search

sickcodes / Docker-OSX

Run macOS VM in a Docker! Run near native OSX-KVM in Docker! X11 Forwarding! CI/CD for OS X Security Research! Docker mac Containers.
https://hub.docker.com/r/sickcodes/docker-osx
GNU General Public License v3.0
46.45k stars 2.5k forks source link

How to get docker-osx running on mac silicon (arm64)? #547

Open alanwilter opened 1 year ago

alanwilter commented 1 year ago

All I saw here was about running on Linux or Windows.

My idea was to have a simple macOS image with homebrew to build macOS related apps in a contained environment: Dockerfile with FROM ... (which image?) and RUN brew install..., using my own Mac (silicon) as a host.

WJacobsNL commented 1 year ago

Here for the same reason :) Curious about the solution

Pandaroses commented 1 year ago

what

danielgroen commented 1 year ago

Same here!

I think the --device flag should not be KVM since this KVM is not made for macOS. But i guess there should be a other build system available then KVM but then for Mac

PATAPOsha commented 1 year ago

Use buildx for building docker image. E.g.: docker buildx build -t my-image --platform=linux/amd64 --progress=plain --build-arg DISPLAY=$DISPLAY . Then run container like so: docker run -it --platform linux/amd64 --net=host --name mi-container my-image.

I tried Dockerfile starting with FROM sickcodes/docker-osx:monterey. It created and launched successfully. However, I stuck on installing homebrew into container. Can not get how to add homebrew to the PATH. There is no ~/.zprofile or ~/.zshrc o r~/.profile inside image...

UPDATE It is ~/.guestfish. RUN echo 'eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"' >> ~/.guestfish to add brew to the PATH.

alanwilter commented 1 year ago

Well, that did not quite work for me. Is your hosting Mac an M1/2 (silicon chip)?

When I run your instructions I got:

