VirtualBox

source: vbox/trunk/doc/manual/en_US/user_AdvancedTopics.xml@ 84448

最後變更 在這個檔案從84448是 84012,由 vboxsync 提交於 5 年 前

Main: bugref:9341: Fixed manual for the autostart service for Windows

  • 屬性 svn:eol-style 設為 native
  • 屬性 svn:keywords 設為 Id Revision
檔案大小: 237.5 KB
 
1<?xml version="1.0" encoding="UTF-8"?>
2<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"[
4<!ENTITY % all.entities SYSTEM "all-entities.ent">
5%all.entities;
6]>
7<chapter id="AdvancedTopics">
8
9 <title>Advanced Topics</title>
10
11 <sect1 id="autologon">
12
13 <title>Automated Guest Logins</title>
14
15 <para>
16 &product-name; provides Guest Addition modules for Windows, Linux,
17 and Oracle Solaris to enable automated logins on the guest.
18 </para>
19
20 <para>
21 When a guest operating system is running in a virtual machine, it
22 might be desirable to perform coordinated and automated logins
23 using credentials from a master login system. Credentials are user
24 name, password, and domain name, where each value might be empty.
25 </para>
26
27 <sect2 id="autologon_win">
28
29 <title>Automated Windows Guest Logins</title>
30
31 <para>
32 Windows provides a modular system login subsystem, called
33 Winlogon, which can be customized and extended by means of
34 so-called GINA (Graphical Identification and Authentication)
35 modules. In Windows Vista and later releases, the GINA modules
36 were replaced with a new mechanism called credential providers.
37 The &product-name; Guest Additions for Windows come with both, a
38 GINA and a credential provider module, and therefore enable any
39 Windows guest to perform automated logins.
40 </para>
41
42 <para>
43 To activate the &product-name; GINA or credential provider
44 module, install the Guest Additions using the command line
45 switch <option>/with_autologon</option>. All the following
46 manual steps required for installing these modules will be then
47 done by the installer.
48 </para>
49
50 <para>
51 To manually install the &product-name; GINA module, extract the
52 Guest Additions as shown in
53 <xref linkend="windows-guest-file-extraction" />, and copy the
54 <filename>VBoxGINA.dll</filename> file to the Windows
55 <filename>SYSTEM32</filename> directory. In the registry, create
56 the following key with a value of
57 <filename>VBoxGINA.dll</filename>:
58 </para>
59
60<screen>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL</screen>
61
62 <note>
63 <para>
64 The &product-name; GINA module is implemented as a wrapper
65 around the <filename>MSGINA.DLL</filename> standard Windows
66 GINA module. As a result, it might not work correctly with
67 third-party GINA modules.
68 </para>
69 </note>
70
71 <para>
72 To manually install the &product-name; credential provider
73 module, extract the Guest Additions as shown in
74 <xref linkend="windows-guest-file-extraction" /> and copy the
75 <filename>VBoxCredProv.dll</filename> file to the Windows
76 <filename>SYSTEM32</filename> directory. In the registry, create
77 the following keys:
78 </para>
79
80<screen>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
81Authentication\Credential Providers\{275D3BCC-22BB-4948-A7F6-3A3054EBA92B}
82
83HKEY_CLASSES_ROOT\CLSID\{275D3BCC-22BB-4948-A7F6-3A3054EBA92B}
84
85HKEY_CLASSES_ROOT\CLSID\{275D3BCC-22BB-4948-A7F6-3A3054EBA92B}\InprocServer32</screen>
86
87 <para>
88 All default values, the key named <literal>Default</literal>,
89 must be set to <literal>VBoxCredProv</literal>.
90 </para>
91
92 <para>
93 Create the following string and assign it a value of
94 <literal>Apartment</literal>.
95 </para>
96
97<screen>HKEY_CLASSES_ROOT\CLSID\{275D3BCC-22BB-4948-A7F6-3A3054EBA92B}\InprocServer32\ThreadingModel</screen>
98
99 <para>
100 To set credentials, use the following command on a
101 <emphasis>running</emphasis> VM:
102 </para>
103
104<screen>$ VBoxManage controlvm "Windows XP" setcredentials "John Doe" "secretpassword" "DOMTEST"</screen>
105
106 <para>
107 While the VM is running, the credentials can be queried by the
108 &product-name; login modules, GINA or credential provider, using
109 the &product-name; Guest Additions device driver. When Windows
110 is in <emphasis>logged out</emphasis> mode, the login modules
111 will constantly poll for credentials and if they are present, a
112 login will be attempted. After retrieving the credentials, the
113 login modules will erase them so that the above command will
114 have to be repeated for subsequent logins.
115 </para>
116
117 <para>
118 For security reasons, credentials are not stored in any
119 persistent manner and will be lost when the VM is reset. Also,
120 the credentials are write-only. There is no way to retrieve the
121 credentials from the host side. Credentials can be reset from
122 the host side by setting empty values.
123 </para>
124
125 <para>
126 Depending on the Windows guest version, the following
127 restrictions apply:
128 </para>
129
130 <itemizedlist>
131
132 <listitem>
133 <para>
134 For <emphasis role="bold">Windows XP guests.</emphasis> The
135 login subsystem needs to be configured to use the classic
136 login dialog, as the &product-name; GINA module does not
137 support the Windows XP-style welcome dialog.
138 </para>
139 </listitem>
140
141 <listitem>
142 <para>
143 <emphasis role="bold">Windows Vista, Windows 7, Windows 8,
144 and Windows 10 guests.</emphasis> The login subsystem does
145 not support the so-called Secure Attention Sequence,
146 <literal>Ctrl+Alt+Del</literal>. As a result, the guest's
147 group policy settings need to be changed to not use the
148 Secure Attention Sequence. Also, the user name given is only
149 compared to the true user name, not the user friendly name.
150 This means that when you rename a user, you still have to
151 supply the original user name as Windows never renames user
152 accounts internally.
153 </para>
154 </listitem>
155
156 <listitem>
157 <para>
158 Automatic login handling of the built-in
159 <emphasis role="bold">Windows Remote Desktop
160 Service</emphasis>, formerly known as Terminal Services, is
161 disabled by default. To enable it, create the following
162 registry key with a <literal>DWORD</literal> value of
163 <literal>1</literal>.
164 </para>
165
166<screen>HKEY_LOCAL_MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions\AutoLogon</screen>
167 </listitem>
168
169 </itemizedlist>
170
171 <para>
172 The following command forces &product-name; to keep the
173 credentials after they were read by the guest and on VM reset:
174 </para>
175
176<screen>$ VBoxManage setextradata "Windows XP" VBoxInternal/Devices/VMMDev/0/Config/KeepCredentials 1</screen>
177
178 <para>
179 Note that this is a potential security risk, as a malicious
180 application running on the guest could request this information
181 using the proper interface.
182 </para>
183
184 </sect2>
185
186 <sect2 id="autologon_unix">
187
188 <title>Automated Linux and UNIX Guest Logins</title>
189
190 <para>
191 &product-name; provides a custom PAM module (Pluggable
192 Authentication Module) which can be used to perform automated
193 guest logins on platforms which support this framework.
194 Virtually all modern Linux and UNIX distributions rely on PAM.
195 </para>
196
197 <para>
198 For automated logins on Ubuntu, or Ubuntu-derived, distributions
199 using LightDM as the display manager. See
200 <xref linkend="autologon_unix_lightdm" />.
201 </para>
202
203 <para>
204 The <filename>pam_vbox.so</filename> module itself
205 <emphasis>does not</emphasis> do an actual verification of the
206 credentials passed to the guest OS. Instead it relies on other
207 modules such as <filename>pam_unix.so</filename> or
208 <filename>pam_unix2.so</filename> down in the PAM stack to do
209 the actual validation using the credentials retrieved by
210 <filename>pam_vbox.so</filename>. Therefore
211 <filename>pam_vbox.so</filename> has to be on top of the
212 authentication PAM service list.
213 </para>
214
215 <note>
216 <para>
217 The <filename>pam_vbox.so</filename> module only supports the
218 <literal>auth</literal> primitive. Other primitives such as
219 <literal>account</literal>, <literal>session</literal>, or
220 <literal>password</literal> are not supported.
221 </para>
222 </note>
223
224 <para>
225 The <filename>pam_vbox.so</filename> module is shipped as part
226 of the Guest Additions but it is not installed and/or activated
227 on the guest OS by default. In order to install it, it has to be
228 copied from
229 <filename>/opt/VBoxGuestAdditions-<replaceable>version</replaceable>/other/</filename>
230 to the security modules directory. This is usually
231 <filename>/lib/security/</filename> on 32-bit Linux guests or
232 <filename>/lib64/security/</filename> on 64-bit Linux guests.
233 Please refer to your guest OS documentation for the correct PAM
234 module directory.
235 </para>
236
237 <para>
238 For example, to use <filename>pam_vbox.so</filename> with a
239 Ubuntu Linux guest OS and the GNOME Desktop Manager (GDM) to log
240 in users automatically with the credentials passed by the host,
241 configure the guest OS as follows:
242 </para>
243
244 <orderedlist>
245
246 <listitem>
247 <para>
248 Copy the <filename>pam_vbox.so</filename> module to the
249 security modules directory. In this case,
250 <filename>/lib/security</filename>.
251 </para>
252 </listitem>
253
254 <listitem>
255 <para>
256 Edit the PAM configuration file for GDM, found at
257 <filename>/etc/pam.d/gdm</filename>. Add the line
258 <literal>auth requisite pam_vbox.so</literal> at the top.
259 Additionally, in most Linux distributions there is a file
260 called <filename>/etc/pam.d/common-auth</filename>. This
261 file is included in many other services, like the GDM file
262 mentioned above. There you also have to add the line
263 <literal>auth requisite pam_vbox.so</literal>.
264 </para>
265 </listitem>
266
267 <listitem>
268 <para>
269 If authentication against the shadow database using
270 <filename>pam_unix.so</filename> or
271 <filename>pam_unix2.so</filename> is desired, the argument
272 <literal>try_first_pass</literal> for
273 <filename>pam_unix.so</filename> or
274 <literal>use_first_pass</literal> for
275 <filename>pam_unix2.so</filename> is needed in order to pass
276 the credentials from the &product-name; module to the shadow
277 database authentication module. For Ubuntu, this needs to be
278 added to <filename>/etc/pam.d/common-auth</filename>, to the
279 end of the line referencing
280 <filename>pam_unix.so</filename>. This argument tells the
281 PAM module to use credentials already present in the stack,
282 such as the ones provided by the &product-name; PAM module.
283 </para>
284 </listitem>
285
286 </orderedlist>
287
288 <warning>
289 <para>
290 An incorrectly configured PAM stack can effectively prevent
291 you from logging into your guest system.
292 </para>
293 </warning>
294
295 <para>
296 To make deployment easier, you can pass the argument
297 <literal>debug</literal> right after the
298 <filename>pam_vbox.so</filename> statement. Debug log output
299 will then be recorded using syslog.
300 </para>
301
302 <note>
303 <para>
304 By default, <command>pam_vbox</command> does not wait for
305 credentials to arrive from the host. When a login prompt is
306 shown, for example by GDM/KDM or the text console, and
307 <command>pam_vbox</command> does not yet have credentials it
308 does not wait until they arrive. Instead the next module in
309 the PAM stack, depending on the PAM configuration, will have
310 the chance for authentication.
311 </para>
312 </note>
313
314 <para>
315 <command>pam_vbox</command> supports various guest property
316 parameters that are located in
317 <filename>/VirtualBox/GuestAdd/PAM/</filename>. These parameters
318 allow <command>pam_vbox</command> to wait for credentials to be
319 provided by the host and optionally can show a message while
320 waiting for those. The following guest properties can be set:
321 </para>
322
323 <itemizedlist>
324
325 <listitem>
326 <para>
327 <literal>CredsWait</literal>: Set to 1 if
328 <command>pam_vbox</command> should start waiting until
329 credentials arrive from the host. Until then no other
330 authentication methods such as manually logging in will be
331 available. If this property is empty or gets deleted no
332 waiting for credentials will be performed and
333 <command>pam_vbox</command> will act like before. This
334 property must be set read-only for the guest
335 (<literal>RDONLYGUEST</literal>).
336 </para>
337 </listitem>
338
339 <listitem>
340 <para>
341 <literal>CredsWaitAbort</literal>: Aborts waiting for
342 credentials when set to any value. Can be set from host and
343 the guest.
344 </para>
345 </listitem>
346
347 <listitem>
348 <para>
349 <literal>CredsWaitTimeout</literal>: Timeout, in seconds, to
350 let <command>pam_vbox</command> wait for credentials to
351 arrive. When no credentials arrive within this timeout,
352 authentication of <command>pam_vbox</command> will be set to
353 failed and the next PAM module in chain will be asked. If
354 this property is not specified, set to 0 or an invalid
355 value, an infinite timeout will be used. This property must
356 be set read-only for the guest
357 (<literal>RDONLYGUEST</literal>).
358 </para>
359 </listitem>
360
361 </itemizedlist>
362
363 <para>
364 To customize <command>pam_vbox</command> further there are the
365 following guest properties:
366 </para>
367
368 <itemizedlist>
369
370 <listitem>
371 <para>
372 <literal>CredsMsgWaiting</literal>: Custom message showed
373 while pam_vbox is waiting for credentials from the host.
374 This property must be set read-only for the guest
375 (<literal>RDONLYGUEST</literal>).
376 </para>
377 </listitem>
378
379 <listitem>
380 <para>
381 <literal>CredsMsgWaitTimeout</literal>: Custom message
382 showed when waiting for credentials by
383 <command>pam_vbox</command> has timed out. For example, they
384 did not arrive within time. This property must be set
385 read-only for the guest (<literal>RDONLYGUEST</literal>).
386 </para>
387 </listitem>
388
389 </itemizedlist>
390
391 <note>
392 <para>
393 If a <command>pam_vbox</command> guest property does not have
394 the correct flag set (<literal>RDONLYGUEST</literal>) the
395 property is ignored and, depending on the property, a default
396 value will be used. This can result in pam_vbox not waiting
397 for credentials. Consult the appropriate syslog file for more
398 information and use the <literal>debug</literal> option.
399 </para>
400 </note>
401
402 <sect3 id="autologon_unix_lightdm">
403
404 <title>&product-name; Greeter for Ubuntu/LightDM</title>
405
406 <para>
407 &product-name; comes with a greeter module, named
408 <command>vbox-greeter</command>, that can be used with
409 LightDM. LightDM is the default display manager for Ubuntu
410 Linux and therefore can also be used for automated guest
411 logins.
412 </para>
413
414 <para>
415 <command>vbox-greeter</command> does not need the
416 <command>pam_vbox</command> module described in
417 <xref linkend="autologon_unix"/>in order to function. It comes
418 with its own authentication mechanism provided by LightDM.
419 However, to provide maximum flexibility both modules can be
420 used together on the same guest.
421 </para>
422
423 <para>
424 As with the <command>pam_vbox</command> module,
425 <command>vbox-greeter</command> is shipped as part of the
426 Guest Additions but it is not installed or activated on the
427 guest OS by default. To install
428 <command>vbox-greeter</command> automatically upon Guest
429 Additions installation, use the
430 <option>--with-autologon</option> option when starting the
431 <command>VBoxLinuxAdditions.run</command> file:
432 </para>
433
434<screen># ./VBoxLinuxAdditions.run -- --with-autologon</screen>
435
436 <para>
437 For manual or postponed installation, copy the
438 <filename>vbox-greeter.desktop</filename> file from
439 <filename>/opt/VBoxGuestAdditions-&lt;version&gt;/other/</filename>
440 to the <filename>xgreeters</filename> directory, which is
441 usually <filename>/usr/share/xgreeters/</filename>. See your
442 guest OS documentation for the name of the correct LightDM
443 greeter directory.
444 </para>
445
446 <para>
447 The <command>vbox-greeter</command> module is installed by the
448 &product-name; Guest Additions installer and is located in
449 <filename>/usr/sbin/</filename>. To enable
450 <command>vbox-greeter</command> as the standard greeter
451 module, edit the file
452 <filename>/etc/lightdm/lightdm.conf</filename> as follows:
453 </para>
454
455<screen>[SeatDefaults]
456greeter-session=vbox-greeter</screen>
457
458 <note>
459 <itemizedlist>
460
461 <listitem>
462 <para>
463 The LightDM server must be fully restarted in order for
464 <command>vbox-greeter</command> to be used as the
465 default greeter. As <literal>root</literal> on Ubuntu,
466 run <command>service lightdm --full-restart</command> or
467 restart the guest.
468 </para>
469 </listitem>
470
471 <listitem>
472 <para>
473 <command>vbox-greeter</command> is independent of the
474 graphical session you choose, such as Gnome, KDE, or
475 Unity. However, <command>vbox-greeter</command> does
476 require FLTK 1.3 or later to implement its own user
477 interface.
478 </para>
479 </listitem>
480
481 </itemizedlist>
482 </note>
483
484 <para>
485 There are numerous guest properties which can be used to
486 further customize the login experience. For automatically
487 logging in users, the same guest properties apply as for
488 <command>pam_vbox</command>. See
489 <xref linkend="autologon_unix" />.
490 </para>
491
492 <para>
493 In addition to the previously mentioned guest properties,
494 <command>vbox-greeter</command> enables you to further
495 customize its user interface. The following guest properties
496 are located in the
497 <filename>/VirtualBox/GuestAdd/Greeter/</filename> directory:
498 </para>
499
500 <itemizedlist>
501
502 <listitem>
503 <para>
504 <literal>HideRestart</literal>: Set to 1 if
505 <command>vbox-greeter</command> should hide the button to
506 restart the guest. This property must be set read-only for
507 the guest (<literal>RDONLYGUEST</literal>).
508 </para>
509 </listitem>
510
511 <listitem>
512 <para>
513 <literal>HideShutdown</literal>: Set to 1 if
514 <command>vbox-greeter</command> should hide the button to
515 shutdown the guest. This property must be set read-only
516 for the guest (<literal>RDONLYGUEST</literal>).
517 </para>
518 </listitem>
519
520 <listitem>
521 <para>
522 <literal>BannerPath</literal>: Path to a
523 <filename>.PNG</filename> file to use as a banner image on
524 the top of the greeter. The image size must be 460 x 90
525 pixels, any bit depth. This property must be set read-only
526 for the guest (<literal>RDONLYGUEST</literal>).
527 </para>
528 </listitem>
529
530 <listitem>
531 <para>
532 <literal>UseTheming</literal>: Set to 1 for turning on the
533 following theming options. This property must be set
534 read-only for the guest (<literal>RDONLYGUEST</literal>).
535 </para>
536 </listitem>
537
538 <listitem>
539 <para>
540 <literal>Theme/BackgroundColor</literal>: Hexadecimal
541 RRGGBB color for the background. This property must be set
542 read-only for the guest (<literal>RDONLYGUEST</literal>).
543 </para>
544 </listitem>
545
546 <listitem>
547 <para>
548 <literal>Theme/LogonDialog/HeaderColor</literal>:
549 Hexadecimal RRGGBB foreground color for the header text.
550 This property must be set read-only for the guest
551 (<literal>RDONLYGUEST</literal>).
552 </para>
553 </listitem>
554
555 <listitem>
556 <para>
557 <literal>Theme/LogonDialog/BackgroundColor</literal>:
558 Hexadecimal RRGGBB color for the login dialog background.
559 This property must be set read-only for the guest
560 (<literal>RDONLYGUEST</literal>).
561 </para>
562 </listitem>
563
564 <listitem>
565 <para>
566 <literal>Theme/LogonDialog/ButtonColor</literal>:
567 Hexadecimal RRGGBB background color for the login dialog
568 button. This property must be set read-only for the guest
569 (<literal>RDONLYGUEST</literal>).
570 </para>
571 </listitem>
572
573 </itemizedlist>
574
575 <note>
576 <para>
577 The same restrictions for the guest properties above apply
578 as for the ones specified in the <literal>pam_vbox</literal>
579 section.
580 </para>
581 </note>
582
583 </sect3>
584
585 </sect2>
586
587 </sect1>
588
589 <sect1 id="adv-config-win-guest">
590
591 <title>Advanced Configuration for Windows Guests</title>
592
593 <sect2 id="sysprep">
594
595 <title>Automated Windows System Preparation</title>
596
597 <para>
598 Microsoft offers a system preparation tool called Sysprep, to
599 prepare a Windows system for deployment or redistribution. Some
600 Windows releases include Sysprep on the installation medium, but
601 the tool is also available for download from the Microsoft web
602 site. In a standard For most Windows versions, Sysprep is
603 included in a default installation. Sysprep mainly consists of
604 an executable called <command>sysprep.exe</command> which is
605 invoked by the user to put the Windows installation into
606 preparation mode.
607 </para>
608
609 <para>
610 The Guest Additions offer a way to launch a system preparation
611 on the guest operating system in an automated way, controlled
612 from the host system. See
613 <xref linkend="guestadd-guestcontrol" /> for details of how to
614 use this feature with the special identifier
615 <literal>sysprep</literal> as the program to execute, along with
616 the user name <literal>sysprep</literal> and password
617 <literal>sysprep</literal> for the credentials. Sysprep is then
618 started with the required system rights.
619 </para>
620
621 <note>
622 <para>
623 Specifying the location of <command>sysprep.exe</command> is
624 <emphasis role="bold">not possible</emphasis>. Instead the
625 following paths are used, based on the Windows release:
626 </para>
627
628 <itemizedlist>
629
630 <listitem>
631 <para>
632 <filename>C:\sysprep\sysprep.exe</filename> for Windows XP
633 and earlier
634 </para>
635 </listitem>
636
637 <listitem>
638 <para>
639 <filename>%WINDIR%\System32\sysprep\sysprep.exe</filename>
640 for Windows Vista and later
641 </para>
642 </listitem>
643
644 </itemizedlist>
645
646 <para>
647 The Guest Additions will automatically use the appropriate
648 path to execute the system preparation tool.
