VirtualBox Guest Additions and Shared Folders
Bidirectional clipboard sharing is currently enabled by default in Kicksecure ™ VirtualBox VM.  There are good reasons to disable clipboard sharing, Left to the user to decide if he want to disable it or not.
Shared folders are discouraged because it weakens isolation between the guest and the host. Providing a mechanism to access files of the host system from within the guest system via a specially defined path necessarily enlarges the attack surface and provides a potential pathway for malicious actors to compromise the host.   
To change the clipboard sharing setting:
- Power off the virtual machine. 
- Navigate to
VirtualBox machine settings→
- Set the preferred configuration:
Guest to Host,
Host to Guestor
- Power on the virtual machine again.
To learn more, see: VirtualBox Manual - Chapter 3. Configuring Virtual Machines.
If you are using a Kicksecure-Custom-Workstation ™ additional steps are required. Please click on expand on the right.
Two options exist: automatic mounting or manual mounting. The automatic mounting method is described below. For additional information on shared folders refer to the VirtualBox manual. Any additional questions are unspecific to Kicksecure ™ and should be addressed as per the Free Support Principle.
- Install VirtualBox guest additions inside the VM. 
- Add the user that will utilize shared folders from inside the VM to group
vboxsf:sudo addgroup user vboxsf
- A reboot is required to make group changes take effect.
- Follow the instructions above.
VirtualBox Guest Additions
In Kicksecure ™, VirtualBox guest additions are installed by default. 
To avoid any issues with the guest additions, users are highly recommended to:
- Use the Recommended VirtualBox Version for use with Kicksecure ™.
- Leave installation of the recommended version of VirtualBox guest additions to Kicksecure ™ as dcoumented and to avoid manual installation. This documentation will be updated as required. Check back later in case you have issues.
- Kicksecure ™ 15: VirtualBox guest additions (from package
virtualbox-guest-additions-iso) are automatically being kept updated by
vbox-guest-installer, which is an installation helper created by Kicksecure ™ developers when Kicksecure ™ is updated.
- Kicksecure ™ 16: VirtualBox guest additions (from packages
virtualbox-guest-x11) are installed by default and should be preferred over
- Kicksecure ™ 15: Since Kicksecure ™
126.96.36.199.8the guest additions are installed from the
virtualbox-guest-additions-isopackage during the build process of Kicksecure ™. (technical details)
- Kicksecure ™ 16: Installed by default but not used by default.  
- Kicksecure ™ 15: Earlier Kicksecure ™ versions, used to install package
virtualbox-guest-x11by default. This will currently not work and is discouraged. (technical details)
- Kicksecure ™ 16: Installed by default.
vbox-guest-installer is an installation helper created by Kicksecure ™ developers. It is a helper utility for better usability that allows to install VirtualBox guest additions from package
Usually no user action required.
- Kicksecure ™ 15: Enabled by default.
- Kicksecure ™ 16: Not enabled by default.
It is usually not required to change
vbox-guest-installer settings, to enable/disable or to manually run it.
Whenever the Linux kernel package or
virtualbox-guest-additions-iso is upgraded,
vbox-guest-installer should be automatically running.
Migration to Guest Additions Packages
- Kicksecure ™ 15 Release Upgradeed to Kicksecure ™ 16: This is recommend.
- Kicksecure ™ 16 new downloads: No action required.
Migration from VirtualBox Guest Additions ISO to Guest Additions packages has been completed.
VirtualBox Guest Additions CD
In Kicksecure ™ it is therefore unnecessary and discouraged to install guest additions from a VirtualBox CD. Do
. Doing so could lead to version conflicts of the VirtualBox host version versus the VirtualBox guest additions version such as black screen, screen resolution bug, broken host to VM copy/paste and similar. 
Insert Guest Additions CD image...
If you are using other operating systems (custom workstation), using VirtualBox Guest Additions CD is OK. In that case, issues should be resolved as per Free Support Principle because it would be unspecific to Kicksecure ™.
