Verify the images using macOS Documentation VirtualBox/Higher Screen Resolution without installing VirtualBox Guest Additions Previous page: Verify the images using macOS Index page: Documentation Next page: VirtualBox/Higher Screen Resolution without installing VirtualBox Guest Additions VirtualBox Guest Additions: Clipboard Sharing, Shared Folder, and More

VirtualBox Guest Additions is a software package that provides additional functionality to virtual machines (VMs) running in VirtualBox. The Guest Additions package includes drivers and utilities that enhance both performance and usability of the VMs.

Guest Additions provides features such as clipboard sharing, seamless mouse integration, shared folder between the host and guest operating systems, improved graphics performance, and the ability to dynamically resize the guest display.

Guest Additions are installed by default in Kicksecure and its derivatives such as Whonix^®.

Important: Clipboard sharing is currently broken in Kicksecure 18. See Clipboard Sharing for details.

Clipboard Sharing

Clipboard sharing allows you to copy and paste text between the host and a virtual machine (VM).

This documentation explains the status of clipboard sharing in Kicksecure and its derivatives such as Whonix.

Version-specific notice:

Kicksecure (and Whonix) version 17:
- Status: Functional
Kicksecure (and Whonix) version 18:
- Status: Broken
- Workaround: None, clipboard is not synced with Wayland or Xwayland so wl-clipboard cannot be used to circumvent the issue.
- Alternative: Use a text file inside the Shared Folder to exchange text between the host and VM.
- Reason for breakage: Port from X11 to Wayland (security enhancement).
- VirtualBox bug report: Clipboard sharing with Wayland guest not working

For Clipboard Sharing Security Considerations, please press Learn More on the right side.

Kicksecure 17: Bidirectional clipboard sharing is currently enabled by default.

Kicksecure 18: Bidirectional clipboard sharing is currently disabled by default. ^[1]

There are good reasons to enable clipboard sharing. It is up to the user to decide whether to enable clipboard sharing.

To change the clipboard sharing setting:

Power off the virtual machine. ^[2]
Navigate to VirtualBox machine settings → General → Advanced → Shared Clipboard
Set the preferred configuration: Disabled, Guest to Host, Host to Guest or Bidirectional.
Power on the virtual machine again.

To learn more, see: VirtualBox Manual - Chapter 3. Configuring Virtual Machines.

Shared Folder

Want to share a folder between your host and your virtual machine?

This guide shows you how with two different methods:

Simplified method for Kicksecure and derivatives like Whonix
- Fewer options: simpler.
Standard method for other operating systems like Debian
- Follows regular VirtualBox setup steps

For additional explanations for absolute beginners, please press Learn More on the right side.

Before starting, make sure:

VirtualBox is installed on your host operating system.
A virtual machine (VM) is already created and set up.
You have basic familiarity with opening applications and navigating file paths.

Glossary:

Host operating system (OS): The main system where VirtualBox is installed (e.g., your laptop or desktop OS).
virtual machine (VM): A simulated computer running inside VirtualBox.
Guest Operating System: The OS running inside the VM (e.g., Kicksecure or Whonix).
Shared Folder: A folder that both the host and the VM can access for transferring files.
Mount: The process of making a shared folder accessible inside the VM.
Read-only: A setting that allows viewing files but not editing them.

To learn more about VirtualBox shared folder, see: VirtualBox Manual - Chapter 4. Guest Additions.

For Shared Folder Security Considerations, please press Learn More on the right side.

Shared folders are discouraged because they weaken isolation between the guest and the host. Providing a mechanism to access files of the host system from within the guest system via a specially defined path necessarily enlarges the attack surface and provides a potential pathway for malicious actors to compromise the host.

This recommendation does not have a strong rationale. Disabling additional features in other virtualizers or general applications will similarly lead to fewer code paths being utilized and arguably increase security. VirtualBox software is not special in this regard.

Forum discussion: Security Risks of VirtualBox Shared Folders?

Select the system you're using inside the virtual machine (VM), and follow the matching instructions.

Kicksecure

If you are using Kicksecure (or a derivative such as Whonix), follow the steps below.

Special Notice: Upgrade Required

Update your system first. ^[3]

Sysmaint Notice

Platform specific.