649 </para>
650 </note>
651
652 </sect2>
653
654 </sect1>
655
656 <sect1 id="adv-config-linux-guest">
657
658 <title>Advanced Configuration for Linux and Oracle Solaris Guests</title>
659
660 <sect2 id="linux-guest-manual-setup">
661
662 <title>Manual Setup of Selected Guest Services on Linux</title>
663
664 <para>
665 The &product-name; Guest Additions contain several different
666 drivers. If you do not want to configure them all, use the
667 following command to install the Guest Additions:
668 </para>
669
670<screen>$ sh ./VBoxLinuxAdditions.run no_setup</screen>
671
672 <para>
673 After running this script, run the <command>rcvboxadd
674 setup</command> command as <literal>root</literal> to compile
675 the kernel modules.
676 </para>
677
678 <para>
679 On some 64-bit guests, you must replace <filename>lib</filename>
680 with <filename>lib64</filename>. On older guests that do not run
681 the <command>udev</command> service, you must add the
682 <command>vboxadd</command> service to the default runlevel to
683 ensure that the modules are loaded.
684 </para>
685
686 <para>
687 To set up the time synchronization service, add the
688 <command>vboxadd-service</command> service to the default
689 runlevel. To set up the X11 and OpenGL part of the Guest
690 Additions, run the <command>rcvboxadd-x11 setup</command>
691 command. Note that you do not need to enable additional
692 services.
693 </para>
694
695 <para>
696 Use the <command>rcvboxadd setup</command> to recompile the
697 guest kernel modules.
698 </para>
699
700 <para>
701 After compilation, reboot your guest to ensure that the new
702 modules are loaded.
703 </para>
704
705 </sect2>
706
707 <sect2 id="guestxorgsetup">
708
709 <title>Guest Graphics and Mouse Driver Setup in Depth</title>
710
711 <para>
712 This section assumes that you are familiar with configuring the
713 X.Org server using xorg.conf and optionally the newer mechanisms
714 using hal or udev and xorg.conf.d. If not you can learn about
715 them by studying the documentation which comes with X.Org.
716 </para>
717
718 <para>
719 The &product-name; Guest Additions includes drivers for X.Org.
720 By default these drivers are in the following directory:
721 </para>
722
723 <para>
724 <filename>/opt/VBoxGuestAdditions-<replaceable>version</replaceable>/other/</filename>
725 </para>
726
727 <para>
728 The correct versions for the X server are symbolically linked
729 into the X.Org driver directories.
730 </para>
731
732 <para>
733 For graphics integration to work correctly, the X server must
734 load the <literal>vboxvideo</literal> driver. Many recent X
735 server versions look for it automatically if they see that they
736 are running in &product-name;. For an optimal user experience,
737 the guest kernel drivers must be loaded and the Guest Additions
738 tool <command>VBoxClient</command> must be running as a client
739 in the X session.
740 </para>
741
742 <para>
743 For mouse integration to work correctly, the guest kernel
744 drivers must be loaded. In addition, for legacy X servers the
745 correct <literal>vboxmouse</literal> driver must be loaded and
746 associated with <filename>/dev/mouse</filename> or
747 <filename>/dev/psaux</filename>. For most guests, a driver for a
748 PS/2 mouse must be loaded and the correct vboxmouse driver must
749 be associated with <filename>/dev/vboxguest</filename>.
750 </para>
751
752 <para>
753 The &product-name; guest graphics driver can use any graphics
754 configuration for which the virtual resolution fits into the
755 virtual video memory allocated to the virtual machine, minus a
756 small amount used by the guest driver, as described in
757 <xref linkend="settings-display" />. The driver will offer a
758 range of standard modes at least up to the default guest
759 resolution for all active guest monitors. The default mode can
760 be changed by setting the output property VBOX_MODE to
761 "&lt;width&gt;x&lt;height&gt;" for any guest monitor. When
762 VBoxClient and the kernel drivers are active this is done
763 automatically when the host requests a mode change. The driver
764 for older versions can only receive new modes by querying the
765 host for requests at regular intervals.
766 </para>
767
768 <para>
769 With legacy X Servers before version 1.3, you can also add your
770 own modes to the X server configuration file. Add them to the
771 "Modes" list in the "Display" subsection of the "Screen"
772 section. For example, the following section has a custom
773 2048x800 resolution mode added:
774 </para>
775
776<screen>Section "Screen"
777 Identifier "Default Screen"
778 Device "VirtualBox graphics card"
779 Monitor "Generic Monitor"
780 DefaultDepth 24
781 SubSection "Display"
782 Depth 24
783 Modes "2048x800" "800x600" "640x480"
784 EndSubSection
785EndSection</screen>
786
787 </sect2>
788
789 </sect1>
790
791 <sect1 id="cpuhotplug">
792
793 <title>CPU Hot-Plugging</title>
794
795 <para>
796 With virtual machines running modern server operating systems,
797 &product-name; supports CPU hot-plugging.
798 </para>
799
800 <para>
801 On a physical computer CPU hot-plugging would mean that a CPU can
802 be added or removed while the machine is running. &product-name;
803 supports adding and removing of virtual CPUs while a virtual
804 machine is running.
805 </para>
806
807 <para>
808 CPU hot-plugging works only with guest operating systems that
809 support the feature. So far this applies only to Linux and Windows
810 Server. Windows supports only hot-add, while Linux supports
811 hot-add and hot-remove. To use this feature with more than 8 CPUs,
812 a 64-bit Linux guest is required.
813 </para>
814
815 <para>
816 CPU hot-plugging is done using the <command>VBoxManage</command>
817 command-line interface. First, hot-plugging needs to be enabled
818 for a virtual machine:
819 </para>
820
821<screen>$ VBoxManage modifyvm <replaceable>VM-name</replaceable> --cpuhotplug on</screen>
822
823 <para>
824 The <option>--cpus</option> option is used to specify the maximum
825 number of CPUs that the virtual machine can have:
826 </para>
827
828<screen>$ VBoxManage modifyvm <replaceable>VM-name</replaceable> --cpus 8</screen>
829
830 <para>
831 When the VM is off, you can then add and remove virtual CPUs with
832 the <command>VBoxManage modifyvm --plugcpu</command> and
833 <command>VBoxManage modifyvm --unplugcpu</command> commands, which
834 take the number of the virtual CPU as a parameter, as follows:
835 </para>
836
837<screen>$ VBoxManage modifyvm <replaceable>VM-name</replaceable> --plugcpu 3
838$ VBoxManage modifyvm <replaceable>VM-name</replaceable> --unplugcpu 3</screen>
839
840 <para>
841 Note that CPU 0 can never be removed.
842 </para>
843
844 <para>
845 While the VM is running, CPUs can be added and removed with the
846 <command>VBoxManage controlvm plugcpu</command> and
847 <command>VBoxManage controlvm unplugcpu</command> commands
848 instead, as follows:
849 </para>
850
851<screen>$ VBoxManage controlvm <replaceable>VM-name</replaceable> plugcpu 3
852$ VBoxManage controlvm <replaceable>VM-name</replaceable> unplugcpu 3</screen>
853
854 <para>
855 See <xref linkend="vboxmanage-modifyvm" /> and
856 <xref linkend="vboxmanage-controlvm" /> for details.
857 </para>
858
859 <para>
860 With Linux guests, the following applies:
861 </para>
862
863 <para>
864 To prevent ejection while the CPU is still used it has to be
865 ejected from within the guest before. The Linux Guest Additions
866 contain a service which receives hot-remove events and ejects the
867 CPU. Also, after a CPU is added to the VM it is not automatically
868 used by Linux. The Linux Guest Additions service will take care of
869 that if installed. If not a CPU can be started with the following
870 command:
871 </para>
872
873<screen>$ echo 1 &gt; /sys/devices/system/cpu/cpu&lt;id&gt;/online</screen>
874
875 </sect1>
876
877<!--<sect1 id="pcipassthrough">
878
879 <title>PCI Passthrough</title>
880
881 <para>
882 When running on Linux hosts with a kernel version later than
883 <literal>2.6.31</literal>, experimental host PCI devices
884 passthrough is available.
885 </para>
886
887 <note>
888 <para>
889 The PCI passthrough module is shipped as an &product-name;
890 extension package, which must be installed separately. See
891 <xref linkend="intro-installing" />.
892 </para>
893 </note>
894
895 <para>
896 This feature enables a guest to directly use physical PCI devices
897 on the host, even if host does not have drivers for this
898 particular device. Both, regular PCI and some PCI Express cards,
899 are supported. AGP and certain PCI Express cards are not supported
900 at the moment if they rely on Graphics Address Remapping Table
901 (GART) unit programming for texture management as it does rather
902 non-trivial operations with pages remapping interfering with
903 IOMMU. This limitation may be lifted in future releases.
904 </para>
905
906 <para>
907 To be fully functional, PCI passthrough support in &product-name;
908 depends upon an IOMMU hardware unit. If the device uses bus
909 mastering, for example it performs DMA to the OS memory on its
910 own, then an IOMMU is required. Otherwise such DMA transactions
911 may write to the wrong physical memory address as the device DMA
912 engine is programmed using a device-specific protocol to perform
913 memory transactions. The IOMMU functions as translation unit
914 mapping physical memory access requests from the device using
915 knowledge of the guest physical address to host physical addresses
916 translation rules.
917 </para>
918
919 <para>
920 Intel's solution for IOMMU is called Intel Virtualization
921 Technology for Directed I/O (VT-d), and AMD's solution is called
922 AMD-Vi. Check your motherboard datasheet for the appropriate
923 technology. Even if your hardware does not have a IOMMU, certain
924 PCI cards may work, such as serial PCI adapters, but the guest
925 will show a warning on boot and the VM execution will terminate if
926 the guest driver will attempt to enable card bus mastering.
927 </para>
928
929 <para>
930 It is very common that the BIOS or the host OS disables the IOMMU
931 by default. So before any attempt to use it please make sure that
932 the following apply:
933 </para>
934
935 <itemizedlist>
936
937 <listitem>
938 <para>
939 Your motherboard has an IOMMU unit.
940 </para>
941 </listitem>
942
943 <listitem>
944 <para>
945 Your CPU supports the IOMMU.
946 </para>
947 </listitem>
948
949 <listitem>
950 <para>
951 The IOMMU is enabled in the BIOS.
952 </para>
953 </listitem>
954
955 <listitem>
956 <para>
957 The VM must run with VT-x/AMD-V and nested paging enabled.
958 </para>
959 </listitem>
960
961 <listitem>
962 <para>
963 Your Linux kernel was compiled with IOMMU support, including
964 DMA remapping. See the <literal>CONFIG_DMAR</literal> kernel
965 compilation option. The PCI stub driver
966 (<literal>CONFIG_PCI_STUB</literal>) is required as well.
967 </para>
968 </listitem>
969
970 <listitem>
971 <para>
972 Your Linux kernel recognizes and uses the IOMMU unit. The
973 <literal>intel_iommu=on</literal> boot option could be needed.
974 Search for DMAR and PCI-DMA in kernel boot log.
975 </para>
976 </listitem>
977
978 </itemizedlist>
979
980 <para>
981 Once you made sure that the host kernel supports the IOMMU, the
982 next step is to select the PCI card and attach it to the guest. To
983 figure out the list of available PCI devices, use the
984 <command>lspci</command> command. The output will look as follows:
985 </para>
986
987<screen>01:00.0 VGA compatible controller: ATI Technologies Inc Cedar PRO [Radeon HD 5450]
98801:00.1 Audio device: ATI Technologies Inc Manhattan HDMI Audio [Mobility Radeon HD 5000 Series]
98902:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit
990 Ethernet controller (rev 03)
99103:00.0 SATA controller: JMicron Technology Corp. JMB362/JMB363 Serial ATA Controller (rev 03)
99203:00.1 IDE interface: JMicron Technology Corp. JMB362/JMB363 Serial ATA Controller (rev 03)
99306:00.0 VGA compatible controller: nVidia Corporation G86 [GeForce 8500 GT] (rev a1)</screen>
994
995 <para>
996 The first column is a PCI address, in the format
997 <literal><replaceable>bus</replaceable>:<replaceable>device</replaceable>.<replaceable>function</replaceable></literal>.
998 This address could be used to identify the device for further
999 operations. For example, to attach a PCI network controller on the
1000 system listed above to the second PCI bus in the guest, as device
1001 5, function 0, use the following command:
1002 </para>
1003
1004<screen>$ VBoxManage modifyvm <replaceable>VM-name</replaceable> -\-pciattach 02:00.0@01:05.0</screen>
1005
1006 <para>
1007 To detach the same device, use:
1008 </para>
1009
1010<screen>$ VBoxManage modifyvm <replaceable>VM-name</replaceable> -\-pcidetach 02:00.0</screen>
1011
1012 <para>
1013 Please note that both host and guest could freely assign a
1014 different PCI address to the card attached during runtime, so
1015 those addresses only apply to the address of the card at the
1016 moment of attachment on the host, and during BIOS PCI init on the
1017 guest.
1018 </para>
1019
1020 <para>
1021 If the virtual machine has a PCI device attached, certain
1022 limitations apply:
1023 </para>
1024
1025 <itemizedlist>
1026
1027 <listitem>
1028 <para>
1029 Only PCI cards with non-shared interrupts, such as those using
1030 MSI on the host, are supported at the moment.
1031 </para>
1032 </listitem>
1033
1034 <listitem>
1035 <para>
1036 No guest state can be reliably saved or restored. The internal
1037 state of the PCI card cannot be retrieved.
1038 </para>
1039 </listitem>
1040
1041 <listitem>
1042 <para>
1043 Teleportation, also called live migration, does not work. The
1044 internal state of the PCI card cannot be retrieved.
1045 </para>
1046 </listitem>
1047
1048 <listitem>
1049 <para>
1050 No lazy physical memory allocation. The host will preallocate
1051 the whole RAM required for the VM on startup, as we cannot
1052 catch physical hardware accesses to the physical memory.
1053 </para>
1054 </listitem>
1055
1056 </itemizedlist>
1057
1058 </sect1>-->
1059
1060 <sect1 id="webcam-passthrough">
1061
1062 <title>Webcam Passthrough</title>
1063
1064 <sect2 id="webcam-using-guest">
1065
1066 <title>Using a Host Webcam in the Guest</title>
1067
1068 <para>
1069 &product-name; includes a feature called <emphasis>webcam
1070 passthrough</emphasis>, which enables a guest to use a host
1071 webcam. This complements the general USB passthrough support
1072 which was the typical way of using host webcams in legacy
1073 releases. The webcam passthrough support can handle non-USB
1074 video sources in theory, but this is completely untested.
1075 </para>
1076
1077 <note>
1078 <para>
1079 The webcam passthrough module is shipped as part of the
1080 &product-name; extension pack, which must be installed
1081 separately. See <xref linkend="intro-installing" />.
1082 </para>
1083 </note>
1084
1085 <para>
1086 The host webcam can be attached to the VM using the
1087 <emphasis role="bold">Devices</emphasis> menu in the VM menu
1088 bar. The <emphasis role="bold">Webcams</emphasis> menu contains
1089 a list of available video input devices on the host. Clicking on
1090 a webcam name attaches or detaches the corresponding host
1091 device.
1092 </para>
1093
1094 <para>
1095 The <command>VBoxManage</command> command line tool can be used
1096 to enable webcam passthrough. Please see the host-specific
1097 sections below for additional details. The following commands
1098 are available:
1099 </para>
1100
1101 <itemizedlist>
1102
1103 <listitem>
1104 <para>
1105 Get a list of host webcams, or other video input devices:
1106 </para>
1107
1108<screen>$ VBoxManage list webcams</screen>
1109
1110 <para>
1111 The output format is as follows:
1112 </para>
1113
1114<screen>alias "user friendly name"
1115host path or identifier</screen>
1116
1117 <para>
1118 The alias can be used as a shortcut in other commands. Alias
1119 '.0' means the default video input device on the host. Alias
1120 '.1', '.2'means first, second video input device, and so on.
1121 The device order is host-specific.
1122 </para>
1123 </listitem>
1124
1125 <listitem>
1126 <para>
1127 Attach a webcam to a running VM, as follows:
1128 </para>
1129
1130<screen>VBoxManage controlvm <replaceable>VM name</replaceable> webcam attach [<replaceable>host_path</replaceable>|<replaceable>alias</replaceable> [<replaceable>settings</replaceable>]]</screen>
1131
1132 <para>
1133 This attaches a USB webcam device to the guest.
1134 </para>
1135
1136 <para>
1137 The <literal>settings</literal> parameter is a string
1138 <literal>Setting1=Value1;Setting2=Value2</literal>, which
1139 enables you to configure the emulated webcam device. The
1140 following settings are supported:
1141 </para>
1142
1143 <itemizedlist>
1144
1145 <listitem>
1146 <para>
1147 <literal>MaxFramerate</literal>: The highest rate at
1148 which video frames are sent to the guest. A higher frame
1149 rate requires more CPU power. Therefore sometimes it is
1150 useful to set a lower limit. Default is no limit and
1151 allow the guest to use all frame rates supported by the
1152 host webcam.
1153 </para>
1154 </listitem>
1155
1156 <listitem>
1157 <para>
1158 <literal>MaxPayloadTransferSize</literal>: How many
1159 bytes the emulated webcam can send to the guest at a
1160 time. Default value is 3060 bytes, which is used by some
1161 webcams. Higher values can slightly reduce CPU load, if
1162 the guest is able to use larger buffers. However, a high
1163 <literal>MaxPayloadTransferSize</literal> might be not
1164 supported by some guests.
1165 </para>
1166 </listitem>
1167
1168 </itemizedlist>
1169 </listitem>
1170
1171 <listitem>
1172 <para>
1173 Detach a webcam from a running VM, as follows:
1174 </para>
1175
1176<screen>VBoxManage controlvm <replaceable>VM-name</replaceable> webcam detach [<replaceable>host_path</replaceable>|<replaceable>alias</replaceable>]</screen>
1177 </listitem>
1178
1179 <listitem>
1180 <para>
1181 List the webcams attached to a running VM, as follows:
1182 </para>
1183
1184<screen>VBoxManage controlvm <replaceable>VM-name</replaceable> webcam list</screen>
1185
1186 <para>
1187 The output contains the path or alias which was used in the
1188 <command>webcam attach</command> command for each attached
1189 webcam.
1190 </para>
1191 </listitem>
1192
1193 </itemizedlist>
1194
1195 </sect2>
1196
1197 <sect2 id="webcam-win-hosts">
1198
1199 <title>Windows Hosts</title>
1200
1201 <para>
1202 When the webcam device is detached from the host, the emulated
1203 webcam device is automatically detached from the guest.
1204 </para>
1205
1206 </sect2>
1207
1208 <sect2 id="webcam-mac-hosts">
1209
1210 <title>Mac OS X Hosts</title>
1211
1212 <para>
1213 Mac OS X version 10.9 or later is required.
1214 </para>
1215
1216 <para>
1217 When the webcam device is detached from the host, the emulated
1218 webcam device remains attached to the guest and must be manually
1219 detached using the <command>VBoxManage controlvm
1220 <replaceable>VM-name</replaceable> webcam detach</command>
1221 command.
1222 </para>
1223
1224 </sect2>
1225
1226 <sect2 id="webcam-linux-hosts">
1227
1228 <title>Linux and Oracle Solaris Hosts</title>
1229
1230 <para>
1231 When the webcam is detached from the host the emulated webcam
1232 device is automatically detached from the guest only if the
1233 webcam is streaming video. If the emulated webcam is inactive it
1234 should be manually detached using the <command>VBoxManage
1235 controlvm <replaceable>VM-name</replaceable> webcam
1236 detach</command> command.
1237 </para>
1238
1239 <para>
1240 Aliases <filename>.0</filename> and <filename>.1</filename> are
1241 mapped to <filename>/dev/video0</filename>, alias
1242 <filename>.2</filename> is mapped to
1243 <filename>/dev/video1</filename> and so forth.
1244 </para>
1245
1246 </sect2>
1247
1248 </sect1>
1249
1250 <sect1 id="adv-display-config">
1251
1252 <title>Advanced Display Configuration</title>
1253
1254 <sect2 id="customvesa">
1255
1256 <title>Custom VESA Resolutions</title>
1257
1258 <para>
1259 Apart from the standard VESA resolutions, the &product-name;
1260 VESA BIOS enables you to add up to 16 custom video modes which
1261 will be reported to the guest operating system. When using
1262 Windows guests with the &product-name; Guest Additions, a custom
1263 graphics driver will be used instead of the fallback VESA
1264 solution so this information does not apply.
1265 </para>
1266
1267 <para>
1268 Additional video modes can be configured for each VM using the
1269 extra data facility. The extra data key is called
1270 <literal>CustomVideoMode<replaceable>x</replaceable></literal>
1271 with <replaceable>x</replaceable> being a number from 1 to 16.
1272 Please note that modes will be read from 1 until either the
1273 following number is not defined or 16 is reached. The following
1274 example adds a video mode that corresponds to the native display
1275 resolution of many notebook computers:
1276 </para>
1277
1278<screen>$ VBoxManage setextradata <replaceable>VM-name</replaceable> "CustomVideoMode1" "1400x1050x16"</screen>
1279
1280 <para>
1281 The VESA mode IDs for custom video modes start at
1282 <literal>0x160</literal>. In order to use the above defined
1283 custom video mode, the following command line has to be supplied
1284 to Linux:
1285 </para>
1286
1287<screen>vga = 0x200 | 0x160
1288vga = 864</screen>
1289
1290 <para>
1291 For guest operating systems with &product-name; Guest Additions,
1292 a custom video mode can be set using the video mode hint
1293 feature.