docker run --rm -it --platform linux/amd64 --net=host --name mi-container my-image
ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519
nohup: appending output to 'nohup.out'
++ id -u
++ id -g
+ sudo chown 1000:1000 /dev/kvm
++ id -u
++ id -g
+ sudo chown -R 1000:1000 /dev/snd
+ [[ 4 = max ]]
+ [[ 4 = half ]]
++ id -u
++ id -g
+ sudo chown -R 1000:1000 /dev/snd
+ exec qemu-system-x86_64 -m 4000 -cpu Penryn,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check, -machine q35,accel=kvm:tcg -smp 4,cores=4 -usb -device usb-kbd -device usb-tablet -device 'isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal(c)AppleComputerInc' -drive if=pflash,format=raw,readonly=on,file=/home/arch/OSX-KVM/OVMF_CODE.fd -drive if=pflash,format=raw,file=/home/arch/OSX-KVM/OVMF_VARS-1024x768.fd -smbios type=2 -audiodev alsa,id=hda -device ich9-intel-hda -device hda-duplex,audiodev=hda -device ich9-ahci,id=sata -drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2 -device ide-hd,bus=sata.2,drive=OpenCoreBoot -device ide-hd,bus=sata.3,drive=InstallMedia -drive id=InstallMedia,if=none,file=/home/arch/OSX-KVM/BaseSystem.img,format=qcow2 -drive id=MacHDD,if=none,file=/home/arch/OSX-KVM/mac_hdd_ng.img,format=qcow2 -device ide-hd,bus=sata.4,drive=MacHDD -netdev user,id=net0,hostfwd=tcp::10022-:22,hostfwd=tcp::5900-:5900, -device vmxnet3,netdev=net0,id=net0,mac=52:54:00:09:49:17 -monitor stdio -boot menu=on -vga vmware
kvm version too old
qemu-system-x86_64: failed to initialize kvm: Function not implemented
qemu-system-x86_64: falling back to tcg
QEMU 6.2.0 monitor - type 'help' for more information
(qemu) qemu-system-x86_64: warning: TCG doesn't support requested feature: CPUID.01H:ECX.avx [bit 28]
qemu-system-x86_64: warning: TCG doesn't support requested feature: CPUID.80000007H:EDX.invtsc [bit 8]
qemu-system-x86_64: warning: TCG doesn't support requested feature: CPUID.01H:ECX.avx [bit 28]
qemu-system-x86_64: warning: TCG doesn't support requested feature: CPUID.80000007H:EDX.invtsc [bit 8]
qemu-system-x86_64: warning: TCG doesn't support requested feature: CPUID.01H:ECX.avx [bit 28]
qemu-system-x86_64: warning: TCG doesn't support requested feature: CPUID.80000007H:EDX.invtsc [bit 8]
qemu-system-x86_64: warning: TCG doesn't support requested feature: CPUID.01H:ECX.avx [bit 28]
qemu-system-x86_64: warning: TCG doesn't support requested feature: CPUID.80000007H:EDX.invtsc [bit 8]
ALSA lib confmisc.c:855:(parse_card) cannot find card '0'
ALSA lib conf.c:5178:(_snd_config_evaluate) function snd_func_card_inum returned error: No such file or directory
ALSA lib confmisc.c:422:(snd_func_concat) error evaluating strings
ALSA lib conf.c:5178:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory
ALSA lib confmisc.c:1334:(snd_func_refer) error evaluating name
ALSA lib conf.c:5178:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory
ALSA lib conf.c:5701:(snd_config_expand) Evaluate error: No such file or directory
ALSA lib pcm.c:2664:(snd_pcm_open_noupdate) Unknown PCM default
alsa: Could not initialize DAC
alsa: Failed to open `default':
alsa: Reason: No such file or directory
ALSA lib confmisc.c:855:(parse_card) cannot find card '0'
ALSA lib conf.c:5178:(_snd_config_evaluate) function snd_func_card_inum returned error: No such file or directory
ALSA lib confmisc.c:422:(snd_func_concat) error evaluating strings
ALSA lib conf.c:5178:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory
ALSA lib confmisc.c:1334:(snd_func_refer) error evaluating name
ALSA lib conf.c:5178:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory
ALSA lib conf.c:5701:(snd_config_expand) Evaluate error: No such file or directory
ALSA lib pcm.c:2664:(snd_pcm_open_noupdate) Unknown PCM default
alsa: Could not initialize DAC
alsa: Failed to open `default':
alsa: Reason: No such file or directory
audio: Failed to create voice `dac'
ALSA lib confmisc.c:855:(parse_card) cannot find card '0'
ALSA lib conf.c:5178:(_snd_config_evaluate) function snd_func_card_inum returned error: No such file or directory
ALSA lib confmisc.c:422:(snd_func_concat) error evaluating strings
ALSA lib conf.c:5178:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory
ALSA lib confmisc.c:1334:(snd_func_refer) error evaluating name
ALSA lib conf.c:5178:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory
ALSA lib conf.c:5701:(snd_config_expand) Evaluate error: No such file or directory
ALSA lib pcm.c:2664:(snd_pcm_open_noupdate) Unknown PCM default
alsa: Could not initialize ADC
alsa: Failed to open `default':
alsa: Reason: No such file or directory
ALSA lib confmisc.c:855:(parse_card) cannot find card '0'
ALSA lib conf.c:5178:(_snd_config_evaluate) function snd_func_card_inum returned error: No such file or directory
ALSA lib confmisc.c:422:(snd_func_concat) error evaluating strings
ALSA lib conf.c:5178:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory
ALSA lib confmisc.c:1334:(snd_func_refer) error evaluating name
ALSA lib conf.c:5178:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory
ALSA lib conf.c:5701:(snd_config_expand) Evaluate error: No such file or directory
ALSA lib pcm.c:2664:(snd_pcm_open_noupdate) Unknown PCM default
alsa: Could not initialize ADC
alsa: Failed to open `default':
alsa: Reason: No such file or directory
audio: Failed to create voice `adc'
gtk initialization failed