Kicksecure:
- If using user-sysmaint-split: The user needs to boot into the sysmaint session. For details and instructions on how to do that, see user-sysmaint-split. (user-sysmaint-split is the default since build version 17.3.9.9.)
- If using unrestricted admin mode: This sysmaint notice is not applicable. Continue with the steps below.
Kicksecure-Qubes:
- If using user-sysmaint-split: The computer user needs to open a Qubes Root Console.
- If using unrestricted admin mode: This sysmaint notice is not applicable. Continue with the steps below.

In System Maintenance Panel, press Install Updates or upgrade using command line.

sudo apt update && sudo apt dist-upgrade

Host folder preparation.

On the host operating system, create a folder to be shared with the virtual machine (VM). For example, on a Linux host operating system, create the folder /home/user/shared.

Open VirtualBox VM Shared Folder Settings.

Oracle VirtualBox Manager → right-click the virtual machine → Settings → Shared Folder

Figure: Screenshot showing how to open VirtualBox VM Settings

Add new shared folder.

Click the folder icon with a + symbol in the upper right-hand section of the screen.

Figure: Screenshot showing VirtualBox Shared Folder Add + Symbol

Host Shared Folder Selection.

Folder Path → Navigate to the folder you want to share.

Figure: Screenshot showing Host Shared Folder Selection

Host Shared Folder Selection.

Folder Name → Type: shared. A different folder name can be used, but shared is recommended so it matches the example documented below. Then press Select Folder. ^[4]

Figure: Host Shared Folder Selection

Shared Folder Settings

Uncheck Read-only: Keep it de-selected. ^[5]
Ensure Auto-mount is unchecked: Keep it de-selected.
Mount Point → Leave as is (leave it empty and do not make any changes).

Figure: Shared Folder Settings

Confirm shared folder settings.

Press OK to close the shared folder dialog.

Confirm VirtualBox settings.

Press OK to close the VirtualBox settings.

Figure: Completed VirtualBox Shared Folder Settings Screenshot

Reboot the virtual machine.

Notice.

No group modifications required. Documentation is complete as is. ^[6]

Done.

The process is now complete, and the shared folder can be used.

Usage.

The shared folder will be accessible via /mnt/shared inside the VM. ^[7] The folder can be opened using a file manager such as Thunar, for example. To open it using the command line, run:

cd /mnt/shared

Whonix

Same as Kicksecure. Follow the same instructions as for Kicksecure.

Other Operating Systems

If you are using other operating systems (not using Kicksecure or a derivative such as Whonix) inside the VM, additional steps are required.

Two options exist:

automatic mounting; or
manual mounting.

The automatic mounting method is described below. For additional information on shared folders, refer to the VirtualBox manual. Any additional questions are unspecific to Kicksecure and should be addressed as per the Self Support First Policy.

Install VirtualBox Guest Additions inside the VM. ^[8]
Add the Linux user account that will utilize shared folders from inside the VM to the group vboxsf. The following example uses account "user": sudo adduser user vboxsf
If you are using user-sysmaint-split, you might want to allow the sysmaint Linux user account to utilize shared folders from inside the VM. The following command will permit account "sysmaint": sudo adduser sysmaint vboxsf
A reboot is required to make group changes take effect.
Follow the instructions for Kicksecure, but check the Auto-mount checkbox when adding the shared folder. The folder will be made available in the VM under /media/sf_shared.

Generic VirtualBox Method

Shared folders are a generic VirtualBox feature. They are used the same way across most Linux distributions, including Debian. In case of issues, everything written on this wiki can be disregarded. For context, see also Introduction.

All steps can be followed using the VirtualBox manual.

This is unspecific to Kicksecure or Whonix. For support, refer to general Linux or VirtualBox resources. See also: Self Support First Policy.

^[9]

Shared Folder in Live Mode

In Live Mode, the shared folder will not be mounted by default. (This behavior was introduced in version 17.4.4.6 and might change in a future release.) ^[10]

To enable the shared folder with read and write access in live mode, follow the instructions below.

Apply the instructions from the above chapter first.

Option-specific:

If you are using Kicksecure (or a derivative such as Whonix), follow the steps below.
If you are using other operating systems or the generic VirtualBox method, this does not apply. ^[11]

Sysmaint Notice

Platform specific.

