Actions

VirtualBox Guest Additions and Shared Folders

From Whonix

< VirtualBox



Cd-699786640.jpg

Introduction[edit]

With respect to clipboard sharing:

  • Bidirectional clipboard sharing is currently enabled by default in Whonix ™ VirtualBox VMs. [1] There are security reasons to disable clipboard sharing, for example to prevent the accidental copying of something (non-)anonymous and pasting it in its (non-)anonymous counterpart such as a browser, which would lead to identity correlation.
  • For Whonix-Gateway ™, unidirectional clipboard sharing from the host to Whonix-Gateway ™ is allowed. This is not insecure, because Whonix-Gateway ™ is not supposed to be used as a workstation. No internet-facing client application are in use there, meaning whatever "leaked" to Whonix-Gateway ™ stays there because users do not run browsers or similar applications.

Shared folders are also discouraged because it weakens isolation between the guest and the host. Providing a mechanism to access files of the host system from within the guest system via a specially defined path necessarily enlarges the attack surface and provides a potential pathway for malicious actors to compromise the host. [2] [3] [4]

Clipboard Sharing[edit]

To change the clipboard sharing setting:

  1. Power off the virtual machine. [5]
  2. Navigate to VirtualBox machine settingsGeneralAdvancedShared Clipboard
  3. Set the preferred configuration: Disabled, Guest to Host, Host to Guest or Bidirectional.
  4. Power on the virtual machine again.

To learn more, see: VirtualBox Manual - Chapter 3. Configuring Virtual Machines [archive].

Shared Folder[edit]

Whonix ™-Default[edit]

Info Note:

  • From VirtualBox v6+ it is no longer necessary to power off the virtual machine.
  • For better usability, package shared-folder-help [archive] has already added user user to group vboxsf. [6]
  1. Navigate to the shared folder settings of the virtual machine: VirtualBoxright-click the virtual machineSettingsShared Folder
  2. Click the folder icon that has a + symbol in the upper right-hand section of the screen.
  3. Folder Path → Navigate to the folder you want to share.
  4. Folder Name → Type: shared. A different folder name can be utilized, but shared is recommended so it is the same as the example documented below -- do not use share (without the trailing d)!
  5. Check Read-only if you do not want to write to that folder from within the guest.
  6. Check Auto-mount. [7]
  7. Mount Point → Leave as is (leave it empty and do not make any changes). [8]
  8. Check Make Permanent (if that option exists). [9]
  9. Press OK to close shared folder dialog.
  10. Press OK to close VirtualBox settings.
  11. The process is now complete and the shared folder can be used.

VirtualBox shared folders are found inside the virtual machine in folder /media/.

By default, VirtualBox uses the prefix sf_.

In the above example, the shared folder will become /media/sf_shared. It can be opened using a file manager like Thunar. To open it using the the command line, run. 

cd /media/sf_shared

Whonix-Custom-Workstation ™[edit]

If you are using a Whonix-Custom-Workstation ™ additional steps are required. Please click on expand on the right.

Two options exist: automatic mounting or manual mounting. The automatic mounting method is described below. For additional information on shared folders refer to the VirtualBox manual [archive]. Any additional questions are unspecific to Whonix ™ and should be addressed as per the Free Support Principle.

  1. Install VirtualBox guest additions inside the VM. [10]
  2. Add the user that will utilize shared folders from inside the VM to group vboxsf: 
    sudo addgroup user vboxsf

  3. A reboot is required to make group changes take effect.
  4. Follow the instructions above.

VirtualBox Guest Additions[edit]

Introduction[edit]

In Whonix ™, VirtualBox guest additions are installed by default. [11]

To avoid any issues with the guest additions, users are highly recommended to:

  1. Use the Recommended VirtualBox Version for use with Whonix ™.
  2. Leave installation of the recommended version of VirtualBox guest additions to Whonix ™ as dcoumented and to avoid manual installation. This documentation will be updated as required. Check back later in case you have issues.
  • Whonix ™ 15: VirtualBox guest additions (from package virtualbox-guest-additions-iso [archive]) are automatically being kept updated by vbox-guest-installer [archive], which is an installation helper created by Whonix ™ developers when Whonix ™ is updated.
  • Whonix ™ 16: VirtualBox guest additions (from packages virtualbox-guest-utils, virtualbox-guest-x11) are installed by default and should be preferred over virtualbox-guest-additions-iso. [12]

There might be a few odd messages during updates which are actually non-issues. Unless actual functionality is broken, please do not ask about odd messages as per Support Request Policy.

