Virtualbox - ghdrako/doc_snipets GitHub Wiki
VirtualBox
VirtualBox since 6.1.x now requires VT-x/AMD-v to be available for all VMs, whether 32bit, 64bit, single or multiple vCPU and so on. VirtualBox requires hardware support for virtualization (Intel VT-x or AMD-v) in order to run certain categories of VM. This includes all 64bit VMs, and all VMs which use >1 CPU core.
Credential Guard - virtualizes the LSA to isolate security operations (opposed to credentials being stored in process memory like in traditional LSA). To make use of this, you must enable the Hyper-V Hypervisor, which always conflicts with VirtualBox.
\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\CredentialGuard\Enabled set to 0
\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Hypervisor, click on HypervisorLaunchType and set value to 0
Aby sprawdzić, czy CG jest włączony, należy uruchomić aplet "Informacje o systemie"
Aby sprawdzic czy jest w trybie Native API najechac na dole w VBox na ikone zielonego zolwia. Jesli ikona jest zielona to znaczy ze nie wykorzystuje akceleracji sprzetowej - wolno. Jak jest wyszarzony (cpu virtualization is working.) to jest wsparcie sprzetowe - szybko
The green turtle means fallback to a slower, emulated mode.
VBoxManage list vms
VBoxManage list runningvms
VBoxManage startvm <uuid|vmname>...
[--type gui|sdl|headless|separate]
[-E|--putenv <NAME>[=<VALUE>]]
VBoxManage startvm "ubuntu22"
VBoxManage startvm "Trusty Tahr Clean Copy" --type gui
VBoxManage startvm <id>
VBoxManage startvm <id> --type headless # VBoxHeadless --startvm <uuid|name>
VBoxManage controlvm <uuid|vmname>
pause|resume|reset|poweroff|savestate|
VBoxManage controlvm "ubuntu22" poweroff
VBoxManage controlvm "Trusty Tahr Clean Copy" savestate
VBoxManage controlvm <id> stop
VBoxManage createvm --name <name>
[--groups <group>, ...]
[--ostype <ostype>]
[--register]
[--basefolder <path>]
[--uuid <uuid>]
[--default]
VBoxManage modifyvm <id> -biossystemtimeoffset <offset in [ms]>
VBoxManage controlvm <id> setlinkstate1 off
Note: the difference of controlvm vs modifyvm
is that the first one is for running machines. They both have the same parameter syntax, but controlvm doesn’t support all of them.
Typ | VM<->VM | VM->Host | VM<-Host | VM->LAN | VM<-LAN |
---|---|---|---|---|---|
Not attached | - | - | - | - | - |
NAT | - | + | Port Forward | + | Port Forward |
NAT Network | + | + | Port Forward | + | Port Forward |
Bridge | + | + | + | + | + |
Internal Network | + | - | - | - | - |
Host-only | + | + | + | - | - |
Emulate network connection is missing, much like when you unplug the Ethernet network cable when using a physical network adapter. This mode can be useful for testing. For example, you can enable this network mode for a short time to emulate unplugging the cable. When you disable the Not Attached mode by switching to another network mode, the network connection becomes available again. You can also check whether a DHCP client obtains the IP address correctly, whether the appropriate application can resume downloading after link interruption or packet loss, and so on.
This network mode is enabled for a virtual network adapter by default. A guest operating system on a VM can access hosts in a physical local area network (LAN) by using a virtual NAT (Network Address Translation) device. External networks, including the internet, are accessible from a guest OS. A guest machine is not accessible from a host machine, or from other machines in the network when the NAT mode is used for VirtualBox networking. This default network mode is sufficient for users who wish to use a VM just for internet access, for example.
potrzebne Guest Addition W konfiguracji vm-ki w udostepnione foldery
Foldery maszyny i zaznaczyc Automatyczne montowanie i Ustaw na stale
Take effect after reboot or logout
sudo adduser $USER vboxsf
# On Suse it's
sudo usermod --append --groups vboxsf $USER
VBoxManage showvminfo "boot2docker-vm"
By default boot2docker cannot access host file(/etc/hosts) configurations in host machine, to enable this following command can be used
VBoxManage modifyvm "boot2docker-vm" - natdnshostresolver1 on
Incoming traffic for host machine tcp/udp ports can be forward to vm port by following command
# tcp rule
VBoxManage controlvm "boot2docker-vm" --natpf1 "tcp-port7070,tcp,,7070,,7070";
# udp rule
VBoxManage modifyvm "boot2docker-vm" --natpf1 "udp-port9090,udp,,9090,,9090";
# delete rule
VBoxManage modifyvm "boot2docker-vm" --natpf1 delete "tcp-port7070"
We can connects to boot2docker vm via ssh
boot2docker ssh
Boot2docker config file uses as the docker config
/var/lib/boot2docker/profile
Following is an example config file content, in here I have defined two configurations(disable tls and define insecure registry)
By default docker runs with TLS enable. To disable it add following content to boot2docker profile. More info
DOCKER_TLS=no
Docker default supports for secure registries with TLS enable, to have insecure registries following content need to be added to boot2docker config file
EXTRA_ARGS=" --insecure-registry=10.4.1.110"
boot2docker space and memory information can be defined in boot2docker profile at ~/.boot2docker/profile
# vm disk image size in MB (60GB)
DiskSize = 61440
# vm memory size in MB(6GB)
Memory = 6144
To apply this configuration boot2docker need to be reinitialize.
# destroy running boot2docker
boot2docker stop
boot2docker destroy
# reinitialize
boot2docker init
boot2docker start
# connect to boot2docker
boot2docker ssh
# memory info
cat /proc/meminfo
- Shut down all programs. You will have to shut down, unplug, and restart your host.
- Look into I have a 64bit host, but can't install 64bit guests, 2nd post, points 2 & 3 and ensure that none of these things are running: Hypervisor protected Code Integrity (HVCI), also known as Memory Integrity (see fth0's post below) DeviceGuard (See InfoSecDr's post below) Memory Integrity (See fth0's post below) Secure Core (See Mpack's post below) CredentialGuard Windows Defender's Core Isolation
- Find the Command Prompt icon, right click it and choose Run As Administrator.
- Enter this command:
bcdedit /set hypervisorlaunchtype off
Some report this command was needed also:
DISM /Online /Disable-Feature:Microsoft-Hyper-V
- Enter this command:
shutdown -s -t 2
- When the computer turns off, unplug it for 20 seconds. Then plug it in again and boot up again.