Kicksecure:
- If using user-sysmaint-split: The user needs to boot into the sysmaint session. For details and instructions on how to do that, see user-sysmaint-split. (user-sysmaint-split is the default since build version 17.3.9.9.)
- If using unrestricted admin mode: This sysmaint notice is not applicable. Continue with the steps below.
Kicksecure-Qubes:
- If using user-sysmaint-split: The computer user needs to open a Qubes Root Console.
- If using unrestricted admin mode: This sysmaint notice is not applicable. Continue with the steps below.

Open file /usr/lib/systemd/system/mnt-shared-vbox.service.d/50_user.conf in an editor with root rights.

Select your platform.

See Open File with Root Rights for detailed instructions on why using sudoedit improves security and how to use it.

Note: Mousepad (or the chosen text editor) must be closed before running the sudoedit command.

sudoedit /usr/lib/systemd/system/mnt-shared-vbox.service.d/50_user.conf

Notes:

When using Kicksecure-Qubes, this must be done inside the Template.

sudoedit /usr/lib/systemd/system/mnt-shared-vbox.service.d/50_user.conf

After applying this change, shut down the Template.
All App Qubes based on the Template need to be restarted if they were already running.
This is a general procedure required for Qubes and is unspecific to Kicksecure-Qubes.

Notes:

This is just an example. Other tools could achieve the same goal.
If this example does not work for you, or if you are not using Kicksecure, please refer to Open File with Root Rights.

sudoedit /usr/lib/systemd/system/mnt-shared-vbox.service.d/50_user.conf

Paste:

[Unit] ConditionKernelCommandLine=

Save.

Reboot.

Done.

The shared folder should now also be available with read-write access after booting into live mode.

Forum discussion: Shared folder blank running in live mode after update

VirtualBox Guest Additions

Introduction

In Kicksecure, VirtualBox guest additions are installed by default. ^[12]

To avoid issues with the guest additions, users are strongly recommended to:

Use the Recommended VirtualBox Version for use with Kicksecure.
Leave installation of the recommended version of VirtualBox guest additions to Kicksecure as documented, and avoid manual installation. This documentation will be updated as required, so check back later if problems occur.

There might be a few odd messages during updates which are actually non-issues. Unless functionality is broken, please do not report odd messages as per the Support Request Policy.

In case of issues, see also VirtualBox troubleshooting and consider a bug report.

VirtualBox Guest Additions Installation Sources

There are multiple sources to install VirtualBox guest additions from. It is possible to switch from one installation source to another. However, only one installation source should be used at the same time. If migrating from one installation source to another, the previous installation source should first be disabled.

*VirtualBox Guest Additions Installation Sources*
Option	Nickname	Installation Source	Technical Difference	Installed by Default	Used by Default
A	Debian Style	From Debian's (`fasttrack.debian.net`) packages `virtualbox-guest-utils`, `virtualbox-guest-x11`.	Adjusted by Debian specifically for Debian. Works very well when using the same version of the VirtualBox host software as well as VirtualBox guest additions. After installation of the package(s), VirtualBox Guest Additions will be fully set up and functional.	Yes	Yes
B	Host ISO	VirtualBox guest additions ISO / CD	This is the VirtualBox guest additions ISO / CD from Oracle, the company that develops VirtualBox. This ISO is shipped with the VirtualBox host software. The ISO contains a generic VirtualBox guest additions installer for many Linux versions. Not specifically designed for Debian. Only recommended if installing a newer version of VirtualBox from the VirtualBox.org Repository than available from Debian, and only if the ISO cannot instead be installed from the next entry in this table. To actually install VirtualBox guest additions from this source, the user must mount or extract the ISO and run the setup installer as per the instructions on the VirtualBox website.	No	No
C	Oracle Style	From Debian's (`packages.debian.org`) package `virtualbox-guest-additions-iso`.	Similar to above. A Debian maintainer has built the VirtualBox guest additions ISO and added it to the `virtualbox-guest-additions-iso` package to provide a more convenient method of acquiring the ISO. Installation of this package alone does nothing. It essentially only includes the file `/usr/share/virtualbox/VBoxGuestAdditions.iso`. Only recommended if installing a newer version of VirtualBox from the VirtualBox.org Repository than available from Debian. To actually install VirtualBox guest additions from this source, the user must either: A) mount or extract the ISO and run the setup installer as per the instructions on the VirtualBox website, or B) use vbox-guest-installer.	Yes	No

VirtualBox guest additions (from packages virtualbox-guest-utils, virtualbox-guest-x11) are installed by default and should be preferred over virtualbox-guest-additions-iso. ^[13]

vbox-guest-installer

vbox-guest-installer is an installation helper created by Kicksecure developers. It is a utility that improves usability by allowing installation of VirtualBox guest additions from Debian's (packages.debian.org) package virtualbox-guest-additions-iso.

