search

sickcodes / Docker-OSX

Run macOS VM in a Docker! Run near native OSX-KVM in Docker! X11 Forwarding! CI/CD for OS X Security Research! Docker mac Containers.
https://hub.docker.com/r/sickcodes/docker-osx
GNU General Public License v3.0
36.13k stars 1.78k forks source link

Networking from container works perfectly, networking IN doesn't work at all #687

Open TimVanDyke opened 11 months ago

TimVanDyke commented 11 months ago

I have set up a docker container of Ventura on my Unraid box and have it working swimmingly (enough, honestly it runs like crap but I'm just excited it runs without bugs) EDIT 2: Works a lot better when I'm closer to the router, guess that's my main issue with performance was proximity to router

My goal is to get my phone to sync over WiFi. I'm on the same network and used NoMachine to connect it via USB the first time. I have set it up as a trusted device. However, Finder does not see the phone when on the same network.

EDIT: I currently can connect to the host computer's IP with port for VNC use from both my laptop and phone. So getting access to the host Arch machine has been smooth sailing. However, trying to get access to the actual docker I haven't had any luck with.

When using NoMachine I could only get it to work docker-osx container -> my laptop, I could not for the life of me get laptop -> docker-osx container. I suspect it's some networking thing. I also don't see it as a "connected device" on my router screen the way I see my Windows VM listed. Also (probably not important but maybe a good hint?) the IP it gets is very different from the other IP's assigned by my router. Instead of 192.X.X.X (like literally everything else I see and have been working with) it's 10.X.X.X

I ran these steps and it did not seem to fix the issue: image

Any suggestions would be appreciated. I'm not a Linux noob but am a complete macOS noob AND Unraid noob and Docker noob so I know I have a lot to learn. (PS I tried to join discord and ask there and the invite link is broken)

TimVanDyke commented 10 months ago

UPDATE:

I think setting my network to br0 made it visible on the network. I don't know a lot but afaik that is a custom unraid bridge for that purpose.

I manually created the docker image based on the vnc ventura image via command line and am using the docker compose plugin on unraid to spin up a container using a compose file.

I loosely followed this: https://whitematter.tech/posts/run-dockerized-macos-on-unraid/ but it's somewhat out of date and his compose file is wrong. It doesn't match his screenshot. ( @RobertDWhite btw the blog post is out of date with some stuff just FYI. I was going to make an issue but am not confident what I even did to make it work. One thing I think I had to do was make my docker size on unraid large enough to accommodate the formatted partition I install to.

Here's my docker compose file if anyone wants it: 

services:
    macos:
        container_name: 'MacOS'
        image: 'docker-osx-vnc:latest'
        privileged: true
        devices:
            - /dev/kvm
            - /dev/snd
            - /dev/null
        network_mode: br0 
        ports:
            - '8888:5999'
            - '50922:10022'
        environment:
            - 'USERNAME=user'
            - 'PASSWORD=pass'
            - 'DISPLAY=${DISPLAY:-:0.0}'

I will close once i see it working. Currently reinstalling the image

TimVanDyke commented 10 months ago

Update2:

This did not fix the issue. However, the arch image has it's own IP. The macOS image inside does not get the IP forwarded to it.

TimVanDyke commented 10 months ago

Update3:

This docker compose doesn't work either:

I'm still stuck on 10.0.2.15 (which I see is the same as this)

https://github.com/sickcodes/Docker-OSX/issues/51

But I don't understand what the important difference is. 

services:
    macos:
        container_name: 'MacOS'
        image: 'docker-osx-vnc:latest'
        privileged: true
        devices:
            - /dev/kvm
            - /dev/snd
            - /dev/null
        network_mode: br0
        # mac_address: 'C3:69:7C:16:0E:89'
        environment:
            - 'USERNAME=user'
            - 'PASSWORD=pass'
            - 'DISPLAY=${DISPLAY:-:0.0}'
TimVanDyke commented 10 months ago

Trying this now: 

services:
    macos:
        container_name: 'MacOS'
        image: 'docker-osx-vnc:latest'
        privileged: true
        devices:
            - /dev/kvm
            - /dev/snd
            - /dev/null
        network_mode: br0
        volumes:
            - '/tmp/.X11-unix:/tmp/.X11-unix'
            - '/dev:/dev'
            - '/lib/modules:/lib/modules'
            - '/var/run/libvirt/libvirt-sock:/var/run/libvirt/libvirt-sock'
        environment:
            - 'USERNAME=user'
            - 'PASSWORD=pass'
            - 'DISPLAY=${DISPLAY:-:0.0}'

Special thanks to this website for translating for me: https://www.composerize.com/

Translated from 

docker run --privileged --net host -e "DISPLAY=${DISPLAY:-:0.0}" -e RAM=6 --cap-add=ALL -v /tmp/.X11-unix:/tmp/.X11-unix -v /dev:/dev -v /lib/modules:/lib/modules  -v /var/run/libvirt/libvirt-sock:/var/run/libvirt/libvirt-sock docker-osx:latest
TimVanDyke commented 10 months ago

UPDATE:

I found a breadcrumb. When using the arch terminal in the container I think I've found the issue generally. I have no clue how to fix: 

sh-5.1$ systemctl
System has not been booted with systemd as init system (PID 1). Can't operate.
Failed to connect to bus: Host is down
sh-5.1$

systemctl ought to be running on the arch container holding macOS right?

My PID one is consistently bash :scream: 

sh-5.1$ ps 1
  PID TTY      STAT   TIME COMMAND
    1 ?        Ss     0:00 /bin/bash -c ./enable-ssh.sh && envsubst < ./Launch_custom.sh | bash
sh-5.1$
TimVanDyke commented 10 months ago

UPDATE Seems related to:

https://github.com/sickcodes/Docker-OSX/issues/72

chippoman commented 8 months ago

@TimVanDyke Have you been able to progress your issue? I'm in the same boat with the networking issue.

I have Xcode running inside a Ventura image on unraid, but it cannot see an Apple TV 4k despite my other (physical) MBA being able to.

ShadyHippo commented 4 months ago

@chippoman This is the same guy on my personal account instead of professional account, oops) To be frank I gave up but recently came across this video and am hoping this can explain what was going on. It's been a while (clearly) but if I recall it's that I could not get an ip address for the host arch machine with I think is running the VM inside docker.

I assume this video which covers docker networking will have the answers if you want to fight some dragons yourself (If you do please post if it works. I've been starting to get an itch to try again but have too much going on to actually do so now)

Docker networking is CRAZY!! (you NEED to learn it) https://youtu.be/bKFMS5C4CG0?si=q_JmvfIuow4xMZUf

If you need docker context first this is a great video: you need to learn Docker RIGHT NOW!! // Docker Containers 101 https://www.youtube.com/watch?v=eGz9DS-aIeY

I think using ipvlan or macvlan may work for the use case I was trying but honestly haven't looked yet.

Hopefully this is correct and hopefully better late than never. Good luck!

ShadyHippo commented 4 months ago

@chippoman

Reading through and catching up myself back to where I was... I think actually the solution is somehow setting a KVM setting on the arch container housing the VM but to be honest that's as far as I understand. That's at least probably what to google to move forward

EDIT: Maybe using the br0 for the container using KVM (like I have earlier) and then on top of that editing KVM settings for virtual machine like this? https://unix.stackexchange.com/questions/386136/how-to-set-up-bridged-network-with-virtual-machine-and-host-with-kvm-virt-manag

I bet there's a CLI command for that somewhere somehow