From e8652893dd2a392843e8e881f4f2c59e93a6a0ab Mon Sep 17 00:00:00 2001
From: Jake Correnti <jakecorrenti+github@proton.me>
Date: Fri, 18 Apr 2025 13:00:13 -0400
Subject: [PATCH] machine: enable nested virt on libkrun by default

With the recent release of krunkit 0.2.0, a CLI option was added to
enable nested virtualization on macOS hosts with an M3 or higher. Enable
this by default. If the host does not support this feature, krunkit will
ignore the argument and continue starting the VM.

Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
---
 pkg/machine/apple/apple.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/pkg/machine/apple/apple.go b/pkg/machine/apple/apple.go
index 5facae4ada..e065108f6a 100644
--- a/pkg/machine/apple/apple.go
+++ b/pkg/machine/apple/apple.go
@@ -225,6 +225,13 @@ func StartGenericAppleVM(mc *vmconfigs.MachineConfig, cmdBinary string, bootload
 		cmd.Args = append(cmd.Args, "--gui") // add command line switch to pop the gui open
 	}
 
+	if mc.LibKrunHypervisor != nil {
+		// Nested Virtualization requires an M3 chip or newer, and to be running
+		// macOS 15+. If those requirements are not met, then krunkit will ignore the
+		// argument and keep Nested Virtualization disabled.
+		cmd.Args = append(cmd.Args, "--nested")
+	}
+
 	if mc.IsFirstBoot() {
 		// If this is the first boot of the vm, we need to add the vsock
 		// device to vfkit so we can inject the ignition file