Not enabled by default.
Usually no user action required.
Usually no enable/disable or settings change required.

Whenever the Linux kernel package or virtualbox-guest-additions-iso is upgraded, vbox-guest-installer should run automatically. ^[14]

vbox-guest-installer will refuse to install VirtualBox guest additions from virtualbox-guest-additions-iso when either virtualbox-guest-x11 and/or virtualbox-guest-utils is still installed. This is because only one installation source should be active at the same time, as mentioned in chapter VirtualBox Guest Additions Installation Sources.

To use vbox-guest-installer, see Migration to Oracle Style VirtualBox Guest Additions.

VirtualBox Guest Additions CD

Depending on the VM where you intend to use VirtualBox Guest Additions, see instructions for either A) or B).

A) If using Kicksecure for VirtualBox with the recommended VirtualBox version:
- Kicksecure default: VirtualBox guest additions are installed by default. (Source: Debian's (fasttrack.debian.net) packages virtualbox-guest-utils, virtualbox-guest-x11)
- Unneeded: It is therefore usually unnecessary and discouraged to install guest additions from Debian's (packages.debian.org) package virtualbox-guest-additions-iso or from the VirtualBox ISO / CD (VBoxGuestAdditions.iso).
- Discouraged: Do not use ~~VirtualBox → Devices → Insert Guest Additions CD image...~~.
- Potential issue: Ignoring this advice could lead to version conflicts between the VirtualBox host version and the VirtualBox guest additions version, causing problems such as a black screen, screen resolution bugs, broken host-to-VM copy/paste, and similar issues. ^[15]
B) If you are using other operating systems: Using VirtualBox Guest Additions CD is acceptable. In that case, issues should be resolved as per the Self Support First Policy because they would be unspecific to Kicksecure.

Migration to Oracle Style VirtualBox Guest Additions

If you are currently using VirtualBox packages virtualbox-guest-utils and virtualbox-guest-x11 (Debian style) and wish to migrate to Oracle Style VirtualBox Guest Additions from virtualbox-guest-additions-iso, complete the following steps.

1. Uninstall the Debian style VirtualBox Guest Additions packages.

This step is mandatory. Otherwise, vbox-guest-installer will refuse to install Oracle Style VirtualBox Guest Additions because only one installation source for guest additions can be active at the same time.

sudo apt purge virtualbox-guest-utils virtualbox-guest-x11

2. Make sure the package virtualbox-guest-additions-iso is installed.

It should be installed by default. To check and install if required, run:

Install package(s) virtualbox-guest-additions-iso following these instructions

Platform specific notice.

Kicksecure: No special notice.
Kicksecure-Qubes: In Template.

Update the package lists and upgrade the system.

sudo apt update && sudo apt full-upgrade

Install the virtualbox-guest-additions-iso package(s).

Using apt command line --no-install-recommends option is in most cases optional.

sudo apt install --no-install-recommends virtualbox-guest-additions-iso

Platform specific notice.

Kicksecure: No special notice.
Kicksecure-Qubes: Shut down Template and restart App Qubes based on it as per Qubes Template Modification.

Done.

The procedure of installing package(s) virtualbox-guest-additions-iso is complete.

3. Run vbox-guest-installer.

sudo vbox-guest-installer

4. Reboot.

5. Done.

Migration from VirtualBox Guest Additions (Debian style) to VirtualBox Guest Additions ISO (Oracle style) has been completed.

Migration to Debian Style VirtualBox Guest Additions Packages

If you are currently using VirtualBox Guest Additions from virtualbox-guest-additions-iso and/or ISO / CD (Oracle style) and wish to migrate to VirtualBox packages virtualbox-guest-utils and virtualbox-guest-x11 (Debian style), complete the following steps.

1. Uninstall virtualbox-guest-additions-iso.

2. Install VirtualBox Guest Additions from Debian:

Install package(s) virtualbox-guest-utils virtualbox-guest-x11 following these instructions

Platform specific notice.

Kicksecure: No special notice.
Kicksecure-Qubes: In Template.