1294 </para>
1295
1296 </sect2>
1297
1298 <sect2 id="max-resolution-guests">
1299
1300 <title>Configuring the Maximum Resolution of Guests When Using the Graphical
1301 Frontend</title>
1302
1303 <para>
1304 When guest systems with the Guest Additions installed are
1305 started using the graphical frontend, the normal &product-name;
1306 application, they will not be allowed to use screen resolutions
1307 greater than the host's screen size unless the user manually
1308 resizes them by dragging the window, switching to full screen or
1309 seamless mode or sending a video mode hint using
1310 <command>VBoxManage</command>. This behavior is what most users
1311 will want, but if you have different needs, you can change it by
1312 issuing one of the following commands from the command line:
1313 </para>
1314
1315 <itemizedlist>
1316
1317 <listitem>
1318 <para>
1319 Remove all limits on guest resolutions.
1320 </para>
1321
1322<screen>VBoxManage setextradata global GUI/MaxGuestResolution any</screen>
1323 </listitem>
1324
1325 <listitem>
1326 <para>
1327 Manually specify a maximum resolution.
1328 </para>
1329
1330<screen>VBoxManage setextradata global GUI/MaxGuestResolution <replaceable>width</replaceable>x<replaceable>height</replaceable></screen>
1331 </listitem>
1332
1333 <listitem>
1334 <para>
1335 Restore the default settings to all guest VMs.
1336 </para>
1337
1338<screen>VBoxManage setextradata global GUI/MaxGuestResolution auto</screen>
1339 </listitem>
1340
1341 </itemizedlist>
1342
1343 </sect2>
1344
1345 </sect1>
1346
1347 <sect1 id="adv-storage-config">
1348
1349 <title>Advanced Storage Configuration</title>
1350
1351 <sect2 id="rawdisk">
1352
1353 <title>Using a Raw Host Hard Disk From a Guest</title>
1354
1355 <para>
1356 As an alternative to using virtual disk images as described in
1357 <xref linkend="storage" />, &product-name; can also present
1358 either entire physical hard disks or selected partitions as
1359 virtual disks to virtual machines.
1360 </para>
1361
1362 <para>
1363 With &product-name;, this type of access is called <emphasis>raw
1364 hard disk access</emphasis>. It enables a guest operating system
1365 to access its virtual hard disk without going through the host
1366 OS file system. The actual performance difference for image
1367 files compared to raw disk varies greatly depending on the
1368 overhead of the host file system, whether dynamically growing
1369 images are used, and on host OS caching strategies. The caching
1370 indirectly also affects other aspects such as failure behavior.
1371 For example, whether the virtual disk contains all data written
1372 before a host OS crash. Consult your host OS documentation for
1373 details on this.
1374 </para>
1375
1376 <warning>
1377 <para>
1378 Raw hard disk access is for expert users only. Incorrect use
1379 or use of an outdated configuration can lead to
1380 <emphasis role="bold">total loss of data</emphasis> on the
1381 physical disk. Most importantly, <emphasis>do not</emphasis>
1382 attempt to boot the partition with the currently running host
1383 operating system in a guest. This will lead to severe data
1384 corruption.
1385 </para>
1386 </warning>
1387
1388 <para>
1389 Raw hard disk access, both for entire disks and individual
1390 partitions, is implemented as part of the VMDK image format
1391 support. As a result, you will need to create a special VMDK
1392 image file which defines where the data will be stored. After
1393 creating such a special VMDK image, you can use it like a
1394 regular virtual disk image. For example, you can use the
1395 VirtualBox Manager, see <xref linkend="vdis" />, or
1396 <command>VBoxManage</command> to assign the image to a virtual
1397 machine.
1398 </para>
1399
1400 <sect3 id="rawdisk-access-entire-physical-disk">
1401
1402 <title>Access to Entire Physical Hard Disk</title>
1403
1404 <para>
1405 While this variant is the simplest to set up, you must be
1406 aware that this will give a guest operating system direct and
1407 full access to an <emphasis>entire physical disk</emphasis>.
1408 If your <emphasis>host</emphasis> operating system is also
1409 booted from this disk, please take special care to not access
1410 the partition from the guest at all. On the positive side, the
1411 physical disk can be repartitioned in arbitrary ways without
1412 having to recreate the image file that gives access to the raw
1413 disk.
1414 </para>
1415
1416 <para>
1417 On a Linux host, to create an image that represents an entire
1418 physical hard disk which will not contain any actual data, as
1419 this will all be stored on the physical disk, use the
1420 following command:
1421 </para>
1422
1423<screen>$ VBoxManage internalcommands createrawvmdk -filename \
1424/path/to/file.vmdk -rawdisk /dev/sda</screen>
1425
1426 <para>
1427 This creates the
1428 <filename>/<replaceable>path-to-file</replaceable>.vmdk</filename>
1429 file image that must be an absolute path. All data is read and
1430 written from <filename>/dev/sda</filename>.
1431 </para>
1432
1433 <para>
1434 On a Windows host, instead of the above device specification,
1435 for example use <filename>\\.\PhysicalDrive0</filename>. On a
1436 Mac OS X host, instead of the above device specification use
1437 for example <filename>/dev/disk1</filename>. Note that on Mac
1438 OS X you can only get access to an entire disk if no volume is
1439 mounted from it.
1440 </para>
1441
1442 <para>
1443 Creating the image requires read/write access for the given
1444 device. Read/write access is also later needed when using the
1445 image from a virtual machine. On some host platforms, such as
1446 Windows, raw disk access may be restricted and not permitted
1447 by the host OS in some situations.
1448 </para>
1449
1450 <para>
1451 Just like with regular disk images, this does not
1452 automatically attach the newly created image to a virtual
1453 machine. This can be done as follows:
1454 </para>
1455
1456<screen>$ VBoxManage storageattach WindowsXP --storagectl "IDE Controller" \
1457 --port 0 --device 0 --type hdd --medium /path/to/file.vmdk</screen>
1458
1459 <para>
1460 When this is done the selected virtual machine will boot from
1461 the specified physical disk.
1462 </para>
1463
1464 </sect3>
1465
1466 <sect3 id="rawdisk-access-disk-partitions">
1467
1468 <title>Access to Individual Physical Hard Disk Partitions</title>
1469
1470 <para>
1471 This <emphasis>raw partition support</emphasis> is quite
1472 similar to the full hard disk access described above. However,
1473 in this case, any partitioning information will be stored
1474 inside the VMDK image. This means that you can install a
1475 different boot loader in the virtual hard disk without
1476 affecting the host's partitioning information. While the guest
1477 will be able to <emphasis>see</emphasis> all partitions that
1478 exist on the physical disk, access will be filtered in that
1479 reading from partitions for which no access is allowed the
1480 partitions will only yield zeroes, and all writes to them are
1481 ignored.
1482 </para>
1483
1484 <para>
1485 To create a special image for raw partition support, which
1486 will contain a small amount of data, on a Linux host, use the
1487 command:
1488 </para>
1489
1490<screen>$ VBoxManage internalcommands createrawvmdk -filename \
1491/path/to/file.vmdk -rawdisk /dev/sda -partitions 1,5</screen>
1492
1493 <para>
1494 The command is identical to the one for full hard disk access,
1495 except for the additional <option>-partitions</option>
1496 parameter. This example would create the image
1497 <filename>/<replaceable>path-to-file</replaceable>.vmdk</filename>,
1498 which must be absolute, and partitions 1 and 5 of
1499 <filename>/dev/sda</filename> would be made accessible to the
1500 guest.
1501 </para>
1502
1503 <para>
1504 &product-name; uses the same partition numbering as your Linux
1505 host. As a result, the numbers given in the above example
1506 would refer to the first primary partition and the first
1507 logical drive in the extended partition, respectively.
1508 </para>
1509
1510 <para>
1511 On a Windows host, instead of the above device specification,
1512 use for example <filename>\\.\PhysicalDrive0</filename>. On a
1513 Mac OS X host, instead of the above device specification use
1514 <filename>/dev/disk1</filename>, for example. Note that on OS
1515 X you can only use partitions which are not mounted. Eject the
1516 respective volume first. Partition numbers are the same on
1517 Linux, Windows, and Mac OS X hosts.
1518 </para>
1519
1520 <para>
1521 The numbers for the list of partitions can be taken from the
1522 output of the following command:
1523 </para>
1524
1525<screen>$ VBoxManage internalcommands listpartitions -rawdisk /dev/sda</screen>
1526
1527 <para>
1528 The output lists the partition types and sizes to give the
1529 user enough information to identify the partitions necessary
1530 for the guest.
1531 </para>
1532
1533 <para>
1534 Images which give access to individual partitions are specific
1535 to a particular host disk setup. You cannot transfer these
1536 images to another host. Also, whenever the host partitioning
1537 changes, the image <emphasis>must be recreated</emphasis>.
1538 </para>
1539
1540 <para>
1541 Creating the image requires read/write access for the given
1542 device. Read/write access is also later needed when using the
1543 image from a virtual machine. If this is not feasible, there
1544 is a special variant for raw partition access, currently only
1545 available on Linux hosts, that avoids having to give the
1546 current user access to the entire disk. To set up such an
1547 image, use:
1548 </para>
1549
1550<screen>$ VBoxManage internalcommands createrawvmdk -filename \
1551/path/to/file.vmdk -rawdisk /dev/sda -partitions 1,5 -relative</screen>
1552
1553 <para>
1554 When used from a virtual machine, the image will then refer
1555 not to the entire disk, but only to the individual partitions.
1556 In this example, <filename>/dev/sda1</filename> and
1557 <filename>/dev/sda5</filename>. As a consequence, read/write
1558 access is only required for the affected partitions, not for
1559 the entire disk. During creation however, read-only access to
1560 the entire disk is required to obtain the partitioning
1561 information.
1562 </para>
1563
1564 <para>
1565 In some configurations it may be necessary to change the MBR
1566 code of the created image. For example, to replace the Linux
1567 boot loader that is used on the host by another boot loader.
1568 This enables for example the guest to boot directly to
1569 Windows, while the host boots Linux from the "same" disk. For
1570 this purpose the <option>-mbr</option> option is provided. It
1571 specifies a file name from which to take the MBR code. The
1572 partition table is not modified at all, so a MBR file from a
1573 system with totally different partitioning can be used. An
1574 example of this is:
1575 </para>
1576
1577<screen>$ VBoxManage internalcommands createrawvmdk -filename
1578/path/to/file.vmdk -rawdisk /dev/sda -partitions 1,5 -mbr winxp.mbr</screen>
1579
1580 <para>
1581 The modified MBR will be stored inside the image, not on the
1582 host disk.
1583 </para>
1584
1585 <para>
1586 The created image can be attached to a storage controller in a
1587 VM configuration as usual.
1588 </para>
1589
1590 </sect3>
1591
1592 </sect2>
1593
1594 <sect2 id="changevpd">
1595
1596 <title>Configuring the Hard Disk Vendor Product Data (VPD)</title>
1597
1598 <para>
1599 &product-name; reports vendor product data for its virtual hard
1600 disks which consist of hard disk serial number, firmware
1601 revision and model number. These can be changed using the
1602 following commands:
1603 </para>
1604
1605<screen>$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
1606"VBoxInternal/Devices/ahci/0/Config/Port0/SerialNumber" "serial"
1607$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
1608"VBoxInternal/Devices/ahci/0/Config/Port0/FirmwareRevision" "firmware"
1609$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
1610"VBoxInternal/Devices/ahci/0/Config/Port0/ModelNumber" "model"</screen>
1611
1612 <para>
1613 The serial number is a 20 byte alphanumeric string, the firmware
1614 revision an 8 byte alphanumeric string and the model number a 40
1615 byte alphanumeric string. Instead of Port0, referring to the
1616 first port, specify the desired SATA hard disk port.
1617 </para>
1618
1619 <para>
1620 The above commands apply to virtual machines with an AHCI (SATA)
1621 controller. The commands for virtual machines with an IDE
1622 controller are:
1623 </para>
1624
1625<screen>$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
1626"VBoxInternal/Devices/piix3ide/0/Config/PrimaryMaster/SerialNumber" "serial"
1627$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
1628"VBoxInternal/Devices/piix3ide/0/Config/PrimaryMaster/FirmwareRevision" "firmware"
1629$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
1630"VBoxInternal/Devices/piix3ide/0/Config/PrimaryMaster/ModelNumber" "model"</screen>
1631
1632 <para>
1633 For hard disks, you can mark the drive as having a
1634 non-rotational medium by using the following command:
1635 </para>
1636
1637<screen>$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
1638"VBoxInternal/Devices/ahci/0/Config/Port0/NonRotational" "1"</screen>
1639
1640 <para>
1641 Additional three parameters are needed for CD/DVD drives to
1642 report the vendor product data:
1643 </para>
1644
1645<screen>$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
1646"VBoxInternal/Devices/ahci/0/Config/Port0/ATAPIVendorId" "vendor"
1647VBoxManage setextradata <replaceable>VM-name</replaceable> \
1648"VBoxInternal/Devices/ahci/0/Config/Port0/ATAPIProductId" "product"
1649VBoxManage setextradata <replaceable>VM-name</replaceable> \
1650"VBoxInternal/Devices/ahci/0/Config/Port0/ATAPIRevision" "revision"</screen>
1651
1652 <para>
1653 The vendor id is an 8 byte alphanumeric string, the product id
1654 an 16 byte alphanumeric string and the revision a 4 byte
1655 alphanumeric string. Instead of Port0, referring to the first
1656 port, specify the desired SATA hard disk port.
1657 </para>
1658
1659 </sect2>
1660
1661 <sect2 id="iscsi-intnet">
1662
1663 <title>Access iSCSI Targets Using Internal Networking</title>
1664
1665 <para>
1666 As an experimental feature, &product-name; enables access to an
1667 iSCSI target running in a virtual machine which is configured to
1668 use Internal Networking mode. See
1669 <xref linkend="storage-iscsi" />,
1670 <xref linkend="network_internal" />, and
1671 <xref
1672 linkend="vboxmanage-storageattach" />.
1673 </para>
1674
1675 <para>
1676 The IP stack accessing Internal Networking must be configured in
1677 the virtual machine which accesses the iSCSI target. A free
1678 static IP and a MAC address not used by other virtual machines
1679 must be chosen. In the example below, adapt the name of the
1680 virtual machine, the MAC address, the IP configuration, and the
1681 Internal Networking name (MyIntNet) according to your needs. The
1682 following eight commands must first be issued:
1683 </para>
1684
1685<screen>$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
1686VBoxInternal/Devices/IntNetIP/0/Trusted 1
1687$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
1688VBoxInternal/Devices/IntNetIP/0/Config/MAC 08:00:27:01:02:0f
1689$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
1690VBoxInternal/Devices/IntNetIP/0/Config/IP 10.0.9.1
1691$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
1692VBoxInternal/Devices/IntNetIP/0/Config/Netmask 255.255.255.0
1693$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
1694VBoxInternal/Devices/IntNetIP/0/LUN#0/Driver IntNet
1695$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
1696VBoxInternal/Devices/IntNetIP/0/LUN#0/Config/Network MyIntNet
1697$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
1698VBoxInternal/Devices/IntNetIP/0/LUN#0/Config/TrunkType 2
1699$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
1700VBoxInternal/Devices/IntNetIP/0/LUN#0/Config/IsService 1</screen>
1701
1702 <para>
1703 Finally the iSCSI disk must be attached with the
1704 <option>--intnet</option> option to tell the iSCSI initiator to
1705 use internal networking, as follows:
1706 </para>
1707
1708<screen>$ VBoxManage storageattach ... --medium iscsi --server 10.0.9.30 \
1709--target iqn.2008-12.com.sun:sampletarget --intnet</screen>
1710
1711 <para>
1712 Compared to a regular iSCSI setup, the IP address of the target
1713 <emphasis>must</emphasis> be specified as a numeric IP address,
1714 as there is no DNS resolver for internal networking.
1715 </para>
1716
1717 <para>
1718 The virtual machine with the iSCSI target should be started
1719 before the VM using it is powered on. If a virtual machine using
1720 an iSCSI disk is started without having the iSCSI target powered
1721 up, it can take up to 200 seconds to detect this situation. The
1722 VM will fail to power up.
1723 </para>
1724
1725 </sect2>
1726
1727 </sect1>
1728
1729 <sect1 id="changenat">
1730
1731 <title>Fine Tuning the &product-name; NAT Engine</title>
1732
1733 <sect2 id="nat-address-config">
1734
1735 <title>Configuring the Address of a NAT Network Interface</title>
1736
1737 <para>
1738 In NAT mode, the guest network interface is assigned to the IPv4
1739 range <literal>10.0.<replaceable>x</replaceable>.0/24</literal>
1740 by default where <replaceable>x</replaceable> corresponds to the
1741 instance of the NAT interface +2. So
1742 <replaceable>x</replaceable> is 2 when there is only one NAT
1743 instance active. In that case the guest is assigned to the
1744 address <literal>10.0.2.15</literal>, the gateway is set to
1745 <literal>10.0.2.2</literal> and the name server can be found at
1746 <literal>10.0.2.3</literal>.
1747 </para>
1748
1749 <para>
1750 If the NAT network needs to be changed, use the following
1751 command:
1752 </para>
1753
1754<screen>$ VBoxManage modifyvm <replaceable>VM-name</replaceable> \
1755--natnet1 "192.168/16"</screen>
1756
1757 <para>
1758 This command would reserve the network addresses from
1759 <literal>192.168.0.0</literal> to
1760 <literal>192.168.254.254</literal> for the first NAT network
1761 instance of <replaceable>VM-name</replaceable> The guest IP
1762 would be assigned to <literal>192.168.0.15</literal> and the
1763 default gateway could be found at
1764 <literal>192.168.0.2</literal>.
1765 </para>
1766
1767 </sect2>
1768
1769 <sect2 id="nat-adv-tftp">
1770
1771 <title>Configuring the Boot Server (Next Server) of a NAT Network Interface</title>
1772
1773 <para>
1774 For network booting in NAT mode, by default &product-name; uses
1775 a built-in TFTP server at the IP address 10.0.2.4. This default
1776 behavior should work fine for typical remote-booting scenarios.
1777 However, it is possible to change the boot server IP and the
1778 location of the boot image with the following commands:
1779 </para>
1780
1781<screen>$ VBoxManage modifyvm <replaceable>VM-name</replaceable> \
1782--nattftpserver1 10.0.2.2
1783$ VBoxManage modifyvm <replaceable>VM-name</replaceable> \
1784--nattftpfile1 /srv/tftp/boot/MyPXEBoot.pxe</screen>
1785
1786 </sect2>
1787
1788 <sect2 id="nat-adv-settings">
1789
1790 <title>Tuning TCP/IP Buffers for NAT</title>
1791
1792 <para>
1793 The &product-name; NAT stack performance is often determined by
1794 its interaction with the host's TCP/IP stack and the size of
1795 several buffers, <literal>SO_RCVBUF</literal> and
1796 <literal>SO_SNDBUF</literal>. For certain setups users might
1797 want to adjust the buffer size for a better performance. This
1798 can by achieved using the following commands, where values are
1799 in kilobytes and can range from 8 to 1024:
1800 </para>
1801
1802<screen>$ VBoxManage modifyvm <replaceable>VM-name</replaceable> \
1803--natsettings1 16000,128,128,0,0</screen>
1804
1805 <para>
1806 This example illustrates tuning the NAT settings. The first
1807 parameter is the MTU, then the size of the socket's send buffer
1808 and the size of the socket's receive buffer, the initial size of
1809 the TCP send window, and lastly the initial size of the TCP
1810 receive window. Note that specifying zero means fallback to the
1811 default value.
1812 </para>
1813
1814 <para>
1815 Each of these buffers has a default size of 64KB and default MTU
1816 is 1500.
1817 </para>
1818
1819 </sect2>
1820
1821 <sect2 id="nat-bind-sockets">
1822
1823 <title>Binding NAT Sockets to a Specific Interface</title>
1824
1825 <para>
1826 By default, &product-name;'s NAT engine will route TCP/IP
1827 packets through the default interface assigned by the host's
1828 TCP/IP stack. The technical reason for this is that the NAT
1829 engine uses sockets for communication. If you want to change
1830 this behavior, you can tell the NAT engine to bind to a
1831 particular IP address instead. For example, use the following
1832 command:
1833 </para>
1834
1835<screen>$ VBoxManage modifyvm <replaceable>VM-name</replaceable> \
1836--natbindip1 "10.45.0.2"</screen>
1837
1838 <para>
1839 After this, all outgoing traffic will be sent through the
1840 interface with the IP address 10.45.0.2. Ensure that this
1841 interface is up and running before changing the NAT bind
1842 address.
1843 </para>
1844
1845 </sect2>
1846
1847 <sect2 id="nat-adv-dns">
1848
1849 <title>Enabling DNS Proxy in NAT Mode</title>
1850
1851 <para>
1852 The NAT engine by default offers the same DNS servers to the
1853 guest that are configured on the host. In some scenarios, it can
1854 be desirable to hide the DNS server IPs from the guest, for
1855 example when this information can change on the host due to
1856 expiring DHCP leases. In this case, you can tell the NAT engine
1857 to act as DNS proxy using the following command:
1858 </para>
1859
1860<screen>$ VBoxManage modifyvm <replaceable>VM-name</replaceable> --natdnsproxy1 on</screen>
1861
1862 </sect2>
1863
1864 <sect2 id="nat_host_resolver_proxy">
1865
1866 <title>Using the Host's Resolver as a DNS Proxy in NAT Mode</title>
1867
1868 <para>
1869 For resolving network names, the DHCP server of the NAT engine
1870 offers a list of registered DNS servers of the host. If for some
1871 reason you need to hide this DNS server list and use the host's
1872 resolver settings, thereby forcing the &product-name; NAT engine
1873 to intercept DNS requests and forward them to host's resolver,
1874 use the following command:
1875 </para>
1876
1877<screen>$ VBoxManage modifyvm <replaceable>VM-name</replaceable> --natdnshostresolver1 on</screen>
1878
1879 <para>
1880 Note that this setting is similar to the DNS proxy mode, however
1881 whereas the proxy mode just forwards DNS requests to the
1882 appropriate servers, the resolver mode will interpret the DNS
1883 requests and use the host's DNS API to query the information and
1884 return it to the guest.
1885 </para>
1886
1887 <sect3 id="nat_host_resolver_name_intercepting">
1888
1889 <title>User-Defined Host Name Resolving</title>
1890
1891 <para>
1892 In some cases it might be useful to intercept the name
1893 resolving mechanism, providing a user-defined IP address on a
1894 particular DNS request. The intercepting mechanism enables the
1895 user to map not only a single host but domains and even more
1896 complex naming conventions if required.
