VirtualBox Guest Additions and Shared Folders

From Kicksecure



Bidirectional clipboard sharing is currently enabled by default in Kicksecure ™ VirtualBox VM. [1] There are good reasons to disable clipboard sharing, Left to the user to decide if he want to disable it or not.

Shared folders are discouraged because it weakens isolation between the guest and the host. Providing a mechanism to access files of the host system from within the guest system via a specially defined path necessarily enlarges the attack surface and provides a potential pathway for malicious actors to compromise the host. [2] [3] [4]

Clipboard Sharing[edit]

To change the clipboard sharing setting:

  1. Power off the virtual machine. [5]
  2. Navigate to VirtualBox machine settingsGeneralAdvancedShared Clipboard
  3. Set the preferred configuration: Disabled, Guest to Host, Host to Guest or Bidirectional.
  4. Power on the virtual machine again.

To learn more, see: VirtualBox Manual - Chapter 3. Configuring Virtual Machines.

Shared Folder[edit]

Kicksecure ™-Default[edit]

Info Note:

  • From VirtualBox v6+ it is no longer necessary to power off the virtual machine.
  • For better usability, package shared-folder-help has already added user user to group vboxsf. [6]
  1. Navigate to the shared folder settings of the virtual machine: VirtualBoxright-click the virtual machineSettingsShared Folder
  2. Click the folder icon that has a + symbol in the upper right-hand section of the screen.
  3. Folder Path → Navigate to the folder you want to share.
  4. Folder Name → Type: shared. A different folder name can be utilized, but shared is recommended so it is the same as the example documented below -- do not use share (without the trailing d)!
  5. Check Read-only if you do not want to write to that folder from within the guest.
  6. Check Auto-mount. [7]
  7. Mount Point → Leave as is (leave it empty and do not make any changes). [8]
  8. Check Make Permanent (if that option exists). [9]
  9. Press OK to close shared folder dialog.
  10. Press OK to close VirtualBox settings.
  11. The process is now complete and the shared folder can be used.

VirtualBox shared folders are found inside the virtual machine in folder /media/.

By default, VirtualBox uses the prefix sf_.

In the above example, the shared folder will become cd /mnt/sf_shared. It can be opened using a file manager like Thunar. To open it using the the command line, run.

cd /mnt/sf_shared

Kicksecure-Custom-Workstation ™[edit]

If you are using a Kicksecure-Custom-Workstation ™ additional steps are required. Please click on expand on the right.

Two options exist: automatic mounting or manual mounting. The automatic mounting method is described below. For additional information on shared folders refer to the VirtualBox manual. Any additional questions are unspecific to Kicksecure ™ and should be addressed as per the Free Support Principle.

  1. Install VirtualBox guest additions inside the VM. [10]
  2. Add the user that will utilize shared folders from inside the VM to group vboxsf:
    sudo addgroup user vboxsf
  3. A reboot is required to make group changes take effect.
  4. Follow the instructions above.

VirtualBox Guest Additions[edit]


In Kicksecure ™, VirtualBox guest additions are installed by default. [11]

To avoid any issues with the guest additions, users are highly recommended to:

  1. Use the Recommended VirtualBox Version for use with Kicksecure ™.
  2. Leave installation of the recommended version of VirtualBox guest additions to Kicksecure ™ as dcoumented and to avoid manual installation. This documentation will be updated as required. Check back later in case you have issues.
  • Kicksecure ™ 15: VirtualBox guest additions (from package virtualbox-guest-additions-iso) are automatically being kept updated by vbox-guest-installer, which is an installation helper created by Kicksecure ™ developers when Kicksecure ™ is updated.
  • Kicksecure ™ 16: VirtualBox guest additions (from packages virtualbox-guest-utils, virtualbox-guest-x11) are installed by default and should be preferred over virtualbox-guest-additions-iso. [12]

There might be a few odd messages during updates which are actually non-issues. Unless actual functionality is broken, please do not ask about odd messages as per Support Request Policy.

In case of issues, see also VirtualBox troubleshooting and consider a bug report.

virtualbox-guest-additions-iso package[edit]

virtualbox-guest-x11 package[edit]

  • Kicksecure ™ 15: Earlier Kicksecure ™ versions, used to install package virtualbox-guest-x11 by default. This will currently not work and is discouraged. (technical details)
  • Kicksecure ™ 16: Installed by default.


vbox-guest-installer is an installation helper created by Kicksecure ™ developers. It is a helper utility for better usability that allows to install VirtualBox guest additions from package virtualbox-guest-additions-iso.

Usually no user action required.

  • Kicksecure ™ 15: Enabled by default.
  • Kicksecure ™ 16: Not enabled by default.

It is usually not required to change vbox-guest-installer settings, to enable/disable or to manually run it.

Whenever the Linux kernel package or virtualbox-guest-additions-iso is upgraded, vbox-guest-installer should be automatically running.

Migration to Guest Additions Packages[edit]

  • Kicksecure ™ 15 Release Upgradeed to Kicksecure ™ 16: This is recommend.
  • Kicksecure ™ 16 new downloads: No action required.

1. Uninstall virtualbox-guest-additions-iso.

2. Install.

Install virtualbox-guest-utils virtualbox-guest-x11. To accomplish that, the following steps A. to D. need to be done.

