Skip to content


VM location on disk

Tart stores all its files in ~/.tart/ directory. Local images that you can run are stored in ~/.tart/vms/. Remote images are pulled into ~/.tart/cache/OCIs/.

Nested virtualization support?

Tart is limited by functionality of Apple's Virtualization.Framework. At the moment Virtualization.Framework doesn't support nested virtualization.

Connecting to a service running on host

To connect from within a virtual machine to a service running on the host machine please first make sure that the service is binded to

Then from within a virtual machine you can access the service using the router's IP address that you can get either from Preferences -> Network or by running the following command in the Terminal:

netstat -nr | grep default | head -n 1 | awk '{print $2}'

Note: that accessing host is only possible with the default NAT network. If you are running your virtual machines with Softnet (via tart run --net-softnet <VM NAME>), then the network isolation is stricter and it's not only possible to access the host.

Changing the default NAT subnet

To change the default network to

sudo defaults write /Library/Preferences/SystemConfiguration/ Shared_Net_Address -string

Note that even through a network would normally be specified as, the vmnet framework seems to treat this as a starting address too and refuses to pick up such network-like values.

The default subnet mask should suffice for most use-cases, however, you can also change it to, for example:

sudo defaults write /Library/Preferences/SystemConfiguration/ Shared_Net_Mask -string

Changing the default DHCP lease time

By default, the built-in macOS DHCP server allocates IP-addresses to the VMs for the duration of 86,400 seconds (one day), which may easily cause DHCP exhaustion if you run more than ~253 VMs per day, or in other words, more than one VM every ~6 minutes.

This issue is worked around automatically when using Softnet, however, if you don't use or can't use it, the following command will reduce the lease time from the default 86,400 seconds (one day) to 600 seconds (10 minutes):

sudo defaults write /Library/Preferences/SystemConfiguration/ bootpd -dict DHCPLeaseTimeSecs -int 600

Note that this tweak persists across reboots, so normally you'll only need to do it once per new host.

Running login/clone/pull/push commands over SSH

When invoking the Tart in an SSH session, you might get error like this:

Keychain returned unsuccessful status -25308

...or this:

Keychain failed to update item: User interaction is not allowed.

This is because Tart uses Keychain to store and retrieve OCI registry credentials by default, but Keychain is only automatically/semi-automatically unlocked in GUI sessions.

To unlock the Keychain in an SSH session, run the following command, which will ask for your user's password:

security unlock-keychain

This command also supports the -p command-line argument that allows you to supply the password and unlock non-interactively, which is great for scripts.

If that doesn't work for you for some reason, you can pass the credentials via the environment variables, see Registry Authorization for more details on how to do that.

How Tart is different from Anka?

Under the hood Tart is using the same technology as Anka 3.0 so there should be no real difference in performance or features supported. If there is some feature missing please don't hesitate to create a feature request.

Instead of Anka Registry, Tart can work with any OCI-compatible container registry. This provides a much more consistent and scalable experience for distributing virtual machines.

Tart doesn't yet have an analogue of Anka Controller for managing long living VMs but soon will be.