We are pleased to announce the release of the Vagrant VMware Desktop plugin. This plugin is a unification of the Vagrant VMware Fusion plugin for macOS and the Vagrant VMware Workstation plugin for Linux and Windows. Existing users of the Vagrant VMware Fusion or Workstation plugins can update to the new VMware Desktop plugin free of charge.
The new VMware Desktop plugin includes an updated implementation and installation process. This process addresses critical security issues that were found in prior versions. All users are recommended to install this update immediately. More details are available below.
The Vagrant VMware Desktop plugin now supports both VMware Workstation and VMware Fusion. The unification of these two plugins includes an implementation update which has resulted in a separation of duties within the plugin. In previous versions of the VMware Fusion and Workstation plugins, all setup was performed during the plugin installation process. Included within this installation process was the setup for privileged access required for VMware interaction. A number of issues resulted from this installation approach and to resolve the issue the Vagrant VMware Desktop plugin now consists of two parts:
- Vagrant VMware Utility (System installation package)
- Vagrant VMware Desktop (Vagrant plugin)
» Security Update
This update fixes a number of critical security vulnerabilities in prior versions and is highly recommended. The update will work with all supported versions of VMware Fusion and Workstation.
The vulnerabilities fixed include mechanisms for root privilege escalation from a malicious Vagrantfile or previously installed malware outside of the Vagrantfile. We will edit this post and link directly to the CVEs here as they are published.
These vulnerabilities were reported to HashiCorp in late 2017 as part of a batch of critical findings by Mark Wadham. It has taken until now to restructure the plugin to resolve these vulnerabilities. We apologize for how long this has taken and thank Mark for working patiently with us as we worked toward this release.
The new unified Vagrant VMware plugin includes a new step (the VMware Utility) to separate the privileged operations required for the plugin to operate and relies on system installers to safely install these services. Beyond this, various fixes were also made to the plugin itself for safer operation.
» Vagrant VMware Utility
The Vagrant VMware Utility is a system installer package and is required by the Vagrant VMware Desktop plugin for proper functionality. This system installer provides a small utility service that Vagrant utilizes for interacting with VMware on the system.
Isolating the features which require privileged access into a system installer package provides an easier and more secure installation. Isolating privileged activities to the Vagrant VMware Utility also means that only one privileged installation action must be taken on a system. After the package is installed, any user on the system can be allowed to interact with the utility without the need for privilege escalation.
» Vagrant VMware Desktop
The Vagrant VMware Desktop plugin is the Vagrant plugin which adds support for the
vmware_desktop provider to Vagrant. The installation method for this plugin follows the same methodology as previous Vagrant VMware plugins. First install the plugin:
$ vagrant plugin install vagrant-vmware-desktop
Then apply the license:
$ vagrant plugin license vagrant-vmware-desktop ./license.lic
» What’s New
With the introduction of a unified VMware plugin, all future updates will be made to the Vagrant VMware Desktop plugin. All existing users of the Vagrant VMware Fusion and Workstation plugins are encouraged to upgrade. Aside from the plugin unification and installation updates, a common provider name can now be used for configuring a VMware guest from the Vagrantfile.
The Workstation and Fusion specific plugins required the explicit provider name (
vmware_fusion) when configuring VMware. The Desktop plugin still supports the old provider names but also adds a common provider name that is not specific to Workstation or Fusion:
Vagrant.configure(“2”) do |config| config.vm.box = “example-box” config.vm.provider “vmware_desktop” do |vmware| vmware.gui = false end end
Also added in this plugin is support for the Vagrant
package command. This allows a Vagrant guest to be configured locally and then packaged into a new Vagrant box which can be moved or shared for reuse.
If you encounter any issues while attempting to upgrade to the Vagrant VMware Desktop plugin please contact HashiCorp support at: firstname.lastname@example.org.