1897 </para>
1898
1899 <para>
1900 The following command sets a rule for mapping a name to a
1901 specified IP:
1902 </para>
1903
1904<screen>VBoxManage setextradata <replaceable>VM-name</replaceable> \
1905"VBoxInternal/Devices/{pcnet,e1000}/0/LUN#0/AttachedDriver/Config/HostResolverMappings/ \
1906<replaceable>unique-rule-name-of-interception-rule</replaceable>/HostIP" <replaceable>IPv4</replaceable>
1907
1908VBoxManage setextradata <replaceable>VM-name</replaceable> \
1909"VBoxInternal/Devices/{pcnet,e1000}/0/LUN#0/AttachedDriver/Config/HostResolverMappings/ \
1910<replaceable>unique-rule-name</replaceable>/HostName" <replaceable>hostname</replaceable></screen>
1911
1912 <para>
1913 The following command sets a rule for mapping a pattern name
1914 to a specified IP:
1915 </para>
1916
1917<screen>VBoxManage setextradata <replaceable>VM-name</replaceable> \
1918"VBoxInternal/Devices/{pcnet,e1000}/0/LUN#0/AttachedDriver/Config/HostResolverMappings/ \
1919<replaceable>unique-rule-name</replaceable>/HostIP" <replaceable>IPv4</replaceable>
1920
1921VBoxManage setextradata <replaceable>VM-name</replaceable> \
1922"VBoxInternal/Devices/{pcnet,e1000}/0/LUN#0/AttachedDriver/Config/HostResolverMappings/ \
1923<replaceable>unique-rule-name</replaceable>/HostNamePattern" <replaceable>hostpattern</replaceable></screen>
1924
1925 <para>
1926 The host name pattern can include the following wildcard
1927 characters: pipe (<literal>|</literal>), question mark
1928 (<literal>?</literal>), and asterisk (<literal>*</literal>).
1929 </para>
1930
1931 <para>
1932 This example demonstrates how to instruct the host-resolver
1933 mechanism to resolve all domain and probably some mirrors of
1934 www.blocked-site.info site with IP 127.0.0.1:
1935 </para>
1936
1937<screen>$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
1938"VBoxInternal/Devices/e1000/0/LUN#0/AttachedDriver/Config/HostResolverMappings/all_blocked_site/HostIP" 127.0.0.1
1939$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
1940"VBoxInternal/Devices/e1000/0/LUN#0/AttachedDriver/Config/HostResolverMappings/all_blocked_site/HostNamePattern" "*.blocked-site.*|*.fb.org"</screen>
1941
1942 <para>
1943 The host resolver mechanism should be enabled to use
1944 user-defined mapping rules, otherwise they do not have any
1945 effect.
1946 </para>
1947
1948 </sect3>
1949
1950 </sect2>
1951
1952 <sect2 id="nat-adv-alias">
1953
1954 <title>Configuring Aliasing of the NAT Engine</title>
1955
1956 <para>
1957 By default, the NAT core uses aliasing and uses random ports
1958 when generating an alias for a connection. This works well for
1959 the most protocols like SSH, FTP and so on. Though some
1960 protocols might need a more transparent behavior or may depend
1961 on the real port number the packet was sent from. You can change
1962 the NAT mode by using the following commands:
1963 </para>
1964
1965<screen>$ VBoxManage modifyvm <replaceable>VM-name</replaceable> \
1966--nataliasmode1 proxyonly</screen>
1967
1968<screen>$ VBoxManage modifyvm "Linux Guest" --nataliasmode1 sameports</screen>
1969
1970 <para>
1971 The first example disables aliasing and switches NAT into
1972 transparent mode, the second example enforces preserving of port
1973 values. These modes can be combined if necessary.
1974 </para>
1975
1976 </sect2>
1977
1978 </sect1>
1979
1980 <sect1 id="changedmi">
1981
1982 <title>Configuring the BIOS DMI Information</title>
1983
1984 <para>
1985 The DMI data that &product-name; provides to guests can be changed
1986 for a specific VM. Use the following commands to configure the DMI
1987 BIOS information. In case your VM is configured to use EFI
1988 firmware you need to replace <literal>pcbios</literal> by
1989 <literal>efi</literal> in the keys.
1990 </para>
1991
1992 <itemizedlist>
1993
1994 <listitem>
1995 <para>
1996 DMI BIOS information (type 0)
1997 </para>
1998
1999<screen>$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
2000"VBoxInternal/Devices/pcbios/0/Config/DmiBIOSVendor" "BIOS Vendor"
2001$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
2002"VBoxInternal/Devices/pcbios/0/Config/DmiBIOSVersion" "BIOS Version"
2003$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
2004"VBoxInternal/Devices/pcbios/0/Config/DmiBIOSReleaseDate" "BIOS Release Date"
2005$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
2006"VBoxInternal/Devices/pcbios/0/Config/DmiBIOSReleaseMajor" 1
2007$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
2008"VBoxInternal/Devices/pcbios/0/Config/DmiBIOSReleaseMinor" 2
2009$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
2010"VBoxInternal/Devices/pcbios/0/Config/DmiBIOSFirmwareMajor" 3
2011$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
2012"VBoxInternal/Devices/pcbios/0/Config/DmiBIOSFirmwareMinor" 4</screen>
2013 </listitem>
2014
2015 <listitem>
2016 <para>
2017 DMI system information (type 1)
2018 </para>
2019
2020<screen>$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
2021"VBoxInternal/Devices/pcbios/0/Config/DmiSystemVendor" "System Vendor"
2022$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
2023"VBoxInternal/Devices/pcbios/0/Config/DmiSystemProduct" "System Product"
2024$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
2025"VBoxInternal/Devices/pcbios/0/Config/DmiSystemVersion" "System Version"
2026$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
2027"VBoxInternal/Devices/pcbios/0/Config/DmiSystemSerial" "System Serial"
2028$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
2029"VBoxInternal/Devices/pcbios/0/Config/DmiSystemSKU" "System SKU"
2030$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
2031"VBoxInternal/Devices/pcbios/0/Config/DmiSystemFamily" "System Family"
2032$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
2033"VBoxInternal/Devices/pcbios/0/Config/DmiSystemUuid" \
2034"9852bf98-b83c-49db-a8de-182c42c7226b"</screen>
2035 </listitem>
2036
2037 <listitem>
2038 <para>
2039 DMI board information (type 2)
2040 </para>
2041
2042<screen>$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
2043"VBoxInternal/Devices/pcbios/0/Config/DmiBoardVendor" "Board Vendor"
2044$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
2045"VBoxInternal/Devices/pcbios/0/Config/DmiBoardProduct" "Board Product"
2046$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
2047"VBoxInternal/Devices/pcbios/0/Config/DmiBoardVersion" "Board Version"
2048$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
2049"VBoxInternal/Devices/pcbios/0/Config/DmiBoardSerial" "Board Serial"
2050$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
2051"VBoxInternal/Devices/pcbios/0/Config/DmiBoardAssetTag" "Board Tag"
2052$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
2053"VBoxInternal/Devices/pcbios/0/Config/DmiBoardLocInChass" "Board Location"
2054$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
2055"VBoxInternal/Devices/pcbios/0/Config/DmiBoardBoardType" 10</screen>
2056 </listitem>
2057
2058 <listitem>
2059 <para>
2060 DMI system enclosure or chassis (type 3)
2061 </para>
2062
2063<screen>$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
2064"VBoxInternal/Devices/pcbios/0/Config/DmiChassisVendor" "Chassis Vendor"
2065$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
2066"VBoxInternal/Devices/pcbios/0/Config/DmiChassisType" 3
2067$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
2068"VBoxInternal/Devices/pcbios/0/Config/DmiChassisVersion" "Chassis Version"
2069$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
2070"VBoxInternal/Devices/pcbios/0/Config/DmiChassisSerial" "Chassis Serial"
2071$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
2072"VBoxInternal/Devices/pcbios/0/Config/DmiChassisAssetTag" "Chassis Tag"</screen>
2073 </listitem>
2074
2075 <listitem>
2076 <para>
2077 DMI processor information (type 4)
2078 </para>
2079
2080<screen>$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
2081"VBoxInternal/Devices/pcbios/0/Config/DmiProcManufacturer" "GenuineIntel"
2082$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
2083"VBoxInternal/Devices/pcbios/0/Config/DmiProcVersion" "Pentium(R) III"</screen>
2084 </listitem>
2085
2086 <listitem>
2087 <para>
2088 DMI OEM strings (type 11)
2089 </para>
2090
2091<screen>$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
2092"VBoxInternal/Devices/pcbios/0/Config/DmiOEMVBoxVer" "vboxVer_1.2.3"
2093$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
2094"VBoxInternal/Devices/pcbios/0/Config/DmiOEMVBoxRev" "vboxRev_12345"</screen>
2095 </listitem>
2096
2097 </itemizedlist>
2098
2099 <para>
2100 If a DMI string is not set, the default value of &product-name; is
2101 used. To set an empty string use
2102 <literal>"&lt;EMPTY&gt;"</literal>.
2103 </para>
2104
2105 <para>
2106 Note that in the above list, all quoted parameters (DmiBIOSVendor,
2107 DmiBIOSVersion but not DmiBIOSReleaseMajor) are expected to be
2108 strings. If such a string is a valid number, the parameter is
2109 treated as number and the VM will most probably refuse to start
2110 with an <literal>VERR_CFGM_NOT_STRING</literal> error. In that
2111 case, use
2112 <literal>"string:<replaceable>value</replaceable>"</literal>. For
2113 example:
2114 </para>
2115
2116<screen>$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
2117"VBoxInternal/Devices/pcbios/0/Config/DmiSystemSerial" "string:1234"</screen>
2118
2119 <para>
2120 Changing this information can be necessary to provide the DMI
2121 information of the host to the guest to prevent Windows from
2122 asking for a new product key. On Linux hosts, the DMI BIOS
2123 information can be obtained with the following command:
2124 </para>
2125
2126<screen>$ dmidecode -t0</screen>
2127
2128 <para>
2129 The DMI system information can be obtained as follows:
2130 </para>
2131
2132<screen>$ dmidecode -t1</screen>
2133
2134 </sect1>
2135
2136 <sect1 id="changeacpicust">
2137
2138 <title>Configuring Custom ACPI Tables</title>
2139
2140 <para>
2141 You can configure &product-name; to present up to four custom ACPI
2142 tables to the guest. Use a command such as the following to
2143 configure custom ACPI tables. Note that
2144 <literal>CustomTable1</literal>, <literal>CustomTable2</literal>,
2145 and <literal>CustomTable3</literal> are available in addition to
2146 <literal>CustomTable0</literal>.
2147 </para>
2148
2149<screen>$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
2150"VBoxInternal/Devices/acpi/0/Config/CustomTable0" "/path/to/table.bin"</screen>
2151
2152 <para>
2153 Configuring custom ACPI tables can for example avoid the need for
2154 asking for a new product key on Windows Vista, Windows 7, Windows
2155 8 and later guests. On Linux hosts, one of the system's ACPI
2156 tables can be read from
2157 <filename>/sys/firmware/acpi/tables/</filename>.
2158 </para>
2159
2160 </sect1>
2161
2162 <sect1 id="fine-tune-timers">
2163
2164 <title>Fine Tuning Timers and Time Synchronization</title>
2165
2166 <sect2 id="changetscmode">
2167
2168 <title>Configuring the Guest Time Stamp Counter (TSC) to Reflect Guest
2169 Execution</title>
2170
2171 <para>
2172 By default, &product-name; keeps all sources of time visible to
2173 the guest synchronized to a single time source, the monotonic
2174 host time. This reflects the assumptions of many guest operating
2175 systems, which expect all time sources to reflect "wall clock"
2176 time. In special circumstances it may be useful however to make
2177 the time stamp counter (TSC) in the guest reflect the time
2178 actually spent executing the guest.
2179 </para>
2180
2181 <para>
2182 This special TSC handling mode can be enabled on a per-VM basis,
2183 and for best results must be used only in combination with
2184 hardware virtualization. To enable this mode use the following
2185 command:
2186 </para>
2187
2188<screen>$ VBoxManage setextradata <replaceable>VM-name</replaceable> "VBoxInternal/TM/TSCTiedToExecution" 1</screen>
2189
2190 <para>
2191 To revert to the default TSC handling mode use:
2192 </para>
2193
2194<screen>$ VBoxManage setextradata <replaceable>VM-name</replaceable> "VBoxInternal/TM/TSCTiedToExecution"</screen>
2195
2196 <para>
2197 Note that if you use the special TSC handling mode with a guest
2198 operating system which is very strict about the consistency of
2199 time sources you may get a warning or error message about the
2200 timing inconsistency. It may also cause clocks to become
2201 unreliable with some guest operating systems depending on how
2202 they use the TSC.
2203 </para>
2204
2205 </sect2>
2206
2207 <sect2 id="warpguest">
2208
2209 <title>Accelerate or Slow Down the Guest Clock</title>
2210
2211 <para>
2212 For certain purposes it can be useful to accelerate or to slow
2213 down the virtual guest clock. This can be achieved as follows:
2214 </para>
2215
2216<screen>$ VBoxManage setextradata <replaceable>VM-name</replaceable> "VBoxInternal/TM/WarpDrivePercentage" 200</screen>
2217
2218 <para>
2219 The above example will double the speed of the guest clock while
2220 </para>
2221
2222<screen>$ VBoxManage setextradata <replaceable>VM-name</replaceable> "VBoxInternal/TM/WarpDrivePercentage" 50</screen>
2223
2224 <para>
2225 will halve the speed of the guest clock. Note that changing the
2226 rate of the virtual clock can confuse the guest and can even
2227 lead to abnormal guest behavior. For instance, a higher clock
2228 rate means shorter timeouts for virtual devices with the result
2229 that a slightly increased response time of a virtual device due
2230 to an increased host load can cause guest failures. Note further
2231 that any time synchronization mechanism will frequently try to
2232 resynchronize the guest clock with the reference clock, which is
2233 the host clock if the &product-name; Guest Additions are active.
2234 Therefore any time synchronization should be disabled if the
2235 rate of the guest clock is changed as described above. See
2236 <xref linkend="changetimesync" />.
2237 </para>
2238
2239 </sect2>
2240
2241 <sect2 id="changetimesync">
2242
2243 <title>Tuning the Guest Additions Time Synchronization Parameters</title>
2244
2245 <para>
2246 The &product-name; Guest Additions ensure that the guest's
2247 system time is synchronized with the host time. There are
2248 several parameters which can be tuned. The parameters can be set
2249 for a specific VM using the following command:
2250 </para>
2251
2252<screen>$ VBoxManage guestproperty set <replaceable>VM-name</replaceable> "/VirtualBox/GuestAdd/VBoxService/<replaceable>property</replaceable>" <replaceable>value</replaceable></screen>
2253
2254 <para>
2255 <replaceable>property</replaceable> is one of the following:
2256 </para>
2257
2258 <variablelist>
2259
2260 <varlistentry>
2261 <term>
2262 <option>--timesync-interval</option>
2263 </term>
2264
2265 <listitem>
2266 <para>
2267 Specifies the interval at which to synchronize the time
2268 with the host. The default is 10000 ms (10 seconds).
2269 </para>
2270 </listitem>
2271 </varlistentry>
2272
2273 <varlistentry>
2274 <term>
2275 <option>--timesync-min-adjust</option>
2276 </term>
2277
2278 <listitem>
2279 <para>
2280 The minimum absolute drift value measured in milliseconds
2281 to make adjustments for. The default is 1000 ms on OS/2
2282 and 100 ms elsewhere.
2283 </para>
2284 </listitem>
2285 </varlistentry>
2286
2287 <varlistentry>
2288 <term>
2289 <option>--timesync-latency-factor</option>
2290 </term>
2291
2292 <listitem>
2293 <para>
2294 The factor to multiply the time query latency with to
2295 calculate the dynamic minimum adjust time. The default is
2296 8 times, which means as follows:
2297 </para>
2298
2299 <para>
2300 Measure the time it takes to determine the host time, the
2301 guest has to contact the VM host service which may take
2302 some time. Multiply this value by 8 and do an adjustment
2303 only if the time difference between host and guest is
2304 bigger than this value. Do not do any time adjustment
2305 otherwise.
2306 </para>
2307 </listitem>
2308 </varlistentry>
2309
2310 <varlistentry>
2311 <term>
2312 <option>--timesync-max-latency</option>
2313 </term>
2314
2315 <listitem>
2316 <para>
2317 The max host timer query latency to accept. The default is
2318 250 ms.
2319 </para>
2320 </listitem>
2321 </varlistentry>
2322
2323 <varlistentry>
2324 <term>
2325 <option>--timesync-set-threshold</option>
2326 </term>
2327
2328 <listitem>
2329 <para>
2330 The absolute drift threshold, given as milliseconds where
2331 to start setting the time instead of trying to smoothly
2332 adjust it. The default is 20 minutes.
2333 </para>
2334 </listitem>
2335 </varlistentry>
2336
2337 <varlistentry>
2338 <term>
2339 <option>--timesync-set-start</option>
2340 </term>
2341
2342 <listitem>
2343 <para>
2344 Set the time when starting the time sync service.
2345 </para>
2346 </listitem>
2347 </varlistentry>
2348
2349 <varlistentry>
2350 <term>
2351 <option>--timesync-set-on-restore 0|1</option>
2352 </term>
2353
2354 <listitem>
2355 <para>
2356 Set the time after the VM was restored from a saved state
2357 when passing 1 as parameter. This is the default. Disable
2358 by passing 0. In the latter case, the time will be
2359 adjusted smoothly, which can take a long time.
2360 </para>
2361 </listitem>
2362 </varlistentry>
2363
2364 </variablelist>
2365
2366 <para>
2367 All these parameters can be specified as command line parameters
2368 to VBoxService as well.
2369 </para>
2370
2371 </sect2>
2372
2373 <sect2 id="disabletimesync">
2374
2375 <title>Disabling the Guest Additions Time Synchronization</title>
2376
2377 <para>
2378 Once installed and started, the &product-name; Guest Additions
2379 will try to synchronize the guest time with the host time. This
2380 can be prevented by forbidding the guest service from reading
2381 the host clock:
2382 </para>
2383
2384<screen>$ VBoxManage setextradata <replaceable>VM-name</replaceable> "VBoxInternal/Devices/VMMDev/0/Config/GetHostTimeDisabled" 1</screen>
2385
2386 </sect2>
2387
2388 </sect1>
2389
2390 <sect1 id="vboxbowsolaris11">
2391
2392 <title>Installing the Alternate Bridged Networking Driver on Oracle Solaris 11
2393 Hosts</title>
2394
2395 <para>
2396 &product-name; includes a network filter driver that utilizes
2397 Oracle Solaris 11's Crossbow functionality. By default, this new
2398 driver is installed for Oracle Solaris 11 hosts that have support
2399 for it.
2400 </para>
2401
2402 <para>
2403 To force installation of the older STREAMS based network filter
2404 driver, execute as root the following command before installing
2405 the &product-name; package:
2406 </para>
2407
2408<screen>$ touch /etc/vboxinst_vboxflt</screen>
2409
2410 <para>
2411 To force installation of the Crossbow based network filter driver,
2412 execute as root the following command before installing the
2413 &product-name; package:
2414 </para>
2415
2416<screen>$ touch /etc/vboxinst_vboxbow</screen>
2417
2418 <para>
2419 To check which driver is currently being used by &product-name;,
2420 execute:
2421 </para>
2422
2423<screen>$ modinfo | grep vbox</screen>
2424
2425 <para>
2426 If the output contains "vboxbow", it indicates &product-name; is
2427 using the Crossbow network filter driver, while the name "vboxflt"
2428 indicates usage of the older STREAMS network filter.
2429 </para>
2430
2431 </sect1>
2432
2433 <sect1 id="vboxbowvnictemplates">
2434
2435 <title>&product-name; VNIC Templates for VLANs on Oracle Solaris 11 Hosts</title>
2436
2437 <para>
2438 &product-name; supports Virtual Network Interface (VNIC) templates
2439 for configuring VMs over VLANs. An &product-name; VNIC template is
2440 a VNIC whose name starts with
2441 <filename>vboxvnic_template</filename>. The string is
2442 case-sensitive.
2443 </para>
2444
2445 <para>
2446 On Oracle Solaris 11 hosts, when Crossbow-based bridged networking
2447 is used, a VNIC template may be used to specify the VLAN ID to use
2448 while bridging over a network link.
2449 </para>
2450
2451 <para>
2452 The following is an example of how to use a VNIC template to
2453 configure a VM over a VLAN. Create an &product-name; VNIC
2454 template, by executing as root:
2455 </para>
2456
2457<screen># dladm create-vnic -t -l nge0 -v 23 vboxvnic_template0</screen>
2458
2459 <para>
2460 This will create a temporary VNIC template over interface
2461 <command>nge0</command> with the VLAN ID 23. To create VNIC
2462 templates that are persistent across host reboots, skip the
2463 <option>-t</option> parameter in the above command. You may check
2464 the current state of links using the following command:
2465 </para>
2466
2467<screen>$ dladm show-link
2468LINK CLASS MTU STATE BRIDGE OVER
2469nge0 phys 1500 up -- --
2470nge1 phys 1500 down -- --
2471vboxvnic_template0 vnic 1500 up -- nge0
2472
2473$ dladm show-vnic
2474LINK OVER SPEED MACADDRESS MACADDRTYPE VID
2475vboxvnic_template0 nge0 1000 2:8:20:25:12:75 random 23</screen>
2476
2477 <para>
2478 Once the VNIC template is created, any VMs that need to be on VLAN
2479 23 over the interface <command>nge0</command> can be configured to
2480 bridge using this VNIC template.
2481 </para>
2482
2483 <para>
2484 VNIC templates makes managing VMs on VLANs simpler and efficient.
2485 The VLAN details are not stored as part of every VM's
2486 configuration but rather inherited from the VNIC template while
2487 starting the VM. The VNIC template itself can be modified anytime
2488 using the <command>dladm</command> command.