Update the package lists and upgrade the system.

sudo apt update && sudo apt full-upgrade

Install the virtualbox-guest-utils virtualbox-guest-x11 package(s).

Using apt command line --no-install-recommends option is in most cases optional.

sudo apt install --no-install-recommends virtualbox-guest-utils virtualbox-guest-x11

Platform specific notice.

Kicksecure: No special notice.
Kicksecure-Qubes: Shut down Template and restart App Qubes based on it as per Qubes Template Modification.

Done.

The procedure of installing package(s) virtualbox-guest-utils virtualbox-guest-x11 is complete.

3. Reboot.

4. Done.

Migration from VirtualBox Guest Additions ISO (Oracle style) to VirtualBox Guest Additions (Debian style) packages has been completed.

VirtualBox Guest Additions Security

General concerns have been raised about the security of VirtualBox. For example, see the article The VirtualBox Kernel Driver Is Tainted Crap. However, this refers to the kernel driver (on the host), not guest additions. For opposite viewpoints, see here and here.

The situation might have improved since some kernel modules have been upstreamed (integrated) into the Linux mainline kernel. ^[16]

Alternatives

It is possible to achieve similar functionality without installing guest additions:

For file exchange with Kicksecure, see File Transfer and File Sharing.
To achieve higher screen resolution, see Higher Screen Resolution without VirtualBox Guest Additions.
For mouse integration, it is possible to set a USB tablet in VirtualBox settings. However, this is recommended against because it requires adding a USB controller to VirtualBox. (VirtualBox → Right-click on Virtual Machine → Settings → System → Enable absolute pointing device)

Miscellaneous

Uninstall virtualbox-guest-additions-iso

This is discouraged and should not normally be required. However, if you wish to uninstall VirtualBox guest additions installed by vbox-guest-installer (created by Kicksecure developers), follow the steps below.

1. Note about package virtualbox-guest-additions-iso.

No purge of virtualbox-guest-additions-iso is required since vbox-guest-installer effectively does nothing if VirtualBox guest additions packages are already installed. If purging virtualbox-guest-additions-iso is desired, that is acceptable too.

2. Uninstall Oracle style VirtualBox guest additions.

To remove VirtualBox guest additions (previously installed by Kicksecure from virtualbox-guest-additions-iso), run the VirtualBox guest additions uninstaller provided by the VirtualBox developers:

sudo /usr/sbin/vbox-uninstall-guest-additions

Debugging

To help debug issues, inspect the following logs and services:

cat /var/log/vboxadd-install.log

sudo systemctl status vboxadd

sudo systemctl status vboxadd-service.service

ls -la /opt/VBoxGuestAdditions-*/init/

Kernel Upgrades

The following issue may occur during kernel upgrades.

This issue should be rare. It is only known to happen when using initramfs-tools. At time of writing, Kicksecure switched from initramfs-tools to dracut by default.

/etc/kernel/postinst.d/vboxadd:
VirtualBox Guest Additions: Building the modules for kernel 5.6.0-0.bpo.2-amd64.
Failed to rename process, ignoring: Operation not permitted
update-initramfs terminated by signal TERM.

Workaround: Two (2) reboots are required. ^[17]

Non-Issues

~~If the following message appears during a kernel upgrade, it is a non-issue.~~

None.

Footnotes

↑ Host -> Whonix-Gateway clipboard sharing enabled by default?
↑ Because otherwise you cannot change VirtualBox VM settings.
↑ This is due to a bug in /usr/libexec/vm-config-dist/mount-shared that has been fixed in all repositories.
↑ Do not use share (without the trailing d)!
↑ If you do not wish to write to that folder from within the VM, you are free to check/enable this setting.
↑ For better usability, the pre-installed Kicksecure package vm-config-dist has already added the account user to the group vboxsf. This is implemented in /usr/libexec/vm-config-dist/mount-shared, which runs automatically on boot.
↑ This is hardcoded in /usr/libexec/vm-config-dist/mount-shared. Previously, VirtualBox's built-in shared folder mounting was used, but it is no longer used because it sometimes silently fails to mount a shared folder and has very inflexible permissions.
↑ This step is required. Quote VirtualBox Manual - Chapter 4. Guest Additions:

With the shared folders feature of Oracle VM VirtualBox, you can access files of your host system from within the guest system. This is similar to how you would use network shares in Windows networks, except that shared folders do not require networking, only the Guest Additions.
↑
Shared Folder Permission Fix

