Open 89jd opened 1 year ago
Running this cmd
docker run --privileged -it \
--device /dev/kvm \
-p 50922:10022 \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e "DISPLAY=${DISPLAY:-:0.0}" \
sickcodes/docker-osx:latest
Also if I run the command, without -v and -e for headless interestingly
Add yourself to docker group and restart the docker daemon
Thanks for response.
I am already added to docker group
nohup: appending output to 'nohup.out'
++ id -u
++ id -g
+ sudo chown 1000:1000 /dev/kvm
++ id -u
++ id -g
+ sudo chown -R 1000:1000 /dev/snd
+ [[ 4 = max ]]
+ [[ 4 = half ]]
++ id -u
++ id -g
+ sudo chown -R 1000:1000 /dev/snd
+ exec qemu-system-x86_64 -m 4000 -cpu Penryn,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check, -machine q35,accel=kvm:tcg -smp 4,cores=4 -usb -device usb-kbd -device usb-tablet -device 'isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal(c)AppleComputerInc' -drive if=pflash,format=raw,readonly=on,file=/home/arch/OSX-KVM/OVMF_CODE.fd -drive if=pflash,format=raw,file=/home/arch/OSX-KVM/OVMF_VARS-1024x768.fd -smbios type=2 -audiodev alsa,id=hda -device ich9-intel-hda -device hda-duplex,audiodev=hda -device ich9-ahci,id=sata -drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2 -device ide-hd,bus=sata.2,drive=OpenCoreBoot -device ide-hd,bus=sata.3,drive=InstallMedia -drive id=InstallMedia,if=none,file=/home/arch/OSX-KVM/BaseSystem.img,format=qcow2 -drive id=MacHDD,if=none,file=/home/arch/OSX-KVM/mac_hdd_ng.img,format=qcow2 -device ide-hd,bus=sata.4,drive=MacHDD -netdev user,id=net0,hostfwd=tcp::10022-:22,hostfwd=tcp::5900-:5900, -device vmxnet3,netdev=net0,id=net0,mac=52:54:00:09:49:17 -monitor stdio -boot menu=on -vga vmware
QEMU 7.2.0 monitor - type 'help' for more information
(qemu) ALSA lib pcm_dmix.c:999:(snd_pcm_dmix_open) unable to open slave
alsa: Could not initialize DAC
alsa: Failed to open `default':
alsa: Reason: Device or resource busy
ALSA lib pcm_dmix.c:999:(snd_pcm_dmix_open) unable to open slave
alsa: Could not initialize DAC
alsa: Failed to open `default':
alsa: Reason: Device or resource busy
audio: Failed to create voice `dac'
gtk initialization failed
89jd
Unauthorized System Access: Allowing any host or user to connect to the X server without authentication creates a significant vulnerability. Malicious individuals can exploit this access to gain unauthorized control over your system and execute malicious commands.
Malware Execution: Unrestricted access provides an avenue for the execution of malicious code or malware on your system. This can lead to unauthorized activities, data theft, system damage, or the spread of malware to other connected systems.
Data Breaches: Uncontrolled access to the X server exposes sensitive information displayed by X applications. This includes personal data, confidential business information, and any other data processed or displayed through graphical interfaces. Unauthorized data access can result in reputational damage, legal consequences, and financial losses.
To mitigate these security risks, follow these best practices for X server access control:
Identify and Whitelist Trusted Hosts: Take the time to identify the specific hosts that require access to your X server. Consider the purpose and requirements of each host in your network. This could include trusted workstations, servers, or other devices that need to run X applications or access the graphical interface. By carefully evaluating and identifying these hosts, you can create a list of authorized entities.
Whitelist Only Authorized Hosts: Once you have identified the trusted hosts, whitelist them by configuring the access control settings of the X server. Use commands such as "xhost +hostname" or "xhost +SI:localuser:username@hostname" to allow only these authorized hosts to connect to the X server. This effectively restricts access to the X server to the specified entities, preventing unauthorized connections.
OS related issued, please help us identify the issue by posting the output of this
xhost +