2489 </para>
2490
2491 <para>
2492 VNIC templates can be created with additional properties such as
2493 bandwidth limits and CPU fanout. Refer to your Oracle Solaris
2494 network documentation for details. The additional properties are
2495 also applied to VMs which bridge using the VNIC template.
2496 </para>
2497
2498 </sect1>
2499
2500 <sect1 id="addhostonlysolaris">
2501
2502 <title>Configuring Multiple Host-Only Network Interfaces on Oracle Solaris
2503 Hosts</title>
2504
2505 <para>
2506 By default &product-name; provides you with one host-only network
2507 interface. Adding more host-only network interfaces on Oracle
2508 Solaris hosts requires manual configuration. Here is how to add
2509 another host-only network interface.
2510 </para>
2511
2512 <para>
2513 Begin by stopping all running VMs. Then, unplumb the existing
2514 "vboxnet0" interface by execute the following command as root:
2515 </para>
2516
2517<screen># ifconfig vboxnet0 unplumb</screen>
2518
2519 <para>
2520 If you have several vboxnet interfaces, you will need to unplumb
2521 all of them. Once all vboxnet interfaces are unplumbed, remove the
2522 driver by executing the following command as root:
2523 </para>
2524
2525<screen># rem_drv vboxnet</screen>
2526
2527 <para>
2528 Edit the file
2529 <filename>/platform/i86pc/kernel/drv/vboxnet.conf</filename> and
2530 add a line for the new interface we want to add as shown below:
2531 </para>
2532
2533<screen>name="vboxnet" parent="pseudo" instance=1;
2534name="vboxnet" parent="pseudo" instance=2;</screen>
2535
2536 <para>
2537 Add as many of these lines as required with each line having a
2538 unique instance number.
2539 </para>
2540
2541 <para>
2542 Next, reload the vboxnet driver by executing the following command
2543 as root:
2544 </para>
2545
2546<screen># add_drv vboxnet</screen>
2547
2548 <para>
2549 On Oracle Solaris 11.1 and newer hosts you may want to rename the
2550 default vanity interface name. To check what name has been
2551 assigned, execute:
2552 </para>
2553
2554<screen>$ dladm show-phys
2555LINK MEDIA STATE SPEED DUPLEX DEVICE
2556net0 Ethernet up 100 full e1000g0
2557net2 Ethernet up 1000 full vboxnet1
2558net1 Ethernet up 1000 full vboxnet0</screen>
2559
2560 <para>
2561 In the above example, we can rename "net2" to "vboxnet1" before
2562 proceeding to plumb the interface. This can be done by executing
2563 as root:
2564 </para>
2565
2566<screen># dladm rename-link net2 vboxnet1</screen>
2567
2568 <para>
2569 Now plumb all the interfaces using <command>ifconfig
2570 vboxnet<replaceable>X</replaceable> plumb</command>, where
2571 <replaceable>X</replaceable> would be 1 in this case. Once the
2572 interface is plumbed, it may be configured like any other network
2573 interface. Refer to the <command>ifconfig</command> documentation
2574 for further details.
2575 </para>
2576
2577 <para>
2578 To make the settings for the newly added interfaces persistent
2579 across reboots, you will need to edit the files
2580 <filename>/etc/inet/netmasks</filename>, and if you are using NWAM
2581 <filename>/etc/nwam/llp</filename> and add the appropriate entries
2582 to set the netmask and static IP for each of those interfaces. The
2583 &product-name; installer only updates these configuration files
2584 for the one "vboxnet0" interface it creates by default.
2585 </para>
2586
2587 </sect1>
2588
2589 <sect1 id="solariscodedumper">
2590
2591 <title>Configuring the &product-name; CoreDumper on Oracle Solaris Hosts</title>
2592
2593 <para>
2594 &product-name; is capable of producing its own core files for
2595 extensive debugging when things go wrong. Currently this is only
2596 available on Oracle Solaris hosts.
2597 </para>
2598
2599 <para>
2600 The &product-name; CoreDumper can be enabled using the following
2601 command:
2602 </para>
2603
2604<screen>$ VBoxManage setextradata <replaceable>VM-name</replaceable> VBoxInternal2/CoreDumpEnabled 1</screen>
2605
2606 <para>
2607 You can specify which directory to use for core dumps with this
2608 command, as follows:
2609 </para>
2610
2611<screen>$ VBoxManage setextradata <replaceable>VM-name</replaceable> VBoxInternal2/CoreDumpDir <replaceable>path-to-directory</replaceable></screen>
2612
2613 <para>
2614 Make sure the directory you specify is on a volume with sufficient
2615 free space and that the &product-name; process has sufficient
2616 permissions to write files to this directory. If you skip this
2617 command and do not specify any core dump directory, the current
2618 directory of the &product-name; executable will be used. This
2619 would most likely fail when writing cores as they are protected
2620 with root permissions. It is recommended you explicitly set a core
2621 dump directory.
2622 </para>
2623
2624 <para>
2625 You must specify when the &product-name; CoreDumper should be
2626 triggered. This is done using the following commands:
2627 </para>
2628
2629<screen>$ VBoxManage setextradata <replaceable>VM-name</replaceable> VBoxInternal2/CoreDumpReplaceSystemDump 1
2630$ VBoxManage setextradata <replaceable>VM-name</replaceable> VBoxInternal2/CoreDumpLive 1</screen>
2631
2632 <para>
2633 At least one of the above two commands will have to be provided if
2634 you have enabled the &product-name; CoreDumper.
2635 </para>
2636
2637 <para>
2638 Setting <literal>CoreDumpReplaceSystemDump</literal> sets up the
2639 VM to override the host's core dumping mechanism and in the event
2640 of any crash only the &product-name; CoreDumper would produce the
2641 core file.
2642 </para>
2643
2644 <para>
2645 Setting <literal>CoreDumpLive</literal> sets up the VM to produce
2646 cores whenever the VM process receives a
2647 <literal>SIGUSR2</literal> signal. After producing the core file,
2648 the VM will not be terminated and will continue to run. You can
2649 thus take cores of the VM process using the following command:
2650 </para>
2651
2652<screen>$ kill -s SIGUSR2 <replaceable>VM-process-id</replaceable></screen>
2653
2654 <para>
2655 The &product-name; CoreDumper creates core files of the form
2656 <filename>core.vb.<replaceable>process-name</replaceable>.<replaceable>process-ID</replaceable></filename>
2657 such as <filename>core.vb.VBoxHeadless.11321</filename>.
2658 </para>
2659
2660 </sect1>
2661
2662 <sect1 id="vboxandsolzvmm">
2663
2664 <title>&product-name; and Oracle Solaris Kernel Zones</title>
2665
2666 <para>
2667 Oracle Solaris kernel zones on x86-based systems make use of
2668 hardware-assisted virtualization features like &product-name;
2669 does. However, for kernel zones and &product-name; to share this
2670 hardware resource, they need to cooperate.
2671 </para>
2672
2673 <para>
2674 By default, due to performance reasons, &product-name; acquires
2675 the hardware-assisted virtualization resource (VT-x/AMD-V)
2676 globally on the host machine and uses it until the last
2677 &product-name; VM that requires it is powered off. This prevents
2678 other software from using VT-x/AMD-V during the time
2679 &product-name; has taken control of it.
2680 </para>
2681
2682 <para>
2683 &product-name; can be instructed to relinquish use of
2684 hardware-assisted virtualization features when not executing guest
2685 code, thereby allowing kernel zones to make use of them. To do
2686 this, shutdown all &product-name; VMs and execute the following
2687 command:
2688 </para>
2689
2690<screen>$ VBoxManage setproperty hwvirtexclusive off</screen>
2691
2692 <para>
2693 This command needs to be executed only once as the setting is
2694 stored as part of the global &product-name; settings which will
2695 continue to persist across host-reboots and &product-name;
2696 upgrades.
2697 </para>
2698
2699 </sect1>
2700
2701 <sect1 id="guitweaks">
2702
2703 <title>Locking Down the &product-name; GUI</title>
2704
2705 <sect2 id="customize-vm-manager">
2706
2707 <title>Customizing the VirtualBox Manager</title>
2708
2709 <para>
2710 There are several advanced customization settings for locking
2711 down the VirtualBox Manager. Locking down means removing some
2712 features that the user should not see.
2713 </para>
2714
2715<screen>VBoxManage setextradata global GUI/Customizations <replaceable>property</replaceable>[,<replaceable>property</replaceable> ...]</screen>
2716
2717 <para>
2718 <replaceable>property</replaceable> is one of the following
2719 properties:
2720 </para>
2721
2722 <variablelist>
2723
2724 <varlistentry>
2725 <term>
2726 <literal>noSelector</literal>
2727 </term>
2728
2729 <listitem>
2730 <para>
2731 Do not allow users to start the VirtualBox Manager. Trying
2732 to do so will show a window containing a proper error
2733 message.
2734 </para>
2735 </listitem>
2736 </varlistentry>
2737
2738 <varlistentry>
2739 <term>
2740 <literal>noMenuBar</literal>
2741 </term>
2742
2743 <listitem>
2744 <para>
2745 VM windows will not contain a menu bar.
2746 </para>
2747 </listitem>
2748 </varlistentry>
2749
2750 <varlistentry>
2751 <term>
2752 <literal>noStatusBar</literal>
2753 </term>
2754
2755 <listitem>
2756 <para>
2757 VM windows will not contain a status bar.
2758 </para>
2759 </listitem>
2760 </varlistentry>
2761
2762 </variablelist>
2763
2764 <para>
2765 To disable any of these VirtualBox Manager customizations use
2766 the following command:
2767 </para>
2768
2769<screen>$ VBoxManage setextradata global GUI/Customizations</screen>
2770
2771 </sect2>
2772
2773 <sect2 id="customize-vm-selector">
2774
2775 <title>VM Selector Customization</title>
2776
2777 <para>
2778 The following per-machine VM extradata settings can be used to
2779 change the behavior of the VM selector window in respect of
2780 certain VMs:
2781 </para>
2782
2783<screen>$ VBoxManage setextradata <replaceable>VM-name</replaceable> <replaceable>property</replaceable> true</screen>
2784
2785 <para>
2786 <replaceable>property</replaceable> can be any of the following:
2787 </para>
2788
2789 <variablelist>
2790
2791 <varlistentry>
2792 <term>
2793 <literal>GUI/HideDetails</literal>
2794 </term>
2795
2796 <listitem>
2797 <para>
2798 Do not show the VM configuration of a certain VM. The
2799 details window will remain just empty if this VM is
2800 selected.
2801 </para>
2802 </listitem>
2803 </varlistentry>
2804
2805 <varlistentry>
2806 <term>
2807 <literal>GUI/PreventReconfiguration</literal>
2808 </term>
2809
2810 <listitem>
2811 <para>
2812 Do not allow the user to open the
2813 <emphasis role="bold">Settings</emphasis> dialog for a
2814 certain VM.
2815 </para>
2816 </listitem>
2817 </varlistentry>
2818
2819 <varlistentry>
2820 <term>
2821 <literal>GUI/PreventSnapshotOperations</literal>
2822 </term>
2823
2824 <listitem>
2825 <para>
2826 Prevent snapshot operations for a VM from the GUI, either
2827 at runtime or when the VM is powered off.
2828 </para>
2829 </listitem>
2830 </varlistentry>
2831
2832 <varlistentry>
2833 <term>
2834 <literal>GUI/HideFromManager</literal>
2835 </term>
2836
2837 <listitem>
2838 <para>
2839 Hide a certain VM in the VM selector window.
2840 </para>
2841 </listitem>
2842 </varlistentry>
2843
2844 <varlistentry>
2845 <term>
2846 <literal>GUI/PreventApplicationUpdate</literal>
2847 </term>
2848
2849 <listitem>
2850 <para>
2851 Disable the automatic update check and hide the
2852 corresponding menu item.
2853 </para>
2854 </listitem>
2855 </varlistentry>
2856
2857 </variablelist>
2858
2859 <para>
2860 Note that these settings do not prevent the user from
2861 reconfiguring the VM by using the <command>VBoxManage
2862 modifyvm</command> command.
2863 </para>
2864
2865 </sect2>
2866
2867 <sect2 id="config-vm-selector-menu">
2868
2869 <title>Configure VM Selector Menu Entries</title>
2870
2871 <para>
2872 You can disable, or blacklist, certain entries in the global
2873 settings page of the VM selector:
2874 </para>
2875
2876<screen>$ VBoxManage setextradata global GUI/RestrictedGlobalSettingsPages <replaceable>property</replaceable>[,<replaceable>property</replaceable>...]</screen>
2877
2878 <para>
2879 <replaceable>property</replaceable> is one of the following:
2880 </para>
2881
2882 <variablelist>
2883
2884 <varlistentry>
2885 <term>
2886 <literal>General</literal>
2887 </term>
2888
2889 <listitem>
2890 <para>
2891 Do not show the <emphasis role="bold">General</emphasis>
2892 settings pane.
2893 </para>
2894 </listitem>
2895 </varlistentry>
2896
2897 <varlistentry>
2898 <term>
2899 <literal>Input</literal>
2900 </term>
2901
2902 <listitem>
2903 <para>
2904 Do not show the <emphasis role="bold">Input</emphasis>
2905 settings pane.
2906 </para>
2907 </listitem>
2908 </varlistentry>
2909
2910 <varlistentry>
2911 <term>
2912 <literal>Update</literal>
2913 </term>
2914
2915 <listitem>
2916 <para>
2917 Do not show the <emphasis role="bold">Update</emphasis>
2918 settings pane.
2919 </para>
2920 </listitem>
2921 </varlistentry>
2922
2923 <varlistentry>
2924 <term>
2925 <literal>Language</literal>
2926 </term>
2927
2928 <listitem>
2929 <para>
2930 Do not show the <emphasis role="bold">Language</emphasis>
2931 settings pane.
2932 </para>
2933 </listitem>
2934 </varlistentry>
2935
2936 <varlistentry>
2937 <term>
2938 <literal>Display</literal>
2939 </term>
2940
2941 <listitem>
2942 <para>
2943 Do not show the <emphasis role="bold">Display</emphasis>
2944 settings pane.
2945 </para>
2946 </listitem>
2947 </varlistentry>
2948
2949 <varlistentry>
2950 <term>
2951 <literal>Network</literal>
2952 </term>
2953
2954 <listitem>
2955 <para>
2956 Do not show the <emphasis role="bold">Network</emphasis>
2957 settings pane.
2958 </para>
2959 </listitem>
2960 </varlistentry>
2961
2962 <varlistentry>
2963 <term>
2964 <literal>Extensions</literal>
2965 </term>
2966
2967 <listitem>
2968 <para>
2969 Do not show the
2970 <emphasis role="bold">Extensions</emphasis> settings pane.
2971 </para>
2972 </listitem>
2973 </varlistentry>
2974
2975 <varlistentry>
2976 <term>
2977 <literal>Proxy</literal>
2978 </term>
2979
2980 <listitem>
2981 <para>
2982 Do not show the <emphasis role="bold">Proxy</emphasis>
2983 settings pane.
2984 </para>
2985 </listitem>
2986 </varlistentry>
2987
2988 </variablelist>
2989
2990 <para>
2991 This is a global setting. You can specify any combination of
2992 properties. To restore the default behavior, use the following
2993 command:
2994 </para>
2995
2996<screen>$ VBoxManage setextradata global GUI/RestrictedGlobalSettingsPages</screen>
2997
2998 </sect2>
2999
3000 <sect2 id="config-vm-window-menu">
3001
3002 <title>Configure VM Window Menu Entries</title>
3003
3004 <para>
3005 You can disable, or blacklist, certain menu actions in the VM
3006 window:
3007 </para>
3008
3009<screen>VBoxManage setextradata "VM name"|global GUI/RestrictedRuntimeMenus OPTION[,OPTION...]</screen>
3010
3011 <para>
3012 where <literal>OPTION</literal> is one of the following
3013 keywords:
3014 </para>
3015
3016 <variablelist>
3017
3018 <varlistentry>
3019 <term>
3020 <literal>All</literal>
3021 </term>
3022
3023 <listitem>
3024 <para>
3025 Do not show any menu in the VM window.
3026 </para>
3027 </listitem>
3028 </varlistentry>
3029
3030 <varlistentry>
3031 <term>
3032 <literal>Application</literal>
3033 </term>
3034
3035 <listitem>
3036 <para>
3037 Do not show
3038 <emphasis role="bold">Application/File</emphasis> menu in
3039 the VM window.
3040 </para>
3041 </listitem>
3042 </varlistentry>
3043
3044 <varlistentry>
3045 <term>
3046 <literal>Machine</literal>
3047 </term>
3048
3049 <listitem>
3050 <para>
3051 Do not show the <emphasis role="bold">Machine</emphasis>
3052 menu in the VM window.
3053 </para>
3054 </listitem>
3055 </varlistentry>
3056
3057 <varlistentry>
3058 <term>
3059 <literal>View</literal>
3060 </term>
3061
3062 <listitem>
3063 <para>
3064 Do not show the <emphasis role="bold">View</emphasis> menu
3065 in the VM window.
3066 </para>
3067 </listitem>
3068 </varlistentry>
3069
3070 <varlistentry>
3071 <term>
3072 <literal>Input</literal>
3073 </term>
3074
3075 <listitem>
3076 <para>
3077 Do not show <emphasis role="bold">Input</emphasis> menu in
3078 the VM window.
3079 </para>
3080 </listitem>
3081 </varlistentry>
3082
3083 <varlistentry>
3084 <term>
3085 <literal>Devices</literal>
3086 </term>
3087
3088 <listitem>
3089 <para>
3090 Do not show the <emphasis role="bold">Devices</emphasis>
3091 menu in the VM window.
3092 </para>
3093 </listitem>
3094 </varlistentry>
3095
3096 <varlistentry>
3097 <term>
3098 <literal>Help</literal>
3099 </term>
3100
3101 <listitem>
3102 <para>
3103 Do not show the <emphasis role="bold">Help</emphasis> menu
3104 in the VM window.
3105 </para>
3106 </listitem>
3107 </varlistentry>
3108
3109 <varlistentry>
3110 <term>
3111 <literal>Debug</literal>
3112 </term>
3113
3114 <listitem>
3115 <para>
3116 Do not show the <emphasis role="bold">Debug</emphasis>
3117 menu in the VM window. The Debug menu is only visible if
3118 the GUI was started with special command line parameters
3119 or environment variable settings.
3120 </para>
3121 </listitem>
3122 </varlistentry>
3123
3124 </variablelist>
3125
3126 <para>
3127 This is a per-VM or global setting. Any combination of the above
3128 is allowed. To restore the default behavior, use the following
3129 command:
3130 </para>
3131
3132<screen>VBoxManage setextradata "VM name"|global GUI/RestrictedRuntimeMenus</screen>
3133
3134 <para>
3135 You can also disable, or blacklist, certain menu actions of
3136 certain menus. Use the following command to disable certain
3137 actions of the <emphasis role="bold">Application</emphasis>
3138 menu. This is only available on Mac OS X hosts.
3139 </para>
3140
3141<screen>VBoxManage setextradata "VM name"|global GUI/RestrictedRuntimeApplicationMenuActions OPTION[,OPTION...]</screen>
3142
3143 <para>
3144 where <literal>OPTION</literal> is one of the following
3145 keywords:
3146 </para>
3147
3148 <variablelist>
3149
3150 <varlistentry>
3151 <term>
3152 <literal>All</literal>
3153 </term>
3154
3155 <listitem>
3156 <para>
3157 Do not show any menu item in this menu.
3158 </para>
3159 </listitem>
3160 </varlistentry>
3161
3162 <varlistentry>
3163 <term>
3164 <literal>About</literal>
3165 </term>
3166
3167 <listitem>
3168 <para>
3169 Do not show the <emphasis role="bold">About</emphasis>
3170 menu item in this menu.
3171 </para>
3172 </listitem>
3173 </varlistentry>
3174
3175 <varlistentry>
3176 <term>
3177 <literal>Preferences</literal>
3178 </term>
3179
3180 <listitem>
3181 <para>
3182 Do not show the
3183 <emphasis role="bold">Preferences</emphasis> menu item in
3184 this menu.
3185 </para>
3186 </listitem>
3187 </varlistentry>
3188
3189 <varlistentry>
3190 <term>
3191 <literal>NetworkAccessManager</literal>
3192 </term>
3193
3194 <listitem>
3195 <para>
3196 Do not show the <emphasis role="bold">Network Operations
3197 Manager</emphasis> menu item in this menu.
3198 </para>
3199 </listitem>
3200 </varlistentry>
3201
3202 <varlistentry>
3203 <term>
3204 <literal>ResetWarnings</literal>
3205 </term>
3206
3207 <listitem>
3208 <para>
3209 Do not show the <emphasis role="bold">Reset All
3210 Warnings</emphasis> menu item in this menu.
3211 </para>
3212 </listitem>
3213 </varlistentry>
3214
3215 <varlistentry>
3216 <term>
3217 <literal>Close</literal>
3218 </term>
3219
3220 <listitem>
3221 <para>
3222 Do not show the <emphasis role="bold">Close</emphasis>
3223 menu item in this menu.
3224 </para>
3225 </listitem>
3226 </varlistentry>
3227
3228 </variablelist>
3229
3230 <para>
3231 This is a per-VM or global setting. Any combination of the above
3232 is allowed. To restore the default behavior, use the following
3233 command:
3234 </para>
3235
3236<screen>VBoxManage setextradata "VM name"|global GUI/RestrictedRuntimeMenus</screen>
3237
3238 <para>
3239 Use the following command to disable certain actions of the
3240 <emphasis role="bold">Machine</emphasis> menu:
3241 </para>
3242
3243<screen>VBoxManage setextradata "VM name"|global GUI/RestrictedRuntimeMachineMenuActions OPTION[,OPTION...]</screen>
3244
3245 <para>
3246 where <literal>OPTION</literal> is one of the following
3247 keywords:
3248 </para>
3249
3250 <variablelist>
3251
3252 <varlistentry>
3253 <term>
3254 <literal>All</literal>
3255 </term>
3256
3257 <listitem>
3258 <para>
3259 Do not show any menu item in this menu.
3260 </para>
3261 </listitem>
3262 </varlistentry>
3263
3264 <varlistentry>
3265 <term>
3266 <literal>SettingsDialog</literal>
3267 </term>
3268
3269 <listitem>
3270 <para>
3271 Do not show the <emphasis role="bold">Settings</emphasis>
3272 menu item in this menu.