Should be no longer required.
Inside the VM... If running the following command...
cd /mnt/shared
Leads to the following error:

cd: permission denied: /mnt/shared

Only then try the commands below.
For other error messages, there is no need to proceed with the commands below.
This is a simple Linux file permissions issue. These are usually easy to fix when understanding the Linux file permission system. Unfortunately, to the knowledge of the author, there is no single coherent tutorial on Linux file permissions that can be wholeheartedly recommended. Instead, specific commands to fix this issue only are being provided.
This issue should be mostly unspecific to Kicksecure. Self Support First Policy is applicable. Please Use Search Engines And See Documentation First.

Do not attempt to use chown or chmod to fix the permissions of the shared folder. VirtualBox's shared folder feature does not understand UNIX file permissions. Attempting to change the permissions on the shared folder or its contents will fail.

1. Sysmaint Notice

Platform specific.

Kicksecure:
If using user-sysmaint-split: The user needs to boot into the sysmaint session. For details and instructions on how to do that, see user-sysmaint-split. (user-sysmaint-split is the default since build version 17.3.9.9.)

If using unrestricted admin mode: This sysmaint notice is not applicable. Continue with the steps below.

Kicksecure-Qubes:
If using user-sysmaint-split: The computer user needs to open a Qubes Root Console.

If using unrestricted admin mode: This sysmaint notice is not applicable. Continue with the steps below.

2. Group configuration.
Add the Linux user account that will utilize shared folders from inside the VM to group vboxsf. The following example will use account "user".
sudo adduser user vboxsf
Optional: If using user-sysmaint-split, the user might want to add account sysmaint as well.
sudo adduser sysmaint vboxsf
3. Reboot required.
Due to adduser making Linux user group modification.
reboot
4. Done.
Linux file permissions should be fixed.
Other troubleshooting:

D Check Make Permanent (if that option exists).

This is specific to the VirtualBox version; newer versions may no longer have this option.
Check Make Permanent if this setting should persist after fully shutting down the virtual machine and booting it again. Otherwise, this setting will be temporary (though it will survive a reboot that does not involve a full shutdown).
↑
grub-live:
- /usr/lib/systemd/system/mnt-shared-vbox.service.d/30_grub-live.conf
- /usr/lib/systemd/system/mnt-shared-kvm.service.d/30_grub-live.conf
↑ Because Kicksecure does not use the mnt-shared-vbox.service systemd unit.
↑
- Installing VirtualBox Guest Addition by Default?
↑ virtualbox-guest-additions-iso is still installed by default. Should there be issues with virtualbox-guest-utils, virtualbox-guest-x11 as in the past due to unavailability, it is easier to fall back to that solution. vbox-guest-installer (an installation helper created by Kicksecure developers) is also still installed by default for the same purpose.
↑ debian/vm-config-dist.triggers
↑ Installation of VirtualBox guest additions from CD might also cause issues.
↑
- https://www.phoronix.com/news/VirtualBox-Guest-V2-Continues
- https://www.phoronix.com/news/Linux-4.16-vboxguest
- vboxguest: https://www.phoronix.com/news/Linux-4.16-Three-New-Subsystems
- vboxsf: https://www.phoronix.com/news/VBOXSF-VirtualBox-Staging
- search term: site:kernel.org vbox
↑
This results in guest additions being non-functional after the next reboot. During that reboot, VirtualBox guest additions will automatically detect the missing kernel modules for the upgraded kernel and build them. After rebooting one more time, the issue should be resolved until the next kernel upgrade. Please contribute to generic bug reproduction:
- Conceptually: Generic Bug Reproduction
- Specifically: VirtualBox Generic Bug Reproduction and Debugging.
See also Kicksecure-specific technical information: VirtualBox Integration.

Verify the images using macOS Documentation VirtualBox/Higher Screen Resolution without installing VirtualBox Guest Additions Previous page: Verify the images using macOS Index page: Documentation Next page: VirtualBox/Higher Screen Resolution without installing VirtualBox Guest Additions

Kicksecure

A secure by default operating system with the latest security research in place.

Dark mode

Supported by Power Up Privacy

Kicksecure is proudly supported until 2026 by Power Up Privacy, a privacy advocacy group that seeks to supercharge privacy projects with resources so they can complete their mission of making our world a better place. (Strictly subject to our sponsorship policy.)