A. Update the package lists.

sudo apt update

B. Upgrade the system.

sudo apt full-upgrade

C. Install the virtualbox-guest-utils virtualbox-guest-x11 package.

Using apt command line parameter --no-install-recommends is in most cases optional.

sudo apt install --no-install-recommends virtualbox-guest-utils virtualbox-guest-x11

D. Done.

The procedure of installing virtualbox-guest-utils virtualbox-guest-x11 is complete.

3. Reboot.

4. Done.

Migration from VirtualBox Guest Additions ISO to Guest Additions packages has been completed.

VirtualBox Guest Additions CD[edit]

In Kicksecure ™ it is therefore unnecessary and discouraged to install guest additions from a VirtualBox CD. Do not use VirtualBoxDevicesInsert Guest Additions CD image.... Doing so could lead to version conflicts of the VirtualBox host version versus the VirtualBox guest additions version such as black screen, screen resolution bug, broken host to VM copy/paste and similar. [14]

If you are using other operating systems (custom workstation), using VirtualBox Guest Additions CD is OK. In that case, issues should be resolved as per Free Support Principle because it would be unspecific to Kicksecure ™.

VirtualBox Guest Additions Security[edit]

General concerns have been raised about the security of VirtualBox, for example see the article The VirtualBox Kernel Driver Is Tainted Crap . However, this refers to the kernel driver (on the host), not guest additions. For opposite viewpoints, see here and here.


It is possible to achieve similar functionality without installing guest additions:

  • For file exchange with Kicksecure ™, see: File Transfer and File Sharing.
  • To achieve a higher screen resolution, see: Higher Screen Resolution without VirtualBox Guest Additions.
  • To achieve mouse integration, it is possible to set a USB tablet in VirtualBox settings. This is recommended against because it requires adding a USB controller to VirtualBox. (VirtualBoxRight-click on Virtual MachineSettingsSystemEnable absolute pointing device)


Uninstall virtualbox-guest-additions-iso[edit]

This is discouraged and should not be required. However, if you wish to uninstall VirtualBox guest additions as installed by vbox-guest-installer by Kicksecure ™ developers, follow the steps below.


  • Kicksecure ™ 15: Purge package virtualbox-guest-additions-iso. This will result in vbox-guest-installer by Kicksecure ™ developers in future doing effectively nothing.
    sudo apt purge virtualbox-guest-additions-iso
  • Kicksecure ™ 16: No purge of package virtualbox-guest-additions-iso required since vbox-guest-installer effectively does nothing if VirtualBox guest additions packages are installed. If purging virtualbox-guest-additions-iso is desired this is OK too.

2. Remove VirtualBox guest additions (previously installed by Kicksecure ™ from virtualbox-guest-additions-iso. Run VirtualBox guest additions uninstaller by VirtualBox developers.

sudo /usr/sbin/vbox-uninstall-guest-additions


To help debug issues, inspect the following logs and services.

cat /var/log/vboxadd-install.log

sudo systemctl status vboxadd

sudo systemctl status vboxadd-service.service

ls -la /opt/VBoxGuestAdditions-*/init/

Kernel Upgrades[edit]

The following issue is happening during kernel upgrades.

VirtualBox Guest Additions: Building the modules for kernel 5.6.0-0.bpo.2-amd64.
Failed to rename process, ignoring: Operation not permitted
update-initramfs terminated by signal TERM.

Workaround in short: two reboots required.

Workaround details: This results in guest additions being non-functional after the next reboot. During the next reboot VirtualBox guest additions will automatically detect the missing kernel modules for the upgraded kernel and build them. Therefore when rebooting yet another time the issue should be resolved until the next kernel upgrade.

Please contribute to generic bug reproduction:

See also Kicksecure ™ specific technical information, VirtualBox Integration.

One long term solution might be replacing initramfs-tools with dracut but that needs further research and development work. (develpoment discussion, issue)


If the following message appears during a kernel upgrade, it is a non-issue.


See Also[edit]


  1. Host -> Whonix-Gateway clipboard sharing enable by default?
  3. To learn more about VirtualBox shared folders, see: VirtualBox Manual - Chapter 4. Guest Additions.
  4. Admittedly, this recommendation does not have a strong rationale. Disabling additional features in other virtualizers or general applications will similarly lead to less code paths being utilized and arguably increasing security. VirtualBox software is not special in this regard.
  5. Because otherwise you cannot change VirtualBox VM settings.
  6. Using /lib/systemd/system/mnt-shared-vbox.service.
  7. If the option is unavailable, upgrade VirtualBox.
  8. Alternatively folder /home/user/shared can be chosen. The VirtualBox default means that folder would be owned by owner root and group vboxsf.
  9. This is specific to the VirtualBox version; newer versions do not have this option anymore. Check Make Permanent if this setting should persist after restart of the virtual machine. Otherwise this setting will be temporary.
  10. This step is required. Quote VirtualBox Manual - Chapter 4. Guest Additions:

    With the shared folders feature of Oracle VM VirtualBox, you can access files of your host system from within the guest system. This is similar to how you would use network shares in Windows networks, except that shared folders do not require networking, only the Guest Additions.

  11. 12.0 12.1 virtualbox-guest-additions-iso is still installed by default. Should there be issues with virtualbox-guest-utils, virtualbox-guest-x11 as there was in past due to unavailability, then it's easier to fall back to that solution. vbox-guest-installer] (installation helper created by Kicksecure ™ developers) is also still installed by default for the same purpose.
  12. Might still be used by users who Release Upgradeed from Kicksecure ™ 15 to Kicksecure ™ 16.
  13. Installation of VirtualBox guest additions from CD might also cause issues.

Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.