3273 </para>
3274 </listitem>
3275 </varlistentry>
3276
3277 <varlistentry>
3278 <term>
3279 <literal>TakeSnapshot</literal>
3280 </term>
3281
3282 <listitem>
3283 <para>
3284 Do not show the <emphasis role="bold">Take
3285 Snapshot...</emphasis> menu item in this menu.
3286 </para>
3287 </listitem>
3288 </varlistentry>
3289
3290 <varlistentry>
3291 <term>
3292 <literal>InformationDialog</literal>
3293 </term>
3294
3295 <listitem>
3296 <para>
3297 Do not show the <emphasis role="bold">Session
3298 Information...</emphasis> menu item in this menu.
3299 </para>
3300 </listitem>
3301 </varlistentry>
3302
3303 <varlistentry>
3304 <term>
3305 <literal>FileManagerDialog</literal>
3306 </term>
3307
3308 <listitem>
3309 <para>
3310 Do not show the <emphasis role="bold">File
3311 Manager...</emphasis> menu item in this menu.
3312 </para>
3313 </listitem>
3314 </varlistentry>
3315
3316 <varlistentry>
3317 <term>
3318 <literal>Pause</literal>
3319 </term>
3320
3321 <listitem>
3322 <para>
3323 Do not show the <emphasis role="bold">Pause</emphasis>
3324 menu item in this menu.
3325 </para>
3326 </listitem>
3327 </varlistentry>
3328
3329 <varlistentry>
3330 <term>
3331 <literal>Reset</literal>
3332 </term>
3333
3334 <listitem>
3335 <para>
3336 Do not show the <emphasis role="bold">Reset</emphasis>
3337 menu item in this menu.
3338 </para>
3339 </listitem>
3340 </varlistentry>
3341
3342 <varlistentry>
3343 <term>
3344 <literal>Shutdown</literal>
3345 </term>
3346
3347 <listitem>
3348 <para>
3349 Do not show the <emphasis role="bold">ACPI
3350 Shutdown</emphasis> menu item in this menu.
3351 </para>
3352 </listitem>
3353 </varlistentry>
3354
3355 </variablelist>
3356
3357 <para>
3358 This is a per-VM or global setting. Any combination of the above
3359 is allowed. To restore the default behavior, use
3360 </para>
3361
3362<screen>VBoxManage setextradata "VM name"|global GUI/RestrictedRuntimeMachineMenuActions</screen>
3363
3364 <para>
3365 Use the following command to disable certain actions of the
3366 <emphasis role="bold">View</emphasis> menu:
3367 </para>
3368
3369<screen>VBoxManage setextradata "VM name"|global GUI/RestrictedRuntimeViewMenuActions OPTION[,OPTION...]</screen>
3370
3371 <para>
3372 where <literal>OPTION</literal> is one of the following
3373 keywords:
3374 </para>
3375
3376 <variablelist>
3377
3378 <varlistentry>
3379 <term>
3380 <literal>All</literal>
3381 </term>
3382
3383 <listitem>
3384 <para>
3385 Do not show any menu item in this menu.
3386 </para>
3387 </listitem>
3388 </varlistentry>
3389
3390 <varlistentry>
3391 <term>
3392 <literal>Fullscreen</literal>
3393 </term>
3394
3395 <listitem>
3396 <para>
3397 Do not show the <emphasis role="bold">Full-screen
3398 Mode</emphasis> menu item in this menu.
3399 </para>
3400 </listitem>
3401 </varlistentry>
3402
3403 <varlistentry>
3404 <term>
3405 <literal>Seamless</literal>
3406 </term>
3407
3408 <listitem>
3409 <para>
3410 Do not show the <emphasis role="bold">Seamless
3411 Mode</emphasis> menu item in this menu.
3412 </para>
3413 </listitem>
3414 </varlistentry>
3415
3416 <varlistentry>
3417 <term>
3418 <literal>Scale</literal>
3419 </term>
3420
3421 <listitem>
3422 <para>
3423 Do not show the <emphasis role="bold">Scaled
3424 Mode</emphasis> menu item in this menu.
3425 </para>
3426 </listitem>
3427 </varlistentry>
3428
3429 <varlistentry>
3430 <term>
3431 <literal>GuestAutoresize</literal>
3432 </term>
3433
3434 <listitem>
3435 <para>
3436 Do not show the <emphasis role="bold">Auto-resize Guest
3437 Display</emphasis> menu item in this menu.
3438 </para>
3439 </listitem>
3440 </varlistentry>
3441
3442 <varlistentry>
3443 <term>
3444 <literal>AdjustWindow</literal>
3445 </term>
3446
3447 <listitem>
3448 <para>
3449 Do not show the <emphasis role="bold">Adjust Window
3450 Size</emphasis> menu item in this menu.
3451 </para>
3452 </listitem>
3453 </varlistentry>
3454
3455 <varlistentry>
3456 <term>
3457 <literal>TakeScreenshot</literal>
3458 </term>
3459
3460 <listitem>
3461 <para>
3462 Do not show the <emphasis role="bold">Take
3463 Screenshot...</emphasis> menu item in this menu.
3464 </para>
3465 </listitem>
3466 </varlistentry>
3467
3468 <varlistentry>
3469 <term>
3470 <literal>Recording</literal>
3471 </term>
3472
3473 <listitem>
3474 <para>
3475 Do not show the <emphasis role="bold">Recording</emphasis>
3476 menu item in this menu.
3477 </para>
3478 </listitem>
3479 </varlistentry>
3480
3481 <varlistentry>
3482 <term>
3483 <literal>VRDEServer</literal>
3484 </term>
3485
3486 <listitem>
3487 <para>
3488 Do not show the <emphasis role="bold">Remote
3489 Display</emphasis> menu item in this menu.
3490 </para>
3491 </listitem>
3492 </varlistentry>
3493
3494 <varlistentry>
3495 <term>
3496 <literal>MenuBar</literal>
3497 </term>
3498
3499 <listitem>
3500 <para>
3501 Do not show the <emphasis role="bold">Menu Bar</emphasis>
3502 menu item in this menu.
3503 </para>
3504 </listitem>
3505 </varlistentry>
3506
3507 <varlistentry>
3508 <term>
3509 <literal>MenuBarSettings</literal>
3510 </term>
3511
3512 <listitem>
3513 <para>
3514 Do not show the <emphasis role="bold">Menu Bar
3515 Settings...</emphasis> menu item in this menu.
3516 </para>
3517 </listitem>
3518 </varlistentry>
3519
3520 <varlistentry>
3521 <term>
3522 <literal>StatusBar</literal>
3523 </term>
3524
3525 <listitem>
3526 <para>
3527 Do not show the <emphasis role="bold">Status
3528 Bar</emphasis> menu item in this menu.
3529 </para>
3530 </listitem>
3531 </varlistentry>
3532
3533 <varlistentry>
3534 <term>
3535 <literal>StatusbarSettings</literal>
3536 </term>
3537
3538 <listitem>
3539 <para>
3540 Do not show the <emphasis role="bold">Statusbar
3541 Settings...</emphasis> menu item in this menu.
3542 </para>
3543 </listitem>
3544 </varlistentry>
3545
3546 </variablelist>
3547
3548 <para>
3549 This is a per-VM or global setting. Any combination of the above
3550 is allowed. To restore the default behavior, use
3551 </para>
3552
3553<screen>VBoxManage setextradata "VM name"|global GUI/RestrictedRuntimeViewMenuActions</screen>
3554
3555 <para>
3556 Use the following command to disable certain actions of the
3557 <emphasis role="bold">Input</emphasis> menu:
3558 </para>
3559
3560<screen>VBoxManage setextradata "VM name"|global GUI/RestrictedRuntimeInputMenuActions OPTION[,OPTION...]</screen>
3561
3562 <para>
3563 where <literal>OPTION</literal> is one of the following
3564 keywords:
3565 </para>
3566
3567 <variablelist>
3568
3569 <varlistentry>
3570 <term>
3571 <literal>All</literal>
3572 </term>
3573
3574 <listitem>
3575 <para>
3576 Do not show any menu item in this menu.
3577 </para>
3578 </listitem>
3579 </varlistentry>
3580
3581 <varlistentry>
3582 <term>
3583 <literal>Keyboard</literal>
3584 </term>
3585
3586 <listitem>
3587 <para>
3588 Do not show the <emphasis role="bold">Keyboard</emphasis>
3589 menu item in this menu.
3590 </para>
3591 </listitem>
3592 </varlistentry>
3593
3594 <varlistentry>
3595 <term>
3596 <literal>KeyboardSettings</literal>
3597 </term>
3598
3599 <listitem>
3600 <para>
3601 Do not show the <emphasis role="bold">Keyboard
3602 Settings...</emphasis> menu item in this menu.
3603 </para>
3604 </listitem>
3605 </varlistentry>
3606
3607 <varlistentry>
3608 <term>
3609 <literal>SoftKeyboard</literal>
3610 </term>
3611
3612 <listitem>
3613 <para>
3614 Do not show the <emphasis role="bold">Soft
3615 Keyboard...</emphasis> menu item in this menu.
3616 </para>
3617 </listitem>
3618 </varlistentry>
3619
3620 <varlistentry>
3621 <term>
3622 <literal>TypeCAD</literal>
3623 </term>
3624
3625 <listitem>
3626 <para>
3627 Do not show the <emphasis role="bold">Insert
3628 Ctrl-Alt-Del</emphasis> menu item in this menu.
3629 </para>
3630 </listitem>
3631 </varlistentry>
3632
3633 <varlistentry>
3634 <term>
3635 <literal>TypeCABS</literal>
3636 </term>
3637
3638 <listitem>
3639 <para>
3640 Do not show the <emphasis role="bold">Insert
3641 Ctrl-Alt-Backspace</emphasis> menu item in this menu.
3642 </para>
3643 </listitem>
3644 </varlistentry>
3645
3646 <varlistentry>
3647 <term>
3648 <literal>TypeCtrlBreak</literal>
3649 </term>
3650
3651 <listitem>
3652 <para>
3653 Do not show the <emphasis role="bold">Insert
3654 Ctrl-Break</emphasis> menu item in this menu.
3655 </para>
3656 </listitem>
3657 </varlistentry>
3658
3659 <varlistentry>
3660 <term>
3661 <literal>TypeInsert</literal>
3662 </term>
3663
3664 <listitem>
3665 <para>
3666 Do not show the <emphasis role="bold">Insert
3667 Insert</emphasis> menu item in this menu.
3668 </para>
3669 </listitem>
3670 </varlistentry>
3671
3672 <varlistentry>
3673 <term>
3674 <literal>TypePrintScreen</literal>
3675 </term>
3676
3677 <listitem>
3678 <para>
3679 Do not show the <emphasis role="bold">Insert Print
3680 Screen</emphasis> menu item in this menu.
3681 </para>
3682 </listitem>
3683 </varlistentry>
3684
3685 <varlistentry>
3686 <term>
3687 <literal>TypeAltPrintScreen</literal>
3688 </term>
3689
3690 <listitem>
3691 <para>
3692 Do not show the <emphasis role="bold">Insert Alt Print
3693 Screen</emphasis> menu item in this menu.
3694 </para>
3695 </listitem>
3696 </varlistentry>
3697
3698 <varlistentry>
3699 <term>
3700 <literal>TypeHostKeyCombo</literal>
3701 </term>
3702
3703 <listitem>
3704 <para>
3705 Do not show the <emphasis role="bold">Insert Host Key
3706 Combo</emphasis> menu item in this menu.
3707 </para>
3708 </listitem>
3709 </varlistentry>
3710
3711 <varlistentry>
3712 <term>
3713 <literal>MouseIntegration</literal>
3714 </term>
3715
3716 <listitem>
3717 <para>
3718 Do not show the
3719 <emphasis role="bold">MouseIntegration</emphasis> menu
3720 item in this menu.
3721 </para>
3722 </listitem>
3723 </varlistentry>
3724
3725 </variablelist>
3726
3727 <para>
3728 This is a per-VM or global setting. Any combination of the above
3729 is allowed. To restore the default behavior, use
3730 </para>
3731
3732<screen>VBoxManage setextradata "VM name"|global GUI/RestrictedRuntimeInputMenuActions</screen>
3733
3734 <para>
3735 Use the following command to disable certain actions of the
3736 <emphasis role="bold">Devices</emphasis> menu:
3737 </para>
3738
3739<screen>VBoxManage setextradata "VM name"|global GUI/RestrictedRuntimeDevicesMenuActions OPTION[,OPTION...]</screen>
3740
3741 <para>
3742 where <literal>OPTION</literal> is one of the following keywords
3743 to disable actions in the
3744 <emphasis role="bold">Devices</emphasis> menu:
3745 </para>
3746
3747 <variablelist>
3748
3749 <varlistentry>
3750 <term>
3751 <literal>All</literal>
3752 </term>
3753
3754 <listitem>
3755 <para>
3756 Do not show any menu item in this menu.
3757 </para>
3758 </listitem>
3759 </varlistentry>
3760
3761 <varlistentry>
3762 <term>
3763 <literal>HardDrives</literal>
3764 </term>
3765
3766 <listitem>
3767 <para>
3768 Do not show the <emphasis role="bold">Hard
3769 Disks</emphasis> menu item in this menu.
3770 </para>
3771 </listitem>
3772 </varlistentry>
3773
3774 <varlistentry>
3775 <term>
3776 <literal>OpticalDevices</literal>
3777 </term>
3778
3779 <listitem>
3780 <para>
3781 Do not show the <emphasis role="bold">Optical
3782 Devices</emphasis> menu item in this menu.
3783 </para>
3784 </listitem>
3785 </varlistentry>
3786
3787 <varlistentry>
3788 <term>
3789 <literal>FloppyDevices</literal>
3790 </term>
3791
3792 <listitem>
3793 <para>
3794 Do not show the <emphasis role="bold">Floppy
3795 Drives</emphasis> menu item in this menu.
3796 </para>
3797 </listitem>
3798 </varlistentry>
3799
3800 <varlistentry>
3801 <term>
3802 <literal>Audio</literal>
3803 </term>
3804
3805 <listitem>
3806 <para>
3807 Do not show the <emphasis role="bold">Audio</emphasis>
3808 menu item in this menu.
3809 </para>
3810 </listitem>
3811 </varlistentry>
3812
3813 <varlistentry>
3814 <term>
3815 <literal>Network</literal>
3816 </term>
3817
3818 <listitem>
3819 <para>
3820 Do not show the <emphasis role="bold">Network</emphasis>
3821 menu item in this menu.
3822 </para>
3823 </listitem>
3824 </varlistentry>
3825
3826 <varlistentry>
3827 <term>
3828 <literal>NetworkSettings</literal>
3829 </term>
3830
3831 <listitem>
3832 <para>
3833 Do not show the <emphasis role="bold">Network
3834 Settings</emphasis> menu item in this menu.
3835 </para>
3836 </listitem>
3837 </varlistentry>
3838
3839 <varlistentry>
3840 <term>
3841 <literal>USBDevices</literal>
3842 </term>
3843
3844 <listitem>
3845 <para>
3846 Do not show the <emphasis role="bold">USB </emphasis> menu
3847 item in this menu.
3848 </para>
3849 </listitem>
3850 </varlistentry>
3851
3852 <varlistentry>
3853 <term>
3854 <literal>WebCams</literal>
3855 </term>
3856
3857 <listitem>
3858 <para>
3859 Do not show the <emphasis role="bold">WebCams </emphasis>
3860 menu item in this menu.
3861 </para>
3862 </listitem>
3863 </varlistentry>
3864
3865 <varlistentry>
3866 <term>
3867 <literal>SharedFolders</literal>
3868 </term>
3869
3870 <listitem>
3871 <para>
3872 Do not show the <emphasis role="bold">Shared
3873 Folders</emphasis> menu item in this menu.
3874 </para>
3875 </listitem>
3876 </varlistentry>
3877
3878 <varlistentry>
3879 <term>
3880 <literal>SharedFoldersSettings</literal>
3881 </term>
3882
3883 <listitem>
3884 <para>
3885 Do not show the <emphasis role="bold">Shared Folders
3886 Settings...</emphasis> menu item in this menu.
3887 </para>
3888 </listitem>
3889 </varlistentry>
3890
3891 <varlistentry>
3892 <term>
3893 <literal>SharedClipboard</literal>
3894 </term>
3895
3896 <listitem>
3897 <para>
3898 Do not show the <emphasis role="bold">Shared
3899 Clipboard</emphasis> menu item in this menu.
3900 </para>
3901 </listitem>
3902 </varlistentry>
3903
3904 <varlistentry>
3905 <term>
3906 <literal>DragAndDrop</literal>
3907 </term>
3908
3909 <listitem>
3910 <para>
3911 Do not show the <emphasis role="bold">Drag and
3912 Drop</emphasis> menu item in this menu.
3913 </para>
3914 </listitem>
3915 </varlistentry>
3916
3917 <varlistentry>
3918 <term>
3919 <literal>InstallGuestTools</literal>
3920 </term>
3921
3922 <listitem>
3923 <para>
3924 Do not show the <emphasis role="bold">Insert Guest
3925 Additions CD image...</emphasis> menu item in this menu.
3926 </para>
3927 </listitem>
3928 </varlistentry>
3929
3930 </variablelist>
3931
3932 <para>
3933 This is a per-VM or global or global setting. Any combination of
3934 the above is allowed. To restore the default behavior, use
3935 </para>
3936
3937<screen>VBoxManage setextradata "VM name"|global GUI/RestrictedRuntimeDevicesMenuActions</screen>
3938
3939 <para>
3940 Use the following command to disable certain actions of the
3941 <emphasis role="bold">Debug</emphasis> menu:
3942 </para>
3943
3944<screen>VBoxManage setextradata "VM name"|global GUI/RestrictedRuntimeDebuggerMenuActions OPTION[,OPTION...]</screen>
3945
3946 <para>
3947 where <literal>OPTION</literal> is one of the following keywords
3948 to disable actions in the <emphasis>Debug</emphasis> menu, which
3949 is normally completely disabled:
3950 </para>
3951
3952 <variablelist>
3953
3954 <varlistentry>
3955 <term>
3956 <literal>All</literal>
3957 </term>
3958
3959 <listitem>
3960 <para>
3961 Do not show any menu item in this menu.
3962 </para>
3963 </listitem>
3964 </varlistentry>
3965
3966 <varlistentry>
3967 <term>
3968 <literal>Statistics</literal>
3969 </term>
3970
3971 <listitem>
3972 <para>
3973 Do not show the
3974 <emphasis role="bold">Statistics...</emphasis> menu item
3975 in this menu.
3976 </para>
3977 </listitem>
3978 </varlistentry>
3979
3980 <varlistentry>
3981 <term>
3982 <literal>CommandLine</literal>
3983 </term>
3984
3985 <listitem>
3986 <para>
3987 Do not show the <emphasis role="bold">Command
3988 Line...</emphasis> menu item in this menu.
3989 </para>
3990 </listitem>
3991 </varlistentry>
3992
3993 <varlistentry>
3994 <term>
3995 <literal>Logging</literal>
3996 </term>
3997
3998 <listitem>
3999 <para>
4000 Do not show the
4001 <emphasis role="bold">Logging...</emphasis> menu item in
4002 this menu.
4003 </para>
4004 </listitem>
4005 </varlistentry>
4006
4007 <varlistentry>
4008 <term>
4009 <literal>LogDialog</literal>
4010 </term>
4011
4012 <listitem>
4013 <para>
4014 Do not show the <emphasis role="bold">Show
4015 Log...</emphasis> menu item in this menu.
4016 </para>
4017 </listitem>
4018 </varlistentry>
4019
4020 <varlistentry>
4021 <term>
4022 <literal>GuestControlConsole</literal>
4023 </term>
4024
4025 <listitem>
4026 <para>
4027 Do not show the <emphasis role="bold">Guest Control
4028 Terminal...</emphasis> menu item in this menu.
4029 </para>
4030 </listitem>
4031 </varlistentry>
4032
4033 </variablelist>
4034
4035 <para>
4036 This is a per-VM or global setting. Any combination of the above
4037 is allowed. To restore the default behavior, use
4038 </para>
4039
4040<screen>VBoxManage setextradata "VM name"|global GUI/RestrictedRuntimeDebuggerMenuActions</screen>
4041
4042 <para>
4043 Use the following command to disable certain actions of the
4044 <emphasis role="bold">View</emphasis> menu:
4045 </para>
4046
4047<screen>VBoxManage setextradata "VM name"|global GUI/RestrictedRuntimeHelpMenuActions OPTION[,OPTION...]</screen>
4048
4049 <para>
4050 where <literal>OPTION</literal> is one of the following keywords
4051 to disable actions in the <emphasis role="bold">Help</emphasis>
4052 menu, which is normally completely disabled:
4053 </para>
4054
4055 <variablelist>
4056
4057 <varlistentry>
4058 <term>
4059 <literal>All</literal>
4060 </term>
4061
4062 <listitem>
4063 <para>
4064 Do not show any menu item in this menu.
4065 </para>
4066 </listitem>
4067 </varlistentry>
4068
4069 <varlistentry>
4070 <term>
4071 <literal>Contents</literal>
4072 </term>
4073
4074 <listitem>
4075 <para>
4076 Do not show the
4077 <emphasis role="bold">Contents...</emphasis> menu item in
4078 this menu.
