sickcodes / Docker-OSX

Run macOS VM in a Docker! Run near native OSX-KVM in Docker! X11 Forwarding! CI/CD for OS X Security Research! Docker mac Containers.
https://hub.docker.com/r/sickcodes/docker-osx
GNU General Public License v3.0
48.54k stars 2.7k forks source link

Bare Shell Version #407

Open KerickHowlett opened 2 years ago

KerickHowlett commented 2 years ago

Right out the gate, but I'm aware this is an odd thing to request for, but is there a way to create a "barebones shell version" of this?

I'm taking just the Darwin UNIX system that emulates the terminal side of thing almost perfectly, minus the actual virtual machine & display.

What I'm trying to accomplish is creating an isolated devcontainer to experiment and test with new packages and dotfile settings without it affecting my host's system. Not only to test it to make sure anything major I do won't break anything, but also run Snyk on it to scan for any potential security issues.

I know it's not a perfect system, but I figured its an idea that could be built upon over time.

sickcodes commented 2 years ago

Already implemented :) https://github.com/sickcodes/Docker-OSX#prebuilt-image-with-arbitrary-command-line-arguments

I recommend naked-auto with your own container, since auto would take a while to copy 20GB each time and time again.

I also suggest Monterey since its 20gb.

For the commands, already gotchu: OSX_COMMANDS will just run any arbitrary command, for example, uname -a, then the container will die :) https://github.com/sickcodes/Docker-OSX#prebuilt-image-with-arbitrary-command-line-arguments

auto and naked-auto both have it, have a peek at the Dockerfiles and if you need

Using naked-auto will let you start and login to the shell automatically (and fast) over and over and you can supply your own username and password, or disable them completely since it's in a security pipeline. https://github.com/sickcodes/osx-optimizer#disable-passwords-globally

Just a heads up to anyone else reading, disabling passwords on the system is not something you want to expose to the internet. It's great fun for security dev tho, apart from trivial SSH keys etc. so you just hit the Enter on SSH. It was faster for me to disable system-wide rather than in this script which adds bulk users to the system: https://github.com/sickcodes/osx-optimizer/blob/master/useradd-bulk.sh

In terms of security/Snyk should be fine, This is a security research tool at heart and we have SIP off by default etc. what do you think about this PR?

https://github.com/sickcodes/osx-serial-generator/pull/22

Sorry I couldn't get back to you earlier!

KerickHowlett commented 2 years ago

Yo, man! That's just fantastic!

Sorry for not seeing that myself.

Whenever I spend a really long time researching something and rage in a life-or-death battle with the Google search engine, my eyes gloss over large chunks of text after a while. lol

Although, I need to use Big Sur, because I can upgrade my Mac at the moment for various reasons.

However, I'm mostly brand new to the Mac ecosystem, so there' are a lot of things I don't know about how the OS works—such as whether there's any significant different between the two versions' UNIX environments or not.

For now, I'd just like a safe & secure space to experiment with my environment's dotfiles & settings without risking anything major to my host since I don't have access to VMware at the moment. lol

You're more than fine in regard to the response time. We developers can be busy and scattered creatures. I wasn't on a major time crunch or anything, as this was just something I posted in a long shot attempt to solve an annoying but semi-minor problem I was facing.

And it appears you have, so thank you so much! :)

I've yet to try it, but I will leave a post here as soon as I do or if I have any questions, so would it be alright to leave this thread open until then?