search

AlmirKadric-Published / docker-tuntap-osx

A tuntap shim installer for "Docker for Mac"
MIT License
332 stars 65 forks source link

Are the arguments used to create the host virtual machine really hardcoded? #33

Closed oakaigh closed 5 years ago

oakaigh commented 5 years ago

~/Library/Containers/com.docker.docker/Data/vms/0/hyperkit.json gives me the following

{"hyperkit":"/Applications/Docker.app/Contents/Resources/bin/com.docker.hyperkit","argv0":"com.docker.hyperkit","state_dir":"vms/0","vpnkit_sock":"vpnkit.eth.sock","vpnkit_uuid":"502f067e-545a-455c-acb2-cb65f7d0b95e","vpnkit_preferred_ipv4":"","uuid":"838c36b8-c656-4d11-b047-ed50463f9faa","disks":[{"path":"/Users/richie/Library/Containers/com.docker.docker/Data/vms/0/Docker.raw","size":15258,"format":"","trim":true}],"iso":["/Applications/Docker.app/Contents/Resources/linuxkit/docker-desktop.iso","vms/0/config.iso","/Applications/Docker.app/Contents/Resources/linuxkit/docker.iso"],"vsock":true,"vsock_dir":"vms/0","vsock_ports":[2376,1525],"vsock_guest_cid":3,"vmnet":false,"9p_sockets":null,"kernel":"","initrd":"","bootrom":"/Applications/Docker.app/Contents/Resources/uefi/UEFI.fd","cpus":12,"memory":16384,"console":2,"pid":36751,"arguments":["-A","-u","-F","vms/0/hyperkit.pid","-c","12","-m","16384M","-s","0:0,hostbridge","-s","31,lpc","-s","1:0,virtio-vpnkit,path=vpnkit.eth.sock,uuid=502f067e-545a-455c-acb2-cb65f7d0b95e","-U","838c36b8-c656-4d11-b047-ed50463f9faa","-s","2:0,ahci-hd,/Users/richie/Library/Containers/com.docker.docker/Data/vms/0/Docker.raw","-s","3,virtio-sock,guest_cid=3,path=vms/0,guest_forwards=2376;1525","-s","4,ahci-cd,/Applications/Docker.app/Contents/Resources/linuxkit/docker-desktop.iso","-s","5,ahci-cd,vms/0/config.iso","-s","6,ahci-cd,/Applications/Docker.app/Contents/Resources/linuxkit/docker.iso","-s","7,virtio-rnd","-l","com1,autopty=vms/0/tty,asl","-f","bootrom,/Applications/Docker.app/Contents/Resources/uefi/UEFI.fd,,"],"cmdline":"/Applications/Docker.app/Contents/Resources/bin/com.docker.hyperkit -A -u -F vms/0/hyperkit.pid -c 12 -m 16384M -s 0:0,hostbridge -s 31,lpc -s 1:0,virtio-vpnkit,path=vpnkit.eth.sock,uuid=502f067e-545a-455c-acb2-cb65f7d0b95e -U 838c36b8-c656-4d11-b047-ed50463f9faa -s 2:0,ahci-hd,/Users/richie/Library/Containers/com.docker.docker/Data/vms/0/Docker.raw -s 3,virtio-sock,guest_cid=3,path=vms/0,guest_forwards=2376;1525 -s 4,ahci-cd,/Applications/Docker.app/Contents/Resources/linuxkit/docker-desktop.iso -s 5,ahci-cd,vms/0/config.iso -s 6,ahci-cd,/Applications/Docker.app/Contents/Resources/linuxkit/docker.iso -s 7,virtio-rnd -l com1,autopty=vms/0/tty,asl -f bootrom,/Applications/Docker.app/Contents/Resources/uefi/UEFI.fd,,"}

The Hyperkit wrapper included in Docker Desktop For Mac as a "key component." Its source code shows that the JSON config is directly used to configure com.docker.hyperkit.

https://github.com/moby/hyperkit/blob/ed9ab73104691fb24db340b58e28a7d45e177eea/go/hyperkit.go#L58

https://github.com/moby/hyperkit/blob/ed9ab73104691fb24db340b58e28a7d45e177eea/go/hyperkit.go#L42-L137

As you can see, the location of com.docker.hyperkit and the arguments are clearly specified in this JSON-formatted file. There's no need for injection.

UPDATE: it turns out hyperkit will only "write the state to the JSON file."

AlmirKadric commented 5 years ago

Glad you figured it out!