In case of issues, see also VirtualBox troubleshooting and consider a bug report.

virtualbox-guest-additions-iso package[edit]

virtualbox-guest-x11 package[edit]

  • Whonix ™ 15: Earlier Whonix ™ versions, used to install package virtualbox-guest-x11 by default. This will currently not work and is discouraged. (technical details)
  • Whonix ™ 16: Installed by default.

vbox-guest-installer[edit]

vbox-guest-installer [archive] is an installation helper created by Whonix ™ developers. It is a helper utility for better usability that allows to install VirtualBox guest additions from package virtualbox-guest-additions-iso [archive].

Usually no user action required.

  • Whonix ™ 15: Enabled by default.
  • Whonix ™ 16: Not enabled by default.

It is usually not required to change vbox-guest-installer settings, to enable/disable or to manually run it.

Whenever the Linux kernel package or virtualbox-guest-additions-iso is upgraded, vbox-guest-installer should be automatically running.

Migration to Guest Additions Packages[edit]

  • Whonix ™ 15 Release Upgradeed to Whonix ™ 16: This is recommend.
  • Whonix ™ 16 new downloads: No action required.

1. Uninstall virtualbox-guest-additions-iso.

2. Install.

Install virtualbox-guest-utils virtualbox-guest-x11.

1. Update the package lists. 

sudo apt update

2. Upgrade the system. 

sudo apt full-upgrade

3. Install the virtualbox-guest-utils virtualbox-guest-x11 package.

Using apt command line parameter --no-install-recommends is in most cases optional. 

sudo apt install --no-install-recommends virtualbox-guest-utils virtualbox-guest-x11

4. Done.

The procedure of installing virtualbox-guest-utils virtualbox-guest-x11 is complete.

3. Reboot.

4. Done.

Migration from VirtualBox Guest Additions ISO to Guest Additions packages has been completed.

VirtualBox Guest Additions CD[edit]

In Whonix ™ it is therefore unnecessary and discouraged to install guest additions from a VirtualBox CD. Do not use VirtualBoxDevicesInsert Guest Additions CD image.... Doing so could lead to version conflicts of the VirtualBox host version versus the VirtualBox guest additions version such as black screen, screen resolution bug, broken host to VM copy/paste and similar. [14]

If you are using other operating systems (custom workstation), using VirtualBox Guest Additions CD is OK. In that case, issues should be resolved as per Free Support Principle because it would be unspecific to Whonix ™.

VirtualBox Guest Additions Security[edit]

General concerns have been raised about the security of VirtualBox, for example see the article The VirtualBox Kernel Driver Is Tainted Crap [archive] [15]. However, this refers to the kernel driver (on the host), not guest additions. For opposite viewpoints, see here [archive] and here [archive].

Alternatives[edit]

It is possible to achieve similar functionality without installing guest additions:

  • For file exchange with Whonix ™, see: File Transfer and File Sharing.
  • To achieve a higher screen resolution, see: Higher Screen Resolution without VirtualBox Guest Additions.
  • To achieve mouse integration, it is possible to set a USB tablet in VirtualBox settings. This is recommended against because it requires adding a USB controller to VirtualBox. (VirtualBoxRight-click on Virtual MachineSettingsSystemEnable absolute pointing device)

Miscellaneous[edit]

Uninstall virtualbox-guest-additions-iso[edit]

This is discouraged and should not be required. However, if you wish to uninstall VirtualBox guest additions as installed by vbox-guest-installer by Whonix ™ developers, follow the steps below.

1.

  • Whonix ™ 15: Purge package virtualbox-guest-additions-iso. This will result in vbox-guest-installer by Whonix ™ developers in future doing effectively nothing. 
    sudo apt purge virtualbox-guest-additions-iso

  • Whonix ™ 16: No purge of package virtualbox-guest-additions-iso required since vbox-guest-installer effectively does nothing if VirtualBox guest additions packages are installed. If purging virtualbox-guest-additions-iso is desired this is OK too.

2. Remove VirtualBox guest additions (previously installed by Whonix ™ from virtualbox-guest-additions-iso. Run VirtualBox guest additions uninstaller by VirtualBox developers. 

sudo /usr/sbin/vbox-uninstall-guest-additions

Debugging[edit]

To help debug issues, inspect the following logs and services. 

cat /var/log/vboxadd-install.log

sudo systemctl status vboxadd

sudo systemctl status vboxadd-service.service

ls -la /opt/VBoxGuestAdditions-*/init/

Issues[edit]

To document any problems, utilize the following short link to this wiki page: ../ga [archive] [16]

Kernel Upgrades[edit]

The following issue is happening during kernel upgrades. 