VirtualBox Guest Additions Security
General concerns have been raised about the security of VirtualBox, for example see the article The VirtualBox Kernel Driver Is Tainted Crap . However, this refers to the kernel driver (on the host), not guest additions. For opposite viewpoints, see here and here.
It is possible to achieve similar functionality without installing guest additions:
- For file exchange with Kicksecure ™, see: File Transfer and File Sharing.
- To achieve a higher screen resolution, see: Higher Screen Resolution without VirtualBox Guest Additions.
- To achieve mouse integration, it is possible to set a USB tablet in VirtualBox settings. This is recommended against because it requires adding a USB controller to VirtualBox. (
Right-click on Virtual Machine→
Enable absolute pointing device)
This is discouraged and should not be required. However, if you wish to uninstall VirtualBox guest additions as installed by
vbox-guest-installer by Kicksecure ™ developers, follow the steps below.
- Kicksecure ™ 15: Purge package
virtualbox-guest-additions-iso. This will result in
vbox-guest-installerby Kicksecure ™ developers in future doing effectively nothing.sudo apt purge virtualbox-guest-additions-iso
- Kicksecure ™ 16: No purge of package
vbox-guest-installereffectively does nothing if VirtualBox guest additions packages are installed. If purging
virtualbox-guest-additions-isois desired this is OK too.
2. Remove VirtualBox guest additions (previously installed by Kicksecure ™ from
virtualbox-guest-additions-iso. Run VirtualBox guest additions uninstaller by VirtualBox developers.
To help debug issues, inspect the following logs and services.
The following issue is happening during kernel upgrades.
/etc/kernel/postinst.d/vboxadd: VirtualBox Guest Additions: Building the modules for kernel 5.6.0-0.bpo.2-amd64. Failed to rename process, ignoring: Operation not permitted update-initramfs terminated by signal TERM.
Workaround in short: two reboots required.
Workaround details: This results in guest additions being non-functional after the next reboot. During the next reboot VirtualBox guest additions will automatically detect the missing kernel modules for the upgraded kernel and build them. Therefore when rebooting yet another time the issue should be resolved until the next kernel upgrade.
Please contribute to generic bug reproduction:
- Conceptually: Generic Bug Reproduction
- Specifically: VirtualBox Generic Bug Reproduction and Debugging.
See also Kicksecure ™ specific technical information, VirtualBox Integration.
If the following message appears during a kernel upgrade, it is a non-issue.
- VirtualBox Guest Additions Installation Technical Details
- VirtualBox Guest Additions ISO Freedom vs Non-Freedom
- Host -> Whonix-Gateway clipboard sharing enable by default?
- To learn more about VirtualBox shared folders, see: VirtualBox Manual - Chapter 4. Guest Additions.
- Admittedly, this recommendation does not have a strong rationale. Disabling additional features in other virtualizers or general applications will similarly lead to less code paths being utilized and arguably increasing security. VirtualBox software is not special in this regard.
- Because otherwise you cannot change VirtualBox VM settings.
- Using /lib/systemd/system/mnt-shared-vbox.service.
- If the option is unavailable, upgrade VirtualBox.
/home/user/sharedcan be chosen. The VirtualBox default means that folder would be owned by owner
This is specific to the VirtualBox version; newer versions do not have this option anymore.
Make Permanentif this setting should persist after restart of the virtual machine. Otherwise this setting will be temporary.
- This step is required. Quote VirtualBox Manual - Chapter 4. Guest Additions:
With the shared folders feature of Oracle VM VirtualBox, you can access files of your host system from within the guest system. This is similar to how you would use network shares in Windows networks, except that shared folders do not require networking, only the Guest Additions.
virtualbox-guest-additions-isois still installed by default. Should there be issues with
virtualbox-guest-x11as there was in past due to unavailability, then it's easier to fall back to that solution.
vbox-guest-installer] (installation helper created by Kicksecure ™ developers) is also still installed by default for the same purpose.
- Might still be used by users who Release Upgradeed from Kicksecure ™ 15 to Kicksecure ™ 16.
- Installation of VirtualBox guest additions from CD might also cause issues.