But if I do:

run --rm -it --platform linux/amd64 --net=host --name mi-container --entrypoint=/bin/bash my-image

I got the prompt. However, lscpu is not auspicious:

[arch@docker-desktop OSX-KVM]$ lscpu
Architecture:           x86_64
  CPU op-mode(s):       32-bit
  Byte Order:           Little Endian
CPU(s):                 2
  On-line CPU(s) list:  0,1
Vendor ID:              0x00
  Model name:           -
    Model:              0
    Thread(s) per core: 1
    Core(s) per socket: 2
    Socket(s):          1
    Stepping:           0x0
    BogoMIPS:           48.00
    Flags:              fp asimd evtstrm aes pmull sha1 sha2 crc32 atomics fphp asimdhp cpuid asimdrdm jscvt fcma lrcpc dcpop sha3 asimddp sha512 asimdfhm dit uscat ilrcpc flagm sb paca pacg dcpodp flagm2 frint
Vulnerabilities:
  Itlb multihit:        Not affected
  L1tf:                 Not affected
  Mds:                  Not affected
  Meltdown:             Not affected
  Mmio stale data:      Not affected
  Spec store bypass:    Vulnerable
  Spectre v1:           Mitigation; __user pointer sanitization
  Spectre v2:           Not affected
  Srbds:                Not affected
  Tsx async abort:      Not affected

I'm not surprised to linux, what I'm surprised is to see x86_64.

In the end, I'm hoping to see a darwin and arm64, like when I do uname -a in my host Mac (silicon).

I did try:

docker buildx build -t my-image --platform=darwin/amd64 --progress=plain --build-arg DISPLAY=$DISPLAY .
#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile: 255B 0.0s done
#1 DONE 0.0s

#2 [internal] load .dockerignore
#2 transferring context: 2B done
#2 DONE 0.0s

#3 [internal] load metadata for docker.io/sickcodes/docker-osx:monterey
#3 DONE 0.8s

#4 [1/1] FROM docker.io/sickcodes/docker-osx:monterey@sha256:76289b8676b9c145f532d566bacd5700ac35edb1c8806ff65f3b6ffaf707bf7d
#4 resolve docker.io/sickcodes/docker-osx:monterey@sha256:76289b8676b9c145f532d566bacd5700ac35edb1c8806ff65f3b6ffaf707bf7d done
#4 CACHED

#5 exporting to image
#5 exporting layers done
#5 writing image sha256:33261377a6dd15c0ea1d77a3874a882540241bc69e1f6587288da8e7f368c88b done
#5 ERROR: operating system is not supported
------
 > exporting to image:
------
ERROR: failed to solve: operating system is not supported

So I'm back to square one, is there such image? Or, is there a way to build it?

PATAPOsha commented 1 year ago

Well, that did not quite work for me. Is your hosting Mac an M1/2 (silicon chip)?

Yes, I'm using MacBook Pro m1 pro

In the end, I'm hoping to see a darwin and arm64, like when I do uname -a in my host Mac (silicon).

From what I seen these "Docker-OSX" are based on linux x86_64 image. So no, there is no clean arm macOs image. Correct me if I am wrong.

patniemeyer commented 1 year ago

This definitely seems like it should be possible since UTM is just a GUI for running QEMU and it runs on M1 ARM. (https://mac.getutm.app/). EDIT: I was wrong, UTM on MacOS uses the Apple virtualization not QEMU.

ylluminate commented 1 year ago

@patniemeyer you can use QEMU actually with UTM to run pre-Apple Virtualization supported guest virtual machines. For example, Mojave and High Sierra can and should be run this way. We definitely need to see macOS support here since there are still essential usecases for older OS releases, especially Mojave.

ylluminate commented 1 year ago

Has anything happened on this front?

AhirGhosh commented 1 year ago

Hello all, any workable solution in this front please? Running on Apple M1 and getting this :

Status: Downloaded newer image for sickcodes/docker-osx:monterey **WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested** docker: Error response from daemon: error gathering device information while adding custom device "/dev/kvm": no such file or directory.