HyperKit
HyperKit is a toolkit for embedding hypervisor capabilities in your application. It includes a complete hypervisor, based on xhyve/bhyve, which is optimized for lightweight virtual machines and container deployment. It is designed to be interfaced with higher-level components such as the VPNKit and DataKit.
HyperKit currently only supports macOS using the Hypervisor.framework. It is a core component of Docker Desktop for Mac.
Requirements
- OS X 10.10.3 Yosemite or later
- a 2010 or later Mac (i.e. a CPU that supports EPT)
Reporting Bugs
If you are using a version of Hyperkit which is embedded into a higher level application (e.g. Docker Desktop for Mac) then please report any issues against that higher level application in the first instance. That way the relevant team can triage and determine if the issue lies in Hyperkit and assign as necessary.
If you are using Hyperkit directly then please report issues against this repository.
Usage
$ hyperkit -h
Building
$ git clone https://github.com/moby/hyperkit
$ cd hyperkit
$ make
The resulting binary will be in build/hyperkit
To enable qcow support in the block backend an OCaml OPAM development
environment is required with the qcow module available. A
suitable environment can be setup by installing opam and libev
via brew and using opam to install the appropriate libraries:
$ brew install opam libev
$ opam init
$ eval `opam env`
$ opam pin add qcow.0.11.0 git://github.com/mirage/ocaml-qcow -n
$ opam pin add qcow-tool.0.11.0 git://github.com/mirage/ocaml-qcow -n
$ opam install uri qcow.0.11.0 conduit.2.1.0 lwt.5.3.0 qcow-tool mirage-block-unix.2.12.0 conf-libev logs fmt mirage-unix prometheus-app
Notes:
-
opam config envmust be evaluated each time prior to building hyperkit so the build will find the ocaml environment. -
Any previous pin of
mirage-block-unixorqcowshould be removed with the commands:$ opam update $ opam pin remove mirage-block-unix $ opam pin remove qcow
Tracing
HyperKit defines a number of static DTrace probes to simplify investigation of performance problems. To list the probes supported by your version of HyperKit, type the following command while HyperKit VM is running:
$ sudo dtrace -l -P 'hyperkit$target' -p $(pgrep hyperkit)
Refer to scripts in dtrace/ directory for examples of possible usage and available probes.
Relationship to xhyve and bhyve
HyperKit includes a hypervisor derived from xhyve, which in turn was derived from bhyve. See the original xhyve README which incorporates the bhyve README.
We try to avoid deviating from these upstreams unnecessarily in order to more easily share code, for example the various device models/emulations should be easily shareable.
Reporting security issues
The maintainers take security seriously. If you discover a security issue, please bring it to their attention right away!
Please DO NOT file a public issue, instead send your report privately to [email protected].
Security reports are greatly appreciated and we will publicly thank you for it. We also like to send gifts—if you're into Docker schwag, make sure to let us know. We currently do not offer a paid security bounty program, but are not ruling it out in the future.