|
|
# Using Cyber Sandbox Creator inside a Docker container
|
|
|
## Debian based Linux
|
|
|
### Preparing the host
|
|
|
1. Enable [virtualization in BIOS](https://www.tactig.com/enable-intel-vt-x-amd-virtualization-pc-vmware-virtualbox/).
|
|
|
2. Install [Docker](https://docs.docker.com/engine/install/).
|
|
|
|
|
|
### Load VirtualBox kernel modules
|
|
|
#### Install VirtualBox on host
|
|
|
1. Install kernel headers using the command `sudo apt-get install linux-headers-generic linux-headers-$(uname -r)`.
|
|
|
2. Install [VirtualBox](https://www.virtualbox.org/wiki/Linux_Downloads).
|
|
|
3. Run command `sudo /usr/lib/virtualbox/vboxdrv.sh setup`.
|
|
|
4. Check that kernel modules are loaded using command `lsmod | grep "vbox"`.
|
|
|
#### Load kernel modules from the Docker container
|
|
|
1. Create or download Docker image <image>.
|
|
|
2. Run the container with extended privileges. [^1]
|
|
|
3. Inside the container install kernel headers using the command `apt-get install linux-headers-generic linux-headers-$(uname -r)`.
|
|
|
4. Build the kernel modules with command `/usr/lib/virtualbox/vboxdrv.sh setup`.
|
|
|
5. Check that kernel modules are loaded using command `lsmod | grep "vbox"`.
|
|
|
|
|
|
Note: The modules will only stay loaded until the host is rebooted. If you want to use the container again you need to run the command `/usr/lib/virtualbox/vboxdrv.sh setup` after restarting it.
|
|
|
#### Build kernel modules on host using files from the container
|
|
|
1. Create or download Docker image.
|
|
|
2. Run the container - will result in error.
|
|
|
3. Copy files needed to build the modules from container to host using commands `sudo docker cp <container>:/usr/lib/virtualbox /usr/lib` and `sudo docker cp <container>:/usr/share/virtualbox /usr/share`. [^1]
|
|
|
4. Install kernel headers using the command `sudo apt-get install linux-headers-generic linux-headers-$(uname -r)`.
|
|
|
5. Add *vboxusers* group with command `sudo addgroup vboxusers`.
|
|
|
6. Build the modules with command `sudo /usr/lib/virtualbox/vboxdrv.sh setup`.
|
|
|
7. Check that the modules are loaded using command `lsmod | grep "vbox"`.
|
|
|
8. Restart and access the Docker container using commands `docker restart <container>` and `docker attach <container>`.
|
|
|
9. When you no longer need the VirtualBox files on host, you can remove them using command `sudo rm -rf /usr/share/virtualbox /usr/lib/virtualbox`.
|
|
|
|
|
|
Note: The modules will only stay loaded until the host is rebooted. If you want to use the container again you need to run the command `sudo /usr/lib/virtualbox/vboxdrv.sh setup` before restarting it.
|
|
|
### Get Docker image
|
|
|
### Create image from Dockerfile
|
|
|
1. Download [Dockerfile](uploads/eed08954f06337527f0ed0201018972e/Dockerfile) into an empty directory.
|
|
|
2. Navigate into the directory with Dockerfile.
|
|
|
3. Build an image from the Dockerfile with command `docker build -t <image_name> .`.
|
|
|
4. Check that image <image_name> was created with command `docker images`.
|
|
|
### Run a Docker container
|
|
|
#### Using only headless VirtualBox inside the container
|
|
|
Simply run the container with command `docker run -it --device /dev/vboxdrv:/dev/vboxdrv <image>`.
|
|
|
#### Using VirtualBox with GUI inside the container
|
|
|
1. Allow access to host's X server with command `xhost +local:root`. [^2]
|
|
|
2. Run container with command `docker run -it --device /dev/vboxdrv:/dev/vboxdrv -v /tmp/.X11-unix:/tmp/.X11-unix -e DISPLAY=$DISPLAY --device /dev/dri:/dev/dri` <image>.
|
|
|
#### Running the container for headless-only VirtualBox with extended privileges
|
|
|
Run the container with command `docker run -it --privileged <image>`.
|
|
|
#### Running the container for VirtualBox with GUI with extended privileges
|
|
|
1. Allow access to host's X server with command `xhost +local:root`. [^2]
|
|
|
2. Run container with command `docker run -it -v /tmp/.X11-unix:/tmp/.X11-unix -e DISPLAY=$DISPLAY --privileged <image>`.
|
|
|
|
|
|
### Using the Cyber Sandbox Creator inside the Docker container
|
|
|
1. [Install](3.0/Installation) CSC using pip inside the Docker container.
|
|
|
2. [Use](3.0/Building-and-Using-a-Sandbox) the CSC as you would without the container.
|
|
|
|
|
|
### Additional configuration
|
|
|
#### Change Docker storage location
|
|
|
If you use a topology containing multiple different VirtualBox images in the Creator, the Docker container will grow quite big. This may cause a problem on a system using separate `root` and `home` partitions with only limited amount of memory allocated for the `root` partition. Since by default Docker stores all containers in the `root` partition in `/var/lib/docker` directory, you may quickly run out of space. To change the default storage location you need to do the following:
|
|
|
1. Create a JSON file `/etc/docker/daemon.json` (e.g. `sudo nano /etc/docker/daemon.json`).
|
|
|
2. Add path to the new location (e.g. `/home/docker_data`) to the file as
|
|
|
```
|
|
|
{
|
|
|
"data-root": "/path/to/new/location"
|
|
|
}
|
|
|
```
|
|
|
and save the file.
|
|
|
3. Restart Docker with command `sudo systemctl restart docker`.
|
|
|
4. Move existing data to new location with command `sudo mv /var/lib/docker /path/to/new/location`.
|
|
|
|
|
|
----
|
|
|
[^1]: You can get the container's id using command `docker ps -a` or you can set a name for the container by adding flag *--name* to the `run` command.
|
|
|
[^2]: Setting the permissions this way will cause your X server to become vulnerable. If you are concerned about this run command `xhost -local:root` after you're done using the container with GUI to restore the access control or look into [safer ways to access the X server](http://wiki.ros.org/docker/Tutorials/GUI#Using_X_server). |
|
|
\ No newline at end of file |