration()
    do {
        let rosettaDirectoryShare = try VZLinuxRosettaDirectoryShare()
        try rosettaDirectoryShare.setCachingOptions(.abstractSocket("abstractSocketName"))


        let fileSystemDevice = VZVirtioFileSystemDeviceConfiguration(tag: "example-tag")
        fileSystemDevice.share = rosettaDirectoryShare


        configuration.directorySharingDevices = [ fileSystemDevice ]
    } catch VZError.invalidVirtualMachineConfiguration {
        // Rosetta for Linux is unavailable or failed to initialize Rosetta caching options.
        // If Rosetta for Linux is unavailable, clients may install the resources or proceed without them.
        // If Rosetta caching options failed to initialize, clients may gracefully fail or proceed without caching.
    }

See Also

Virtual machine setup

Running macOS in a virtual machine on Apple silicon
Install and run macOS in a virtual machine using the Virtualization framework.
Running Linux in a Virtual Machine
Run a Linux operating system on your Mac using the Virtualization framework.
Running GUI Linux in a virtual machine on a Mac
Install and run GUI Linux in a virtual machine using the Virtualization framework.
Installing macOS on a Virtual Machine
Download a macOS restore image and install it in a new VM.
Creating and Running a Linux Virtual Machine
Design and run custom Linux guests on Apple silicon or Intel-based Mac Computers.
Virtualize macOS on a Mac
Configure and run macOS guests on Apple silicon.
Virtualize Linux on a Mac
Configure and run Linux guests on Apple silicon and Intel-based Mac computers.
Accelerating the performance of Rosetta
Improve Rosetta performance by adding support for the total store ordering (TSO) memory model to your Linux kernel.
Current page is Running Intel Binaries in Linux VMs with Rosetta