At Kicksecure we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint

2012- 2025 ENCRYPTED SUPPORT LLC

Your support makes
all the difference!

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 13 year success story and maybe DONATE!

[1] Host -> Whonix-Gateway clipboard sharing enabled by default?

[poweroff-2] Because otherwise you cannot change VirtualBox VM settings.

[3] This is due to a bug in /usr/libexec/vm-config-dist/mount-shared that has been fixed in all repositories.

[4] Do not use share (without the trailing d)!

[5] If you do not wish to write to that folder from within the VM, you are free to check/enable this setting.

[6] For better usability, the pre-installed Kicksecure package vm-config-dist has already added the account user to the group vboxsf. This is implemented in /usr/libexec/vm-config-dist/mount-shared, which runs automatically on boot.

[7] This is hardcoded in /usr/libexec/vm-config-dist/mount-shared. Previously, VirtualBox's built-in shared folder mounting was used, but it is no longer used because it sometimes silently fails to mount a shared folder and has very inflexible permissions.

[8] This step is required. Quote VirtualBox Manual - Chapter 4. Guest Additions:

With the shared folders feature of Oracle VM VirtualBox, you can access files of your host system from within the guest system. This is similar to how you would use network shares in Windows networks, except that shared folders do not require networking, only the Guest Additions.

[9] 
Shared Folder Permission Fix
[edit]

Should be no longer required.
Inside the VM... If running the following command...
cd /mnt/shared
Leads to the following error:

cd: permission denied: /mnt/shared

Only then try the commands below.
For other error messages, there is no need to proceed with the commands below.
This is a simple Linux file permissions issue. These are usually easy to fix when understanding the Linux file permission system. Unfortunately, to the knowledge of the author, there is no single coherent tutorial on Linux file permissions that can be wholeheartedly recommended. Instead, specific commands to fix this issue only are being provided.
This issue should be mostly unspecific to Kicksecure. Self Support First Policy is applicable. Please Use Search Engines And See Documentation First.

Do not attempt to use chown or chmod to fix the permissions of the shared folder. VirtualBox's shared folder feature does not understand UNIX file permissions. Attempting to change the permissions on the shared folder or its contents will fail.

1. Sysmaint Notice

Platform specific.

Kicksecure:
If using user-sysmaint-split: The user needs to boot into the sysmaint session. For details and instructions on how to do that, see user-sysmaint-split. (user-sysmaint-split is the default since build version 17.3.9.9.)

If using unrestricted admin mode: This sysmaint notice is not applicable. Continue with the steps below.

Kicksecure-Qubes:
If using user-sysmaint-split: The computer user needs to open a Qubes Root Console.

If using unrestricted admin mode: This sysmaint notice is not applicable. Continue with the steps below.

2. Group configuration.
Add the Linux user account that will utilize shared folders from inside the VM to group vboxsf. The following example will use account "user".
sudo adduser user vboxsf
Optional: If using user-sysmaint-split, the user might want to add account sysmaint as well.
sudo adduser sysmaint vboxsf
3. Reboot required.
Due to adduser making Linux user group modification.
reboot
4. Done.
Linux file permissions should be fixed.
Other troubleshooting:

Check Make Permanent (if that option exists).

This is specific to the VirtualBox version; newer versions may no longer have this option.
Check Make Permanent if this setting should persist after fully shutting down the virtual machine and booting it again. Otherwise, this setting will be temporary (though it will survive a reboot that does not involve a full shutdown).

[10] Kicksecure:
If using user-sysmaint-split: The user needs to boot into the sysmaint session. For details and instructions on how to do that, see user-sysmaint-split. (user-sysmaint-split is the default since build version 17.3.9.9.)

If using unrestricted admin mode: This sysmaint notice is not applicable. Continue with the steps below.

[11] If using user-sysmaint-split: The user needs to boot into the sysmaint session. For details and instructions on how to do that, see user-sysmaint-split. (user-sysmaint-split is the default since build version 17.3.9.9.)

[12] If using unrestricted admin mode: This sysmaint notice is not applicable. Continue with the steps below.

[13] Kicksecure-Qubes:
If using user-sysmaint-split: The computer user needs to open a Qubes Root Console.

If using unrestricted admin mode: This sysmaint notice is not applicable. Continue with the steps below.