4079 </para>
4080 </listitem>
4081 </varlistentry>
4082
4083 <varlistentry>
4084 <term>
4085 <literal>WebSite</literal>
4086 </term>
4087
4088 <listitem>
4089 <para>
4090 Do not show the <emphasis role="bold">VirtualBox Web
4091 Site...</emphasis> menu item in this menu.
4092 </para>
4093 </listitem>
4094 </varlistentry>
4095
4096 <varlistentry>
4097 <term>
4098 <literal>BugTracker</literal>
4099 </term>
4100
4101 <listitem>
4102 <para>
4103 Do not show the <emphasis role="bold">VirtualBox Bug
4104 Tracker...</emphasis> menu item in this menu.
4105 </para>
4106 </listitem>
4107 </varlistentry>
4108
4109 <varlistentry>
4110 <term>
4111 <literal>Forums</literal>
4112 </term>
4113
4114 <listitem>
4115 <para>
4116 Do not show the <emphasis role="bold">VirtualBox
4117 Forums...</emphasis> menu item in this menu.
4118 </para>
4119 </listitem>
4120 </varlistentry>
4121
4122 <varlistentry>
4123 <term>
4124 <literal>Oracle</literal>
4125 </term>
4126
4127 <listitem>
4128 <para>
4129 Do not show the <emphasis role="bold">Oracle Web
4130 Site...</emphasis> menu item in this menu.
4131 </para>
4132 </listitem>
4133 </varlistentry>
4134
4135 <varlistentry>
4136 <term>
4137 <literal>About</literal>
4138 </term>
4139
4140 <listitem>
4141 <para>
4142 Do not show the <emphasis role="bold">About
4143 VirtualBox...</emphasis> menu item in this menu. Only for
4144 non-Mac OS X hosts.
4145 </para>
4146 </listitem>
4147 </varlistentry>
4148
4149 </variablelist>
4150
4151 <para>
4152 This is a per-VM or global setting. Any combination of the above
4153 is allowed. To restore the default behavior, use
4154 </para>
4155
4156<screen>VBoxManage setextradata "VM name"|global GUI/RestrictedRuntimeHelpMenuActions</screen>
4157
4158 </sect2>
4159
4160 <sect2 id="config-vm-window-status-bar">
4161
4162 <title>Configure VM Window Status Bar Entries</title>
4163
4164 <para>
4165 You can disable, or blacklist, certain status bar items:
4166 </para>
4167
4168<screen>VBoxManage setextradata "VM name"|global GUI/RestrictedStatusBarIndicators OPTION[,OPTION...]</screen>
4169
4170 <para>
4171 where <literal>OPTION</literal> is one of the following
4172 keywords:
4173 </para>
4174
4175 <variablelist>
4176
4177 <varlistentry>
4178 <term>
4179 <literal>HardDisks</literal>
4180 </term>
4181
4182 <listitem>
4183 <para>
4184 Do not show the hard disk icon in the VM window status
4185 bar. By default the hard disk icon is only shown if the VM
4186 configuration contains one or more hard disks.
4187 </para>
4188 </listitem>
4189 </varlistentry>
4190
4191 <varlistentry>
4192 <term>
4193 <literal>OpticalDisks</literal>
4194 </term>
4195
4196 <listitem>
4197 <para>
4198 Do not show the CD icon in the VM window status bar. By
4199 default the CD icon is only shown if the VM configuration
4200 contains one or more CD drives.
4201 </para>
4202 </listitem>
4203 </varlistentry>
4204
4205 <varlistentry>
4206 <term>
4207 <literal>FloppyDisks</literal>
4208 </term>
4209
4210 <listitem>
4211 <para>
4212 Do not show the floppy icon in the VM window status bar.
4213 By default the floppy icon is only shown if the VM
4214 configuration contains one or more floppy drives.
4215 </para>
4216 </listitem>
4217 </varlistentry>
4218
4219 <varlistentry>
4220 <term>
4221 <literal>Network</literal>
4222 </term>
4223
4224 <listitem>
4225 <para>
4226 Do not show the network icon in the VM window status bar.
4227 By default the network icon is only shown if the VM
4228 configuration contains one or more active network
4229 adapters.
4230 </para>
4231 </listitem>
4232 </varlistentry>
4233
4234 <varlistentry>
4235 <term>
4236 <literal>USB</literal>
4237 </term>
4238
4239 <listitem>
4240 <para>
4241 Do not show the USB icon in the status bar.
4242 </para>
4243 </listitem>
4244 </varlistentry>
4245
4246 <varlistentry>
4247 <term>
4248 <literal>SharedFolders</literal>
4249 </term>
4250
4251 <listitem>
4252 <para>
4253 Do not show the shared folders icon in the status bar.
4254 </para>
4255 </listitem>
4256 </varlistentry>
4257
4258 <varlistentry>
4259 <term>
4260 <literal>Capture</literal>
4261 </term>
4262
4263 <listitem>
4264 <para>
4265 Do not show the capture icon in the status bar.
4266 </para>
4267 </listitem>
4268 </varlistentry>
4269
4270 <varlistentry>
4271 <term>
4272 <literal>Features</literal>
4273 </term>
4274
4275 <listitem>
4276 <para>
4277 Do not show the CPU features icon in the status bar.
4278 </para>
4279 </listitem>
4280 </varlistentry>
4281
4282 <varlistentry>
4283 <term>
4284 <literal>Mouse</literal>
4285 </term>
4286
4287 <listitem>
4288 <para>
4289 Do not show the mouse icon in the status bar.
4290 </para>
4291 </listitem>
4292 </varlistentry>
4293
4294 <varlistentry>
4295 <term>
4296 <literal>Keyboard</literal>
4297 </term>
4298
4299 <listitem>
4300 <para>
4301 Do not show the keyboard icon in the status bar.
4302 </para>
4303 </listitem>
4304 </varlistentry>
4305
4306 </variablelist>
4307
4308 <para>
4309 This is a per-VM or global setting. Any combination of the above
4310 is allowed. If all options are specified, no icons are displayed
4311 in the status bar of the VM window. To restore the default
4312 behavior, use
4313 </para>
4314
4315<screen>VBoxManage setextradata "VM name"|global GUI/RestrictedStatusBarIndicators</screen>
4316
4317 </sect2>
4318
4319 <sect2 id="config-vm-window-visual-modes">
4320
4321 <title>Configure VM Window Visual Modes</title>
4322
4323 <para>
4324 You can disable, or blacklist, certain VM visual modes:
4325 </para>
4326
4327<screen>$ VBoxManage setextradata <replaceable>VM-name</replaceable> GUI/RestrictedVisualStates <replaceable>property</replaceable>[,<replaceable>property</replaceable>...]</screen>
4328
4329 <para>
4330 <replaceable>property</replaceable> is one of the following:
4331 </para>
4332
4333 <variablelist>
4334
4335 <varlistentry>
4336 <term>
4337 <literal>Fullscreen</literal>
4338 </term>
4339
4340 <listitem>
4341 <para>
4342 Do not allow to switch the VM into full screen mode.
4343 </para>
4344 </listitem>
4345 </varlistentry>
4346
4347 <varlistentry>
4348 <term>
4349 <literal>Seamless</literal>
4350 </term>
4351
4352 <listitem>
4353 <para>
4354 Do not allow to switch the VM into seamless mode.
4355 </para>
4356 </listitem>
4357 </varlistentry>
4358
4359 <varlistentry>
4360 <term>
4361 <literal>Scale</literal>
4362 </term>
4363
4364 <listitem>
4365 <para>
4366 Do not allow to switch the VM into scale mode.
4367 </para>
4368 </listitem>
4369 </varlistentry>
4370
4371 </variablelist>
4372
4373 <para>
4374 This is a per-VM setting. You can specify any combination of
4375 properties. To restore the default behavior, use the following
4376 command:
4377 </para>
4378
4379<screen>$ VBoxManage setextradata <replaceable>VM-name</replaceable> GUI/RestrictedVisualStates</screen>
4380
4381 </sect2>
4382
4383 <sect2 id="host-key-customize">
4384
4385 <title>Host Key Customization</title>
4386
4387 <para>
4388 To disable all Host key combinations, open the preferences and
4389 change the Host key to None. This might be useful when using
4390 &product-name; in a kiosk mode.
4391 </para>
4392
4393 <para>
4394 To redefine or disable certain Host key actions, use the
4395 following command:
4396 </para>
4397
4398<screen>$ VBoxManage setextradata global GUI/Input/MachineShortcuts "FullscreenMode=F,...."</screen>
4399
4400 <para>
4401 The following table shows the possible Host key actions,
4402 together with their default Host key shortcut. Setting an action
4403 to None will disable that Host key action.
4404 </para>
4405
4406 <table id="table-host-key-customize" tabstyle="oracle-all">
4407 <title>Host Key Customization</title>
4408 <tgroup cols="3">
4409 <thead>
4410 <row>
4411 <entry><para>
4412 <emphasis role="bold">Action</emphasis>
4413 </para></entry>
4414 <entry><para>
4415 <emphasis role="bold">Default Key</emphasis>
4416 </para></entry>
4417 <entry><para>
4418 <emphasis role="bold">Action</emphasis>
4419 </para></entry>
4420 </row>
4421 </thead>
4422 <tbody>
4423 <row>
4424 <entry><para>
4425 <literal>TakeSnapshot</literal>
4426 </para></entry>
4427 <entry><para>
4428 T
4429 </para></entry>
4430 <entry><para>
4431 Take a snapshot
4432 </para></entry>
4433 </row>
4434 <row>
4435 <entry><para>
4436 <literal>TakeScreenshot</literal>
4437 </para></entry>
4438 <entry><para>
4439 E
4440 </para></entry>
4441 <entry><para>
4442 Take a screenshot
4443 </para></entry>
4444 </row>
4445 <row>
4446 <entry><para>
4447 <literal>MouseIntegration</literal>
4448 </para></entry>
4449 <entry><para>
4450 I
4451 </para></entry>
4452 <entry><para>
4453 Toggle mouse integration
4454 </para></entry>
4455 </row>
4456 <row>
4457 <entry><para>
4458 <literal>TypeCAD</literal>
4459 </para></entry>
4460 <entry><para>
4461 Del
4462 </para></entry>
4463 <entry><para>
4464 Inject Ctrl+Alt+Del
4465 </para></entry>
4466 </row>
4467 <row>
4468 <entry><para>
4469 <literal>TypeCABS</literal>
4470 </para></entry>
4471 <entry><para>
4472 Backspace
4473 </para></entry>
4474 <entry><para>
4475 Inject Ctrl+Alt+Backspace
4476 </para></entry>
4477 </row>
4478 <row>
4479 <entry><para>
4480 <literal>Pause</literal>
4481 </para></entry>
4482 <entry><para>
4483 P
4484 </para></entry>
4485 <entry><para>
4486 Pause the VM
4487 </para></entry>
4488 </row>
4489 <row>
4490 <entry><para>
4491 <literal>Reset</literal>
4492 </para></entry>
4493 <entry><para>
4494 R
4495 </para></entry>
4496 <entry>Hard reset the guest</entry>
4497 </row>
4498 <row>
4499 <entry><para>
4500 <literal>SaveState</literal>
4501 </para></entry>
4502 <entry><para></para></entry>
4503 <entry><para>
4504 Save the VM state and terminate the VM
4505 </para></entry>
4506 </row>
4507 <row>
4508 <entry><para>
4509 <literal>Shutdown</literal>
4510 </para></entry>
4511 <entry><para>
4512 H
4513 </para></entry>
4514 <entry><para>
4515 Press the virtual ACPI power button
4516 </para></entry>
4517 </row>
4518 <row>
4519 <entry><para>
4520 <literal>PowerOff</literal>
4521 </para></entry>
4522 <entry><para></para></entry>
4523 <entry><para>
4524 Power off the VM without saving the state
4525 </para></entry>
4526 </row>
4527 <row>
4528 <entry><para>
4529 <literal>Close</literal>
4530 </para></entry>
4531 <entry><para>
4532 Q
4533 </para></entry>
4534 <entry><para>
4535 Show the Close VM dialog
4536 </para></entry>
4537 </row>
4538 <row>
4539 <entry><para>
4540 <literal>FullscreenMode</literal>
4541 </para></entry>
4542 <entry><para>
4543 F
4544 </para></entry>
4545 <entry><para>
4546 Switch the VM into full screen mode
4547 </para></entry>
4548 </row>
4549 <row>
4550 <entry><para>
4551 <literal>SeamlessMode</literal>
4552 </para></entry>
4553 <entry><para>
4554 L
4555 </para></entry>
4556 <entry><para>
4557 Switch the VM into seamless mode
4558 </para></entry>
4559 </row>
4560 <row>
4561 <entry><para>
4562 <literal>ScaleMode</literal>
4563 </para></entry>
4564 <entry><para>
4565 C
4566 </para></entry>
4567 <entry><para>
4568 Switch the VM into scaled mode
4569 </para></entry>
4570 </row>
4571 <row>
4572 <entry><para>
4573 <literal>GuestAutoResize</literal>
4574 </para></entry>
4575 <entry><para>
4576 G
4577 </para></entry>
4578 <entry><para>
4579 Automatically resize the guest window
4580 </para></entry>
4581 </row>
4582 <row>
4583 <entry><para>
4584 <literal>WindowAdjust</literal>
4585 </para></entry>
4586 <entry><para>
4587 A
4588 </para></entry>
4589 <entry><para>
4590 Immediately resize the guest window
4591 </para></entry>
4592 </row>
4593 <row>
4594 <entry><para>
4595 <literal>PopupMenu</literal>
4596 </para></entry>
4597 <entry><para>
4598 Home
4599 </para></entry>
4600 <entry><para>
4601 Show the popup menu in full screen mode and seamless
4602 mode
4603 </para></entry>
4604 </row>
4605 <row>
4606 <entry><para>
4607 <literal>SettingsDialog</literal>
4608 </para></entry>
4609 <entry><para>
4610 S
4611 </para></entry>
4612 <entry><para>
4613 Open the VM Settings dialog
4614 </para></entry>
4615 </row>
4616 <row>
4617 <entry><para>
4618 <literal>InformationDialog</literal>
4619 </para></entry>
4620 <entry><para>
4621 N
4622 </para></entry>
4623 <entry><para>
4624 Show the VM Session Information window
4625 </para></entry>
4626 </row>
4627 <row>
4628 <entry><para>
4629 <literal>NetworkAdaptersDialog</literal>
4630 </para></entry>
4631 <entry><para></para></entry>
4632 <entry><para>
4633 Show the VM Network Adapters dialog
4634 </para></entry>
4635 </row>
4636 <row>
4637 <entry><para>
4638 <literal>SharedFoldersDialog</literal>
4639 </para></entry>
4640 <entry><para></para></entry>
4641 <entry><para>
4642 Show the VM Shared Folders dialog
4643 </para></entry>
4644 </row>
4645 <row>
4646 <entry><para>
4647 <literal>InstallGuestAdditions</literal>
4648 </para></entry>
4649 <entry><para>
4650 D
4651 </para></entry>
4652 <entry><para>
4653 Mount the ISO containing the Guest Additions
4654 </para></entry>
4655 </row>
4656 </tbody>
4657 </tgroup>
4658 </table>
4659
4660 <para>
4661 To disable full screen mode and seamless mode, use the following
4662 command:
4663 </para>
4664
4665<screen>$ VBoxManage setextradata global GUI/Input/MachineShortcuts "FullscreenMode=None,SeamlessMode=None"</screen>
4666
4667 </sect2>
4668
4669 <sect2 id="terminate-vm-action">
4670
4671 <title>Action when Terminating the VM</title>
4672
4673 <para>
4674 You can disallow, or blacklist, certain actions when terminating
4675 a VM. To disallow specific actions, use the following command:
4676 </para>
4677
4678<screen>$ VBoxManage setextradata <replaceable>VM-name</replaceable> GUI/RestrictedCloseActions <replaceable>property</replaceable>[,<replaceable>property</replaceable>...]</screen>
4679
4680 <para>
4681 <replaceable>property</replaceable> is one of the following:
4682 </para>
4683
4684 <variablelist>
4685
4686 <varlistentry>
4687 <term>
4688 <literal>SaveState</literal>
4689 </term>
4690
4691 <listitem>
4692 <para>
4693 Do not allow the user to save the VM state when
4694 terminating the VM.
4695 </para>
4696 </listitem>
4697 </varlistentry>
4698
4699 <varlistentry>
4700 <term>
4701 <literal>Shutdown</literal>
4702 </term>
4703
4704 <listitem>
4705 <para>
4706 Do not allow the user to shutdown the VM by sending the
4707 ACPI power-off event to the guest.
4708 </para>
4709 </listitem>
4710 </varlistentry>
4711
4712 <varlistentry>
4713 <term>
4714 <literal>PowerOff</literal>
4715 </term>
4716
4717 <listitem>
4718 <para>
4719 Do not allow the user to power off the VM.
4720 </para>
4721 </listitem>
4722 </varlistentry>
4723
4724 <varlistentry>
4725 <term>
4726 <literal>PowerOffRestoringSnapshot</literal>
4727 </term>
4728
4729 <listitem>
4730 <para>
4731 Do not allow the user to return to the last snapshot when
4732 powering off the VM.
4733 </para>
4734 </listitem>
4735 </varlistentry>
4736
4737 <varlistentry>
4738 <term>
4739 <literal>Detach</literal>
4740 </term>
4741
4742 <listitem>
4743 <para>
4744 Do not allow the user to detach from the VM process if the
4745 VM was started in separate mode.
4746 </para>
4747 </listitem>
4748 </varlistentry>
4749
4750 </variablelist>
4751
4752 <para>
4753 This is a per-VM setting. You can specify any combination of
4754 properties. If all properties are specified, the VM cannot be
4755 shut down.
4756 </para>
4757
4758 </sect2>
4759
4760 <sect2 id="terminate-vm-default-action">
4761
4762 <title>Default Action when Terminating the VM</title>
4763
4764 <para>
4765 You can define a specific action for terminating a VM. In
4766 contrast to the setting decribed in the previous section, this
4767 setting allows only one action when the user terminates the VM.
4768 No exit menu is shown. Use the following command:
4769 </para>
4770
4771<screen>$ VBoxManage setextradata <replaceable>VM-name</replaceable> GUI/DefaultCloseAction <replaceable>action</replaceable></screen>
4772
4773 <para>
4774 <replaceable>action</replaceable> is one of the following:
4775 </para>
4776
4777 <variablelist>
4778
4779 <varlistentry>
4780 <term>
4781 <literal>SaveState</literal>
4782 </term>
4783
4784 <listitem>
4785 <para>
4786 Save the VM state before terminating the VM process.
4787 </para>
4788 </listitem>
4789 </varlistentry>
4790
4791 <varlistentry>
4792 <term>
4793 <literal>Shutdown</literal>
4794 </term>
4795
4796 <listitem>
4797 <para>
4798 The VM is shut down by sending the ACPI power-off event to
4799 the guest.
4800 </para>
4801 </listitem>
4802 </varlistentry>
4803
4804 <varlistentry>
4805 <term>
4806 <literal>PowerOff</literal>
4807 </term>
4808
4809 <listitem>
4810 <para>
4811 The VM is powered off.
4812 </para>
4813 </listitem>
4814 </varlistentry>
4815
4816 <varlistentry>
4817 <term>
4818 <literal>PowerOffRestoringSnapshot</literal>
4819 </term>
4820
4821 <listitem>
4822 <para>
4823 The VM is powered off and the saved state returns to the
4824 last snapshot.
4825 </para>
4826 </listitem>
4827 </varlistentry>
4828
4829 <varlistentry>
4830 <term>
4831 <literal>Detach</literal>
4832 </term>
4833
4834 <listitem>
4835 <para>
4836 Terminate the frontend but leave the VM process running.
4837 </para>
4838 </listitem>
4839 </varlistentry>
4840
4841 </variablelist>
4842
4843 <para>
4844 This is a per-VM setting. You can specify any combination of
4845 properties. If all properties are specified, the VM cannot be
4846 shut down.
4847 </para>
4848
4849 </sect2>
4850
4851 <sect2 id="guru-meditation-action">
4852
4853 <title>Action for Handling a Guru Meditation</title>
4854
4855 <para>
4856 A VM runs into a Guru Meditation if there is a problem which
4857 cannot be fixed by other means than terminating the process. The
4858 default is to show a message window which instructs the user to
4859 open a bug report.
4860 </para>
4861
4862 <para>
4863 This behavior can be configured as follows:
4864 </para>
4865
4866<screen>$ VBoxManage setextradata <replaceable>VM-name</replaceable> GUI/GuruMeditationHandler <replaceable>mode</replaceable></screen>
4867
4868 <para>
4869 <replaceable>mode</replaceable> is one of the following:
4870 </para>
4871
4872 <variablelist>
4873
4874 <varlistentry>
4875 <term>
4876 <literal>Default</literal>
4877 </term>
4878
4879 <listitem>
4880 <para>
4881 A message window is shown. After the user confirmed, the
4882 VM is terminated.
4883 </para>
4884 </listitem>
4885 </varlistentry>
4886
4887 <varlistentry>
4888 <term>
4889 <literal>PowerOff</literal>
4890 </term>
4891
4892 <listitem>
4893 <para>
4894 The VM is immediately powered-off without showing any
4895 message window. The VM logfile will show information about
4896 what happened.
4897 </para>
4898 </listitem>
4899 </varlistentry>
4900
4901 <varlistentry>
4902 <term>
4903 <literal>Ignore</literal>
4904 </term>
4905
4906 <listitem>
4907 <para>
4908 The VM is left in stuck mode. Execution is stopped but no
4909 message window is shown. The VM has to be powered off
4910 manually.
4911 </para>
4912 </listitem>
4913 </varlistentry>
4914
4915 </variablelist>
4916
4917 <para>
4918 This is a per-VM setting.
4919 </para>
4920
4921 </sect2>
4922
4923 <sect2 id="mouse-capture">
4924
4925 <title>Configuring Automatic Mouse Capturing</title>
4926
4927 <para>
4928 By default, the mouse is captured if the user clicks on the
4929 guest window and the guest expects relative mouse coordinates at
4930 this time. This happens if the pointing device is configured as
4931 PS/2 mouse and the guest has not yet started the &product-name;
4932 Guest Additions. For instance, the guest is booting or the Guest
4933 Additions are not installed, or if the pointing device is
4934 configured as a USB tablet but the guest has no USB driver
4935 loaded yet. Once the Guest Additions become active or the USB
4936 guest driver is started, the mouse capture is automatically
4937 released.
