search

sickcodes / Docker-OSX

Run macOS VM in a Docker! Run near native OSX-KVM in Docker! X11 Forwarding! CI/CD for OS X Security Research! Docker mac Containers.
https://hub.docker.com/r/sickcodes/docker-osx
GNU General Public License v3.0
45.49k stars 2.41k forks source link

Nested virtualisation inside Docker-OSX #208

Closed catthehacker closed 3 years ago

catthehacker commented 3 years ago

Not sure whether this is bug or feature request but I'm trying to run virtualbox/docker inside the osx "container" but it fails on virtualisation check. My L0 (debian) has enabled kvm_amd nested option, so does L1 (arch). Based on https://github.com/kholia/OSX-KVM/blob/master/notes.md I tried to add virtualisation flags and built the image but it doesn't seem to work.

sickcodes/docker-osx:auto /bin/cat /sys/module/kvm_amd/parameters/nested
1 
user@users-iMac-Pro ~ % docker-machine create --driver virtualbox default
Creating CA: /Users/user/.docker/machine/certs/ca.pem
Creating client certificate: /Users/user/.docker/machine/certs/cert.pem
Running pre-create checks...
Error with pre-create check: "This computer doesn't have VT-X/AMD-v enabled. Enabling it in the BIOS is mandatory"
user@users-iMac-Pro ~ % sysctl kern.hv_support
kern.hv_support: 0
user@users-iMac-Pro ~ % exit
Linux aegean 5.9.0-0.bpo.5-amd64 #1 SMP Debian 5.9.15-1~bpo10+1 (2020-12-31) x86_64 GNU/Linux

[sudo] password for cat:
1
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION_CODENAME=buster
Filesystem      Size  Used Avail Use% Mounted on
/dev/md2        437G  284G  131G  69% /
QEMU emulator version 3.1.0 (Debian 1:3.1+dfsg-8+deb10u8)
Copyright (c) 2003-2018 Fabrice Bellard and the QEMU Project developers
libvirtd (libvirt) 5.0.0
              total        used        free      shared  buff/cache   available
Mem:           62Gi       2.1Gi        14Gi       1.0Mi        46Gi        60Gi
Swap:          31Gi        14Mi        31Gi
12
12
crw-rw---- 1 root kvm 10, 232 Mar 18 11:33 /dev/kvm
total 40K
drwxrwxrwt  2 root root 4.0K Feb 13 21:23 .
drwxrwxrwt 28 root root  32K Mar 18 11:55 ..
cat      26124  0.0  0.0   6420   892 pts/8    S+   11:55   0:00 grep dockerd
root     26231  6.8  0.2 3011980 142684 ?      Ssl  Mar12 583:10 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
kvm:x:106:
docker:x:998:cat
libvirt:x:116:
libvirt-qemu:x:64055:libvirt-qemu
sickcodes commented 3 years ago

Your QEMU version seems a bit low, I haven't tried nested virt inside Mac though, other than Xcode simulator

catthehacker commented 3 years ago

Right, I did forgot to use buster-backports to get latest qemu (and even then qemu-system-x86 was held back by apt, don't know why) but that didn't changed much. I guess I will tinker with it for a while and try to get it working.

updated info ``` Linux aegean 5.10.0-0.bpo.3-amd64 #1 SMP Debian 5.10.13-1~bpo10+1 (2021-02-11) x86_64 GNU/Linux 1 PRETTY_NAME="Debian GNU/Linux 10 (buster)" NAME="Debian GNU/Linux" VERSION_CODENAME=buster Filesystem Size Used Avail Use% Mounted on /dev/md2 437G 276G 139G 67% / QEMU emulator version 5.2.0 (Debian 1:5.2+dfsg-3~bpo10+1) Copyright (c) 2003-2020 Fabrice Bellard and the QEMU Project developers libvirtd (libvirt) 5.0.0 total used free shared buff/cache available Mem: 62Gi 9.0Gi 13Gi 9.0Mi 40Gi 53Gi Swap: 31Gi 0B 31Gi 12 12 crw-rw---- 1 root kvm 10, 232 Mar 18 14:55 /dev/kvm total 40K drwxrwxrwt 2 root root 4.0K Mar 18 14:50 . drwxrwxrwt 14 root root 32K Mar 18 14:57 .. root 1151 0.1 0.1 3169776 118260 ? Ssl 14:51 0:01 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock cat 12952 0.0 0.0 6552 820 pts/4 S+ 15:01 0:00 grep dockerd efd71b14bf62 sickcodes/docker-osx:auto "/bin/bash -c 'echo …" 7 minutes ago Up 7 minutes 0.0.0.0:50922->10022/tcp upbeat_kalam kvm:x:106: docker:x:998:cat libvirt:x:116: libvirt-qemu:x:64055:libvirt-qemu ```
sickcodes commented 3 years ago

I'm excited to see once it works!

catthehacker commented 3 years ago

That's a nope unless Apple will adds support for AMD CPUs.