# Docker-OSX ## [Follow @sickcodes on Twitter](https://twitter.com/sickcodes) ### V2.6 # Features In Docker-OSX v2.6 - CI/CD weaponization thru vnc and xdotool - OSX-KVM - X11 Forwarding - SSH on localhost:50922 - QEMU - VNC on localhost:8888 [vnc version is inside a separate directory](https://github.com/sickcodes/Docker-OSX/blob/master/vnc-version/Dockerfile) - Create an ARMY using `docker commit` - XFVB HEADLESS (use vnc) ### Pull Requests Welcome! ![Running mac osx in a docker container](/running-mac-inside-docker-qemu.png?raw=true "OSX KVM DOCKER") Run Mac in a Docker container! Run near native OSX-KVM in Docker! X11 Forwarding! Author: Sick.Codes https://sick.codes/ & https://twitter.com/sickcodes PR & Contributor Credits: https://github.com/sickcodes/Docker-OSX/blob/master/CREDITS.md Upstream: https://github.com/kholia/OSX-KVM && the great guy [@kholia](https://twitter.com/kholia) Upstream Credits (OSX-KVM project) among many others: https://github.com/kholia/OSX-KVM/blob/master/CREDITS.md Docker Hub: https://hub.docker.com/r/sickcodes/docker-osx ### Other cool Docker-QEMU based projects: [Run iOS in a Docker with Docker-eyeOS](https://github.com/sickcodes/Docker-eyeOS) - [https://github.com/sickcodes/Docker-eyeOS](https://github.com/sickcodes/Docker-eyeOS) # Run Docker-OSX ```bash docker pull sickcodes/docker-osx:latest docker run \ --device /dev/kvm \ --device /dev/snd \ -v /tmp/.X11-unix:/tmp/.X11-unix \ -e "DISPLAY=${DISPLAY:-:0.0}" \ sickcodes/docker-osx:latest # press ctrl G if your mouse gets stuck # scroll down to troubleshooting if you have problems # need more RAM and SSH on localhost -p 50922? ``` # Run but allow SSH ```bash docker run \ --device /dev/kvm \ --device /dev/snd \ -e RAM=4 \ -p 50922:10022 \ -v /tmp/.X11-unix:/tmp/.X11-unix \ -e "DISPLAY=${DISPLAY:-:0.0}" \ sickcodes/docker-osx:latest # turn on SSH after you've installed OSX in the "Sharing" settings. ssh fullname@localhost -p 50922 ``` # Autoboot into OSX after you've installed everything ```bash # find you containerID docker ps # move the no picker script on top of the Launch script # NEW CONTAINERS docker exec containerID mv ./Launch-nopicker.sh ./Launch.sh # LEGACY CONTAINERS docker exec containerID bash -c "grep -v InstallMedia ./Launch.sh > ./Launch-nopicker.sh chmod +x ./Launch-nopicker.sh sed -i -e s/OpenCore\.qcow2/OpenCore\-nopicker\.qcow2/ ./Launch-nopicker.sh " ``` # Requirements: KVM on the host Need to turn on hardware virtualization in your BIOS, very easy to do. Then have QEMU on the host if you haven't already ```bash # ARCH sudo pacman -S qemu libvirt dnsmasq virt-manager bridge-utils flex bison iptables-nft edk2-ovmf # UBUNTU DEBIAN sudo apt install qemu qemu-kvm libvirt-clients libvirt-daemon-system bridge-utils virt-manager # CENTOS RHEL FEDORA sudo yum install libvirt qemu-kvm # then run sudo systemctl enable libvirtd.service sudo systemctl enable virtlogd.service sudo modprobe kvm # reboot ``` # Start the same container later (persistent disk) This is for when you want to run the SAME container again later. If you don't run this you will have a new image every time. ```bash # look at your recent containers and copy the CONTAINER ID docker ps --all # docker start the container ID docker start abc123xyz567 # if you have many containers, you can try automate it