Examples

1: Visual Studio Code
2: GitHub Actions

Running Linux commands

lima uname -a

Accessing host files

By default, the VM has read-only accesses to /Users/<USERNAME>.

To allow writing to /Users/<USERNAME>:

limactl edit --mount-writable

Hint

Lima prior to v2.0 mounts /tmp/lima too in read-write mode.

This directory is no longer mounted by default since Lima v2.0. To mount /tmp/lima in Lima v2.0 and later, set --mount /tmp/lima:w. The :w suffix indicates read-write mode.

Running containers

nerdctl.lima run -d --name nginx -p 127.0.0.1:8080:80 nginx:alpine

limactl start template://docker
export DOCKER_HOST=$(limactl list docker --format 'unix://{{.Dir}}/sock/docker.sock')
docker run -d --name nginx -p 127.0.0.1:8080:80 nginx:alpine

limactl start template://podman
export DOCKER_HOST=$(limactl list podman --format 'unix://{{.Dir}}/sock/podman.sock')
docker run -d --name nginx -p 127.0.0.1:8080:80 nginx:alpine

limactl start template://k8s
export KUBECONFIG=$(limactl list k8s --format 'unix://{{.Dir}}/copied-from-guest/kubeconfig.yaml')
kubectl apply -f ...

http://127.0.0.1:8080 is accessible from the host, as well as from the VM.
For the usage of containerd and nerdctl (contaiNERD ctl), visit https://github.com/containerd/containerd and https://github.com/containerd/nerdctl.
If you have installed Lima by make install, the nerdctl.lima command is also available as nerdctl. If you have installed Lima by brew install lima, you may make an alias (or a symlink) by yourself: alias nerdctl=nerdctl.lima

Advanced configuration

limactl start \
  --name=default \
  --cpus=4 \
  --memory=8 \
  --vm-type=vz \
  --rosetta \
  --mount-writable \
  --network=vzNAT \
  template://fedora

--name=default: Set the instance name to “default”
--cpus=4: Set the number of the CPUs to 4
--memory=8: Set the amount of the memory to 8 GiB
--vm-type=vz: Use Apple’s Virtualization.framework (vz) to enable Rosetta, virtiofs, and vzNAT
--rosetta: Allow running Intel (AMD) binaries on ARM
--mount-writable: Make the home mount (/Users/<USERNAME>) writable
--network=vzNAT: Make the VM reachable from the host by its IP address
template://fedora: Use Fedora

1 - Visual Studio Code

Securing Visual Studio Code with Lima

Lima helps securing the development environment by running it inside a VM. Notably, this prevents AI agents, such as GitHub Copilot in VS Code, from directly executing untrusted commands on the host.

Start a Lima instance. If you use GitHub Copilot, consider disabling mounts by passing the --mount-none flag to prevent Copilot from accessing host files:

limactl start --mount-none

Add the following line to ~/.ssh/config:

Include ~/.lima/*/ssh.config

Open the Remote Explorer in the Visual Studio Code sidebar and select lima-<INSTANCE> from the SSH remote list.

Hint

If the Remote Explorer is missing in the sidebar, install the following extensions:

See also the documentation of Visual Studio Code for further troubleshooting.

Set up the workspace by clicking Clone Git Repository... on the Welcome screen, or copy the project directory with limactl cp:

limactl cp -r DIR default:~/

2 - GitHub Actions

Running Lima on GitHub Actions

On GitHub Actions, Lima is useful for:

Running commands on non-Ubuntu operating systems (e.g., Fedora for testing SELinux)
Emulating multiple hosts

While these tasks can be partially accomplished with containers like Docker, those containers still rely on the Ubuntu host’s kernel and cannot utilize features missing in Ubuntu, such as SELinux.

In contrast, Lima runs virtual machines that do not depend on the Ubuntu host’s kernel.

The following GitHub Actions workflow illustrates how to run multiple instances of Fedora using Lima. The instances are connected by the user-v2 network.

name: Fedora

on:
  workflow_dispatch:
  pull_request:

jobs:
  fedora:
    runs-on: ubuntu-24.04
    steps:
    - name: Check out code
      uses: actions/checkout@v4

    - name: "Set up Lima"
      uses: lima-vm/lima-actions/setup@v1
      id: lima-actions-setup

    - name: "Cache ~/.cache/lima"
      uses: actions/cache@v4
      with:
        path: ~/.cache/lima
        key: lima-${{ steps.lima-actions-setup.outputs.version }}

    - name: "Start an instance of Fedora"
      run: |
        set -eux
        limactl start --name=default --cpus=1 --memory=1 --network=lima:user-v2 template://fedora
        lima sudo dnf install -y httpd
        lima sudo systemctl enable --now httpd        

    - name: "Start another instance of Fedora"
      run: |
        set -eux
        limactl start --name=another --cpus=1 --memory=1 --network=lima:user-v2 template://fedora
        limactl shell another curl http://lima-default.internal

Plain mode

The --plain mode is useful when you want the VM instance to be as close as possible to a physical host:

    - name: "Start Fedora"
      # --plain is set to disable file sharing, port forwarding, built-in containerd, etc.
      run: limactl start --plain --name=default --cpus=1 --memory=1 --network=lima:user-v2 template://fedora

    - name: "Set up SSH"
      uses: lima-vm/lima-actions/ssh@v1

    - name: "Initialize Fedora"
      # plain old rsync and ssh are used for the initialization of the guest,
      # so that people who are not familiar with Lima can understand the initialization steps.
      run: |
        set -eux -o pipefail
        # Sync the current directory to /tmp/repo in the guest
        rsync -a -e ssh . lima-default:/tmp/repo
        # Install packages
        ssh lima-default sudo dnf install -y httpd

Full examples

https://github.com/kubernetes-sigs/kind/blob/v0.25.0/.github/workflows/vm.yaml#L47-L84