[14] If using user-sysmaint-split: The computer user needs to open a Qubes Root Console.

[15] If using unrestricted admin mode: This sysmaint notice is not applicable. Continue with the steps below.

[16] Check Make Permanent (if that option exists).

[10] rub-live:
/usr/lib/systemd/system/mnt-shared-vbox.service.d/30_grub-live.conf

/usr/lib/systemd/system/mnt-shared-kvm.service.d/30_grub-live.conf

[18] /usr/lib/systemd/system/mnt-shared-vbox.service.d/30_grub-live.conf

[19] /usr/lib/systemd/system/mnt-shared-kvm.service.d/30_grub-live.conf

[11] Because Kicksecure does not use the mnt-shared-vbox.service systemd unit.

[12] 
Installing VirtualBox Guest Addition by Default?

[22] Installing VirtualBox Guest Addition by Default?

[legacy15-13] virtualbox-guest-additions-iso is still installed by default. Should there be issues with virtualbox-guest-utils, virtualbox-guest-x11 as in the past due to unavailability, it is easier to fall back to that solution. vbox-guest-installer (an installation helper created by Kicksecure developers) is also still installed by default for the same purpose.

[14] debian/vm-config-dist.triggers

[15] Installation of VirtualBox guest additions from CD might also cause issues.

[16] 
https://www.phoronix.com/news/VirtualBox-Guest-V2-Continues

https://www.phoronix.com/news/Linux-4.16-vboxguest

vboxguest: https://www.phoronix.com/news/Linux-4.16-Three-New-Subsystems

vboxsf: https://www.phoronix.com/news/VBOXSF-VirtualBox-Staging

search term: site:kernel.org vbox

[27] ttps://www.phoronix.com/news/VirtualBox-Guest-V2-Continues

[28] ttps://www.phoronix.com/news/Linux-4.16-vboxguest

[29] vboxguest: https://www.phoronix.com/news/Linux-4.16-Three-New-Subsystems

[30] vboxsf: https://www.phoronix.com/news/VBOXSF-VirtualBox-Staging

[31] search term: site:kernel.org vbox

[17] This results in guest additions being non-functional after the next reboot. During that reboot, VirtualBox guest additions will automatically detect the missing kernel modules for the upgraded kernel and build them. After rebooting one more time, the issue should be resolved until the next kernel upgrade. Please contribute to generic bug reproduction:
Conceptually: Generic Bug Reproduction

Specifically: VirtualBox Generic Bug Reproduction and Debugging.
See also Kicksecure-specific technical information: VirtualBox Integration.

[33] Conceptually: Generic Bug Reproduction

[34] Specifically: VirtualBox Generic Bug Reproduction and Debugging.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

VirtualBox Guest Additions: Clipboard Sharing, Shared Folder, and More

Contents

Clipboard Sharing

Shared Folder

Kicksecure

Whonix

Other Operating Systems

Generic VirtualBox Method

Shared Folder in Live Mode

Kicksecure

Kicksecure-Qubes

Others and Alternatives

VirtualBox Guest Additions

Introduction

VirtualBox Guest Additions Installation Sources

vbox-guest-installer

VirtualBox Guest Additions CD

Migration to Oracle Style VirtualBox Guest Additions

Migration to Debian Style VirtualBox Guest Additions Packages

VirtualBox Guest Additions Security

Alternatives

Miscellaneous

Uninstall virtualbox-guest-additions-iso

Debugging

Kernel Upgrades

Non-Issues

See Also

Footnotes

Shared Folder Permission Fix

Navigation menu

VirtualBox Guest Additions: Clipboard Sharing, Shared Folder, and More

Clipboard Sharing

Shared Folder

Kicksecure

Whonix

Other Operating Systems

Generic VirtualBox Method

Shared Folder in Live Mode

Kicksecure

Kicksecure-Qubes

Others and Alternatives

VirtualBox Guest Additions

Introduction

VirtualBox Guest Additions Installation Sources

vbox-guest-installer

VirtualBox Guest Additions CD

Migration to Oracle Style VirtualBox Guest Additions

Migration to Debian Style VirtualBox Guest Additions Packages

VirtualBox Guest Additions Security

Alternatives

Miscellaneous

Uninstall virtualbox-guest-additions-iso

Debugging

Kernel Upgrades

Non-Issues

See Also

Footnotes

Shared Folder Permission Fix

Navigation menu

Search