with filters like this # docker ps --all --filter "ancestor=sickcodes/docker-osx" # for locally tagged/built containers # docker ps --all --filter "ancestor=docker-osx" ``` # Additional Boot Instructions - Boot the macOS Base System - Click `Disk Utility` - Erase the BIGGEST disk (around 200gb default), DO NOT MODIFY THE SMALLER DISKS. -- if you can't click `erase`, you may need to reduce the disk size by 1kb - (optional) Create a partition using the unused space to house the OS and your files if you want to limit the capacity. (For Xcode 12 partition at least 60gb.) - Click `Reinstall macOS` ## Creating images: ```bash # You can create an image of an already configured and setup container. # This allows you to effectively duplicate a system. # To do this, run the following commands # make note of your container id docker ps --all docker commit containerid newImageName # To run this image do the following docker run \ --device /dev/kvm \ --device /dev/snd \ -v /tmp/.X11-unix:/tmp/.X11-unix \ newImageName ``` # Troubleshooting libgtk permissions denied error, thanks @raoulh + @arsham ```bash echo $DISPLAY # ARCH sudo pacman -S xorg-xhost # UBUNTU DEBIAN sudo apt install x11-xserver-utils # CENTOS RHEL FEDORA sudo yum install xorg-x11-server-utils # then run xhost + ``` PulseAudio for sound (note neither [AppleALC](https://github.com/acidanthera/AppleALC) and varying [`alcid`](https://dortania.github.io/OpenCore-Post-Install/universal/audio.html) or [VoodooHDA-OC](https://github.com/chris1111/VoodooHDA-OC) have [codec support](https://osy.gitbook.io/hac-mini-guide/details/hda-fix#hda-codec) though [IORegistryExplorer](https://github.com/vulgo/IORegistryExplorer) does show the controller component working): ```bash docker run \ --device /dev/kvm \ -e AUDIO_DRIVER=pa,server=unix:/tmp/pulseaudio.socket \ -v "/run/user/$(id -u)/pulse/native:/tmp/pulseaudio.socket" \ -v /tmp/.X11-unix:/tmp/.X11-unix \ sickcodes/docker-osx ``` PulseAudio debugging: ```bash docker run \ --device /dev/kvm \ -e AUDIO_DRIVER=pa,server=unix:/tmp/pulseaudio.socket \ -v "/run/user/$(id -u)/pulse/native:/tmp/pulseaudio.socket" \ -v /tmp/.X11-unix:/tmp/.X11-unix \ -e PULSE_SERVER=unix:/tmp/pulseaudio.socket \ sickcodes/docker-osx pactl list ``` Alternative run, thanks @roryrjb ```bash docker run \ --privileged \ --net host \ --cap-add=ALL \ -v /tmp/.X11-unix:/tmp/.X11-unix \ -v /dev:/dev \ -v /lib/modules:/lib/modules \ sickcodes/docker-osx ``` Check if your hardware virt is on ```bash egrep -c '(svm|vmx)' /proc/cpuinfo ``` Try adding yourself to the docker group ```bash sudo usermod -aG docker "${USER}" ``` Turn on docker daemon ```bash # run ad hoc sudo dockerd # or daemonize it sudo nohup dockerd & # or enable it in systemd sudo systemctl enable docker ``` # How to Enable Network Forwarding Allow ipv4 forwarding for bridged networking connections: This is not required for LOCAL installations and may cause containers behind [VPN's to leak host IP](https://sick.codes/cve-2020-15590/). If you are connecting to a REMOTE Docker-OSX, e.g. a "Mac Mini" in a datacenter, then this may boost networking: ```bash # enable for current session sudo sysctl -w net.ipv4.ip_forward=1 # OR # sudo tee /proc/sys/net/ipv4/ip_forward <<< 1 # enable permanently sudo touch /etc/sysctl.conf sudo tee -a /etc/sysctl.conf <