/etc/kernel/postinst.d/vboxadd:
VirtualBox Guest Additions: Building the modules for kernel 5.6.0-0.bpo.2-amd64.
Failed to rename process, ignoring: Operation not permitted
update-initramfs terminated by signal TERM.

Workaround in short: two reboots required.

Workaround details: This results in guest additions being non-functional after the next reboot. During the next reboot VirtualBox guest additions will automatically detect the missing kernel modules for the upgraded kernel and build them. Therefore when rebooting yet another time the issue should be resolved until the next kernel upgrade.

Please contribute to generic bug reproduction:

See also Whonix ™ specific technical information, VirtualBox Integration.

One long term solution might be replacing initramfs-tools with dracut but that needs further research and development work. (develpoment discussion [archive], issue [archive])

Forum discussion:
Guest additions fail to start after upgrade [archive]

Non-Issues[edit]

If the following message appears during a kernel upgrade, it is a non-issue.

None.

See Also[edit]

Footnotes[edit]

  1. Host -> Whonix-Gateway clipboard sharing enable by default? [archive]
  2. https://forums.whonix.org/t/security-risks-of-virtualbox-shared-folders/10119 [archive]
  3. To learn more about VirtualBox shared folders, see: VirtualBox Manual - Chapter 4. Guest Additions [archive].
  4. Admittedly, this recommendation does not have a strong rationale. Disabling additional features in other virtualizers or general applications will similarly lead to less code paths being utilized and arguably increasing security. VirtualBox software is not special in this regard.
  5. Because otherwise you cannot change VirtualBox VM settings.
  6. Using /lib/systemd/system/mnt-shared-vbox.service [archive].
  7. If the option is unavailable, upgrade VirtualBox.
  8. Alternatively folder /home/user/shared can be chosen. The VirtualBox default means that folder would be owned by owner root and group vboxsf.
  9. This is specific to the VirtualBox version; newer versions do not have this option anymore. Check Make Permanent if this setting should persist after restart of the virtual machine. Otherwise this setting will be temporary.
  10. This step is required. Quote VirtualBox Manual - Chapter 4. Guest Additions [archive]:

    With the shared folders feature of Oracle VM VirtualBox, you can access files of your host system from within the guest system. This is similar to how you would use network shares in Windows networks, except that shared folders do not require networking, only the Guest Additions.

  12. 12.0 12.1 virtualbox-guest-additions-iso is still installed by default. Should there be issues with virtualbox-guest-utils, virtualbox-guest-x11 as there was in past due to unavailability, then it's easier to fall back to that solution. vbox-guest-installer] (installation helper created by Whonix ™ developers) is also still installed by default for the same purpose.
  13. Might still be used by users who Release Upgradeed from Whonix ™ 15 to Whonix ™ 16.
  14. Installation of VirtualBox guest additions from CD might also cause issues. [archive]
  15. http://www.webcitation.org/6HqJVN0br [archive]
  16. https://www.whonix.org/w/index.php?title=Ga&action=edit [archive]
Fosshost is sponsors Kicksecure ™ stage server 100px
Fosshost About Advertisements

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki

Follow: 1024px-Telegram 2019 Logo.svg.png Iconfinder Apple Mail 2697658.png Twitter.png Facebook.png Rss.png Reddit.jpg 200px-Mastodon Logotype (Simple).svg.png

Support: Discourse logo.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contribute

Whonix donate bitcoin.png Monero donate Whonix.png United Federation of Planets 1000px.png

Twitter-share-button.png Facebook-share-button.png Telegram-share.png link=mailto:?subject=VirtualBox/Guest Additions&body=../VirtualBox/Guest_Additions link=https://reddit.com/submit?url=../VirtualBox/Guest_Additions&title=VirtualBox/Guest Additions link=https://news.ycombinator.com/submitlink?u=../VirtualBox/Guest_Additions&t=VirtualBox/Guest Additions link=https://mastodon.technology/share?message=VirtualBox/Guest Additions%20../VirtualBox/Guest_Additions&t=VirtualBox/Guest Additions

Want to get involved with Whonix ™? Check out our Contribute page.

https link onion link Priority Support | Investors | Professional Support

Whonix | © ENCRYPTED SUPPORT LP | Heckert gnu.big.png Freedom Software / Osi standard logo 0.png Open Source (Why?)

The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.

Retrieved from "https://www.whonix.org/w/index.php?title=VirtualBox/Guest_Additions&oldid=68459"
By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent.
More information