lima icon indicating copy to clipboard operation
lima copied to clipboard
Published 1 week ago verified publisher icon lima-vm

sudoers: add `/usr/libexec/ApplicationFirewall/socketfilterfw --unblock /usr/libexec/bootpd`

Open AkihiroSuda opened this issue 2 years ago • 10 comments

It looks like lima should run /usr/libexec/ApplicationFirewall/socketfilterfw --unblock /usr/libexec/bootpd every time when using socket_vmnet https://github.com/lima-vm/lima/issues/1259#issuecomment-1573051614

AkihiroSuda avatar Jun 02 '23 02:06 AkihiroSuda

The socketfilterfw(8) man page (on macOS 13.5) mentions --unblockapp, but does not seem to mention --unblock. Maybe --unblock is already deprecated?

AkihiroSuda avatar Jul 30 '23 18:07 AkihiroSuda

Hi @AkihiroSuda can we bump up the priority on this, I am not so keen on how to achieve this otherwise would have submitted a PR myself. Are we planning to call the command from commands.go file?

AravindGopala avatar Sep 09 '23 04:09 AravindGopala

Hi @AkihiroSuda can we bump up the priority on this, I am not so keen on how to achieve this otherwise would have submitted a PR myself.

Thanks

Are we planning to call the command from commands.go file?

Yes, probably

AkihiroSuda avatar Sep 09 '23 04:09 AkihiroSuda

Can anybody check if this is still required for macOS 14?

AkihiroSuda avatar Sep 27 '23 04:09 AkihiroSuda

[deleted]

AravindGopala avatar Sep 27 '23 17:09 AravindGopala

@AravindGopala Is this issue resolved with macOS 14?

AkihiroSuda avatar Sep 30 '23 14:09 AkihiroSuda

socketfilterfw seems still needed for some machines running on macOS 14: https://github.com/lima-vm/lima/issues/1259#issuecomment-1741868169

But I still can't repro the issue locally, and sudo /usr/libexec/ApplicationFirewall/socketfilterfw --add /usr/libexec/bootpd fails with "The file path you specified does not exist" error even though /usr/libexec/bootpd exists. A rumor is that socketfilterfw doesn't work on Japanese macOS: https://gist.github.com/techraf/ef5a6aae636f52eec09b?permalink_comment_id=2974356#gistcomment-2974356

AkihiroSuda avatar Sep 30 '23 22:09 AkihiroSuda

@AkihiroSuda sorry for the confusion, It looks like on Sonoma 14.0 macos on M1 Max macbook pro, the network sharing works without issues, also colima gets the ip everytime, I no longer have to run the socket filter commands at boot everytime like before so far [Its been four days I have updated to Sonoma, I will keep an eye, if I ever see the issue again], it looks like the issue is fixed for me.

On a side note the below commands do work for me here is USA even on Sonoma:

    sudo /usr/libexec/ApplicationFirewall/socketfilterfw --add /usr/libexec/bootpd
    sudo /usr/libexec/ApplicationFirewall/socketfilterfw --unblock /usr/libexec/bootpd

AravindGopala avatar Oct 01 '23 01:10 AravindGopala

Hi @AkihiroSuda, I can confirm that the issue came back for me after couple of reboots over the days, i.e the internet sharing no longer works and the VM fails to get the ip, I have manually run the command to fix it. So we need this PR.

    sudo /usr/libexec/ApplicationFirewall/socketfilterfw --add /usr/libexec/bootpd
    sudo /usr/libexec/ApplicationFirewall/socketfilterfw --unblock /usr/libexec/bootpd

AravindGopala avatar Oct 03 '23 19:10 AravindGopala

Is anyone interested in opening a PR?

I still can't use socketfilterfw by myself

AkihiroSuda avatar Oct 03 '23 19:10 AkihiroSuda