4938 </para>
4939
4940 <para>
4941 The default behavior is sometimes not desired. Therefore it can
4942 be configured as follows:
4943 </para>
4944
4945<screen>VBoxManage setextradata <replaceable>VM-name</replaceable> GUI/MouseCapturePolicy <replaceable>mode</replaceable></screen>
4946
4947 <para>
4948 <replaceable>mode</replaceable> is one of the following:
4949 </para>
4950
4951 <variablelist>
4952
4953 <varlistentry>
4954 <term>
4955 <literal>Default</literal>
4956 </term>
4957
4958 <listitem>
4959 <para>
4960 The default behavior as described above.
4961 </para>
4962 </listitem>
4963 </varlistentry>
4964
4965 <varlistentry>
4966 <term>
4967 <literal>HostComboOnly</literal>
4968 </term>
4969
4970 <listitem>
4971 <para>
4972 The mouse is only captured if the Host Key is toggled.
4973 </para>
4974 </listitem>
4975 </varlistentry>
4976
4977 <varlistentry>
4978 <term>
4979 <literal>Disabled</literal>
4980 </term>
4981
4982 <listitem>
4983 <para>
4984 The mouse is never captured, also not by toggling the Host
4985 Key
4986 </para>
4987 </listitem>
4988 </varlistentry>
4989
4990 </variablelist>
4991
4992 <para>
4993 This is a per-VM setting.
4994 </para>
4995
4996 </sect2>
4997
4998 <sect2 id="legacy-fullscreen-mode">
4999
5000 <title>Requesting Legacy Full-Screen Mode</title>
5001
5002 <para>
5003 &product-name; uses special window manager facilities to switch
5004 a multi-screen machine to full-screen on a multi-monitor host
5005 system. However, not all window managers provide these
5006 facilities correctly. &product-name; can be configured to use a
5007 legacy method of switching to full-screen mode instead, by using
5008 the command:
5009 </para>
5010
5011<screen>VBoxManage setextradata global GUI/Fullscreen/LegacyMode true</screen>
5012
5013 <para>
5014 You can go back to the default method by using the following
5015 command:
5016 </para>
5017
5018<screen>VBoxManage setextradata global GUI/Fullscreen/LegacyMode</screen>
5019
5020 <para>
5021 This is a global setting.
5022 </para>
5023
5024 </sect2>
5025
5026 <sect2 id="restrict-network-attachments">
5027
5028 <title>Removing Certain Modes of Networking From the GUI</title>
5029
5030 <para>
5031 It is possible to remove networking modes from &product-name;
5032 GUI. To do this, use the following command:
5033 </para>
5034
5035<screen>VBoxManage setextradata global GUI/RestrictedNetworkAttachmentTypes <replaceable>property</replaceable>[,<replaceable>property</replaceable>...]</screen>
5036
5037 <para>
5038 <replaceable>property</replaceable> is one of the following:
5039 </para>
5040
5041 <variablelist>
5042
5043 <varlistentry>
5044 <term>
5045 <literal>NAT</literal>
5046 </term>
5047
5048 <listitem>
5049 <para>
5050 Remove the <emphasis role="bold">NAT</emphasis> option
5051 from the GUI.
5052 </para>
5053 </listitem>
5054 </varlistentry>
5055
5056 <varlistentry>
5057 <term>
5058 <literal>NATNetwork</literal>
5059 </term>
5060
5061 <listitem>
5062 <para>
5063 Remove the <emphasis role="bold">NAT network</emphasis>
5064 option from the GUI.
5065 </para>
5066 </listitem>
5067 </varlistentry>
5068
5069 <varlistentry>
5070 <term>
5071 <literal>BridgedAdapter</literal>
5072 </term>
5073
5074 <listitem>
5075 <para>
5076 Remove the <emphasis role="bold">Bridged
5077 networking</emphasis> option from the GUI.
5078 </para>
5079 </listitem>
5080 </varlistentry>
5081
5082 <varlistentry>
5083 <term>
5084 <literal>InternalNetwork</literal>
5085 </term>
5086
5087 <listitem>
5088 <para>
5089 Remove the <emphasis role="bold">Internal
5090 networking</emphasis> option from the GUI.
5091 </para>
5092 </listitem>
5093 </varlistentry>
5094
5095 <varlistentry>
5096 <term>
5097 <literal>HostOnlyAdapter</literal>
5098 </term>
5099
5100 <listitem>
5101 <para>
5102 Remove the <emphasis role="bold">Host Only
5103 networking</emphasis> option from the GUI.
5104 </para>
5105 </listitem>
5106 </varlistentry>
5107
5108 <varlistentry>
5109 <term>
5110 <literal>GenericDriver</literal>
5111 </term>
5112
5113 <listitem>
5114 <para>
5115 Remove the <emphasis role="bold">Generic
5116 networking</emphasis> option from the GUI.
5117 </para>
5118 </listitem>
5119 </varlistentry>
5120
5121 </variablelist>
5122
5123 <para>
5124 This is a global setting. You can specify any combination of
5125 properties. To restore the default behavior, use the following
5126 command:
5127 </para>
5128
5129<screen>VBoxManage setextradata global GUI/RestrictedNetworkAttachmentTypes</screen>
5130
5131 </sect2>
5132
5133 </sect1>
5134
5135 <sect1 id="vboxwebsrv-daemon">
5136
5137 <title>Starting the &product-name; Web Service Automatically</title>
5138
5139 <para>
5140 The &product-name; web service, <command>vboxwebsrv</command>, is
5141 used for controlling &product-name; remotely. It is documented in
5142 detail in the &product-name; Software Development Kit (SDK). See
5143 <xref linkend="VirtualBoxAPI" />. Web service start scripts are
5144 available for supported host operating systems. The following
5145 sections describe how to use the scripts. The &product-name; web
5146 service is never started automatically as a result of a standard
5147 installation.
5148 </para>
5149
5150 <sect2 id="vboxwebsrv-linux">
5151
5152 <title>Linux: Starting the Web Service With init</title>
5153
5154 <para>
5155 On Linux, the web service can be automatically started during
5156 host boot by adding appropriate parameters to the file
5157 <filename>/etc/default/virtualbox</filename>. There is one
5158 mandatory parameter, <literal>VBOXWEB_USER</literal>, which must
5159 be set to the user which will later start the VMs. The
5160 parameters in the following table all start with the
5161 <literal>VBOXWEB_</literal> prefix string. For example:
5162 <literal>VBOXWEB_HOST</literal> and
5163 <literal>VBOXWEB_PORT</literal>.
5164 </para>
5165
5166 <table id="table-websrv-config-params" tabstyle="oracle-all">
5167 <title>Web Service Configuration Parameters</title>
5168 <tgroup cols="3">
5169 <thead>
5170 <row>
5171 <entry><para>
5172 <emphasis role="bold">Parameter</emphasis>
5173 </para></entry>
5174 <entry><para>
5175 <emphasis role="bold">Description</emphasis>
5176 </para></entry>
5177 <entry><para>
5178 <emphasis role="bold">Default</emphasis>
5179 </para></entry>
5180 </row>
5181 </thead>
5182 <tbody>
5183 <row>
5184 <entry><para>
5185 <literal>USER</literal>
5186 </para></entry>
5187 <entry><para>
5188 The user which the web service runs as
5189 </para></entry>
5190 <entry><para></para></entry>
5191 </row>
5192 <row>
5193 <entry><para>
5194 <literal>HOST</literal>
5195 </para></entry>
5196 <entry><para>
5197 The host to bind the web service to
5198 </para></entry>
5199 <entry><para>
5200 localhost
5201 </para></entry>
5202 </row>
5203 <row>
5204 <entry><para>
5205 <literal>PORT</literal>
5206 </para></entry>
5207 <entry><para>
5208 The port to bind the web service to
5209 </para></entry>
5210 <entry><para>
5211 18083
5212 </para></entry>
5213 </row>
5214 <row>
5215 <entry><para>
5216 <literal>SSL_KEYFILE</literal>
5217 </para></entry>
5218 <entry><para>
5219 Server key and certificate file, in PEM format
5220 </para></entry>
5221 <entry><para></para></entry>
5222 </row>
5223 <row>
5224 <entry><para>
5225 <literal>SSL_PASSWORDFILE</literal>
5226 </para></entry>
5227 <entry><para>
5228 File name for password to server key
5229 </para></entry>
5230 <entry><para></para></entry>
5231 </row>
5232 <row>
5233 <entry><para>
5234 <literal>SSL_CACERT</literal>
5235 </para></entry>
5236 <entry><para>
5237 CA certificate file, in PEM format
5238 </para></entry>
5239 <entry><para></para></entry>
5240 </row>
5241 <row>
5242 <entry><para>
5243 <literal>SSL_CAPATH</literal>
5244 </para></entry>
5245 <entry><para>
5246 CA certificate path
5247 </para></entry>
5248 <entry><para></para></entry>
5249 </row>
5250 <row>
5251 <entry><para>
5252 <literal>SSL_DHFILE</literal>
5253 </para></entry>
5254 <entry><para>
5255 DH file name or DH key length in bits
5256 </para></entry>
5257 <entry><para></para></entry>
5258 </row>
5259 <row>
5260 <entry><para>
5261 <literal>SSL_RANDFILE</literal>
5262 </para></entry>
5263 <entry><para>
5264 File containing seed for random number generator
5265 </para></entry>
5266 <entry><para></para></entry>
5267 </row>
5268 <row>
5269 <entry><para>
5270 <literal>TIMEOUT</literal>
5271 </para></entry>
5272 <entry><para>
5273 Session timeout in seconds, 0 disables timeouts
5274 </para></entry>
5275 <entry><para>
5276 300
5277 </para></entry>
5278 </row>
5279 <row>
5280 <entry><para>
5281 <literal>CHECK_INTERVAL</literal>
5282 </para></entry>
5283 <entry><para>
5284 Frequency of timeout checks in seconds
5285 </para></entry>
5286 <entry><para>
5287 5
5288 </para></entry>
5289 </row>
5290 <row>
5291 <entry><para>
5292 <literal>THREADS</literal>
5293 </para></entry>
5294 <entry><para>
5295 Maximum number of worker threads to run in parallel
5296 </para></entry>
5297 <entry><para>
5298 100
5299 </para></entry>
5300 </row>
5301 <row>
5302 <entry><para>
5303 <literal>KEEPALIVE</literal>
5304 </para></entry>
5305 <entry><para>
5306 Maximum number of requests before a socket will be
5307 closed
5308 </para></entry>
5309 <entry><para>
5310 100
5311 </para></entry>
5312 </row>
5313 <row>
5314 <entry><para>
5315 <literal>ROTATE</literal>
5316 </para></entry>
5317 <entry><para>
5318 Number of log files, 0 disables log rotation
5319 </para></entry>
5320 <entry><para>
5321 10
5322 </para></entry>
5323 </row>
5324 <row>
5325 <entry><para>
5326 <literal>LOGSIZE</literal>
5327 </para></entry>
5328 <entry><para>
5329 Maximum log file size to trigger rotation, in bytes
5330 </para></entry>
5331 <entry><para>
5332 1MB
5333 </para></entry>
5334 </row>
5335 <row>
5336 <entry><para>
5337 <literal>LOGINTERVAL</literal>
5338 </para></entry>
5339 <entry><para>
5340 Maximum time interval to trigger log rotation, in
5341 seconds
5342 </para></entry>
5343 <entry><para>
5344 1 day
5345 </para></entry>
5346 </row>
5347 </tbody>
5348 </tgroup>
5349 </table>
5350
5351 <para>
5352 Setting the parameter <literal>SSL_KEYFILE</literal> enables the
5353 SSL/TLS support. Using encryption is strongly encouraged, as
5354 otherwise everything, including passwords, is transferred in
5355 clear text.
5356 </para>
5357
5358 </sect2>
5359
5360 <sect2 id="vboxwebsrv-solaris">
5361
5362 <title>Oracle Solaris: Starting the Web Service With SMF</title>
5363
5364 <para>
5365 On Oracle Solaris hosts, the &product-name; web service daemon
5366 is integrated into the SMF framework. You can change the
5367 parameters, but do not have to if the defaults below already
5368 match your needs:
5369 </para>
5370
5371<screen>svccfg -s svc:/application/virtualbox/webservice:default setprop config/host=localhost
5372svccfg -s svc:/application/virtualbox/webservice:default setprop config/port=18083
5373svccfg -s svc:/application/virtualbox/webservice:default setprop config/user=root</screen>
5374
5375 <para>
5376 The table in <xref linkend="vboxwebsrv-linux"/> showing the
5377 parameter names and defaults also applies for Oracle Solaris.
5378 The parameter names must be changed to lowercase and a prefix of
5379 <literal>config/</literal> has to be added. For example:
5380 <literal>config/user</literal> or
5381 <literal>config/ssl_keyfile</literal>. If you make any change,
5382 do not forget to run the following command to put the changes
5383 into effect immediately:
5384 </para>
5385
5386<screen>svcadm refresh svc:/application/virtualbox/webservice:default</screen>
5387
5388 <para>
5389 If you forget the above command then the previous settings are
5390 used when enabling the service. Check the current property
5391 settings as follows:
5392 </para>
5393
5394<screen>svcprop -p config svc:/application/virtualbox/webservice:default</screen>
5395
5396 <para>
5397 When everything is configured correctly you can start the
5398 &product-name; web service with the following command:
5399 </para>
5400
5401<screen>svcadm enable svc:/application/virtualbox/webservice:default</screen>
5402
5403 <para>
5404 For more information about SMF, please refer to the Oracle
5405 Solaris documentation.
5406 </para>
5407
5408 </sect2>
5409
5410 <sect2 id="vboxwebsrv-osx">
5411
5412 <title>Mac OS X: Starting the Web Service With launchd</title>
5413
5414 <para>
5415 On Mac OS X, launchd is used to start the &product-name;
5416 webservice. An example configuration file can be found in
5417 <filename>$HOME/Library/LaunchAgents/org.virtualbox.vboxwebsrv.plist</filename>.
5418 It can be enabled by changing the <literal>Disabled</literal>
5419 key from <literal>true</literal> to <literal>false</literal>. To
5420 manually start the service use the following command:
5421 </para>
5422
5423<screen>launchctl load ~/Library/LaunchAgents/org.virtualbox.vboxwebsrv.plist</screen>
5424
5425 <para>
5426 For additional information on how launchd services could be
5427 configured see:
5428 </para>
5429
5430 <para>
5431 <ulink
5432 url="https://developer.apple.com/library/mac/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html" />.
5433 </para>
5434
5435 </sect2>
5436
5437 </sect1>
5438
5439 <sect1 id="vboxwatchdog">
5440
5441 <title>&product-name; Watchdog</title>
5442
5443 <para>
5444 The memory ballooning service, formerly known as
5445 <command>VBoxBalloonCtrl</command>, was renamed to VBoxWatchdog.
5446 This service now incorporates the following host services that are
5447 meant to be run in a server environment:
5448 </para>
5449
5450 <itemizedlist>
5451
5452 <listitem>
5453 <para>
5454 <emphasis role="bold">Memory ballooning control.</emphasis>
5455 This service automatically takes care of a VM's configured
5456 memory balloon. See <xref linkend="guestadd-balloon" />. This
5457 service is useful for server environments where VMs may
5458 dynamically require more or less memory during runtime.
5459 </para>
5460
5461 <para>
5462 The service periodically checks a VM's current memory balloon
5463 and its free guest RAM and automatically adjusts the current
5464 memory balloon by inflating or deflating it accordingly. This
5465 handling only applies to running VMs having recent Guest
5466 Additions installed.
5467 </para>
5468 </listitem>
5469
5470 <listitem>
5471 <para>
5472 <emphasis role="bold">Host isolation detection.</emphasis>
5473 This service provides a way to detect whether the host cannot
5474 reach the specific &product-name; server instance anymore and
5475 take appropriate actions, such as shutting down, saving the
5476 current state or even powering down certain VMs.
5477 </para>
5478 </listitem>
5479
5480 </itemizedlist>
5481
5482 <para>
5483 All configuration values can be either specified using the command
5484 line or global extradata, whereas command line values always have
5485 a higher priority when set. Some of the configuration values also
5486 be specified on a per-VM basis. So the overall lookup order is:
5487 command line, per-VM basis extradata if available, global
5488 extradata.
5489 </para>
5490
5491 <sect2 id="vboxwatchdog-ballonctrl">
5492
5493 <title>Memory Ballooning Control</title>
5494
5495 <para>
5496 The memory ballooning control inflates and deflates the memory
5497 balloon of VMs based on the VMs free memory and the desired
5498 maximum balloon size.
5499 </para>
5500
5501 <para>
5502 To set up the memory ballooning control the maximum ballooning
5503 size a VM can reach needs to be set. This can be specified using
5504 the command line, as follows:
5505 </para>
5506
5507<screen>--balloon-max &lt;Size in MB&gt;</screen>
5508
5509 <para>
5510 Using a per-VM basis extradata value, as follows:
5511 </para>
5512
5513<screen>VBoxManage setextradata &lt;VM-Name&gt; VBoxInternal2/Watchdog/BalloonCtrl/BalloonSizeMax &lt;Size in MB&gt;</screen>
5514
5515 <para>
5516 Using a global extradata value, as follows:
5517 </para>
5518
5519<screen>VBoxManage setextradata global VBoxInternal2/Watchdog/BalloonCtrl/BalloonSizeMax &lt;Size in MB&gt;</screen>
5520
5521 <note>
5522 <para>
5523 If no maximum ballooning size is specified by at least one of
5524 the parameters above, no ballooning will be performed at all.
5525 </para>
5526 </note>
5527
5528 <para>
5529 Setting the ballooning increment in MB can be either done using
5530 command line, as follows:
5531 </para>
5532
5533<screen>--balloon-inc &lt;Size in MB&gt;</screen>
5534
5535 <para>
5536 Using a global extradata value, as follows:
5537 </para>
5538
5539<screen>VBoxManage setextradata global VBoxInternal2/Watchdog/BalloonCtrl/BalloonIncrementMB &lt;Size in MB&gt;</screen>
5540
5541 <para>
5542 The default ballooning increment is 256 MB if not specified.
5543 </para>
5544
5545 <para>
5546 The same options apply for a ballooning decrement. Using the
5547 command line, as follows:
5548 </para>
5549
5550<screen>--balloon-dec &lt;Size in MB&gt;</screen>
5551
5552 <para>
5553 Using a global extradata value, as follows:
5554 </para>
5555
5556<screen>VBoxManage setextradata global VBoxInternal2/Watchdog/BalloonCtrl/BalloonDecrementMB &lt;Size in MB&gt;</screen>
5557
5558 <para>
5559 The default ballooning decrement is 128 MB if not specified.
5560 </para>
5561
5562 <para>
5563 The lower limit in MB for a balloon can be defined using the
5564 command line, as follows:
5565 </para>
5566
5567<screen>--balloon-lower-limit &lt;Size in MB&gt;</screen>
5568
5569 <para>
5570 Using a global extradata value, as follows:
5571 </para>
5572
5573<screen>VBoxManage setextradata global VBoxInternal2/Watchdog/BalloonCtrl/BalloonLowerLimitMB &lt;Size in MB&gt;</screen>
5574
5575 <para>
5576 The default lower limit is 128 MB if not specified.
5577 </para>
5578
5579 </sect2>
5580
5581 <sect2 id="vboxwatchdog-hostisln">
5582
5583 <title>Host Isolation Detection</title>
5584
5585 <para>
5586 To detect whether a host is being isolated, that is, the host
5587 cannot reach the &product-name; server instance anymore, the
5588 host needs to set an alternating value to a global extradata
5589 value within a time period. If this value is not set within that
5590 time period a timeout occurred and the so-called host isolation
5591 response will be performed to the VMs handled. Which VMs are
5592 handled can be controlled by defining VM groups and assigning
5593 VMs to those groups. By default no groups are set, meaning that
5594 all VMs on the server will be handled when no host response is
5595 received within 30 seconds.
5596 </para>
5597
5598 <para>
5599 Set the groups handled by the host isolation detection using the
5600 following command line:
5601 </para>
5602
5603<screen>--apimon-groups=&lt;string[,stringN]&gt;</screen>
5604
5605 <para>
5606 Using a global extradata value, as follows:
5607 </para>
5608
5609<screen>VBoxManage setextradata global VBoxInternal2/Watchdog/APIMonitor/Groups &lt;string[,stringN]&gt;</screen>
5610
5611 <para>
5612 Set the host isolation timeout using the following command line:
5613 </para>
5614
5615<screen>--apimon-isln-timeout=&lt;ms&gt;</screen>
5616
5617 <para>
5618 Using a global extradata value, as follows:
5619 </para>
5620
5621<screen>VBoxManage setextradata global VBoxInternal2/Watchdog/APIMonitor/IsolationTimeoutMS &lt;ms&gt;</screen>
5622
5623 <para>
5624 Set the actual host isolation response using the following
5625 command line:
5626 </para>
5627
5628<screen>--apimon-isln-response=&lt;cmd&gt;</screen>
5629
5630 <para>
5631 Using a global extradata value, as follows:
5632 </para>
5633
5634<screen>VBoxManage setextradata global VBoxInternal2/Watchdog/APIMonitor/IsolationResponse &lt;cmd&gt;</screen>
5635
5636 <para>
5637 The following response commands are available:
5638 </para>
5639
5640 <itemizedlist>
5641
5642 <listitem>
5643 <para>
5644 <literal>none</literal>. This has no effect.
5645 </para>
5646 </listitem>
5647
5648 <listitem>
5649 <para>
5650 <literal>pause</literal>. Pauses the execution of a VM.
5651 </para>
5652 </listitem>
5653
5654 <listitem>
5655 <para>
5656 <literal>poweroff</literal>. Shuts down the VM by pressing
5657 the virtual power button. The VM will not have the chance of
5658 saving any data or veto the shutdown process.
5659 </para>
5660 </listitem>
5661
5662 <listitem>
5663 <para>
5664 <literal>save</literal>. Saves the current machine state and
5665 powers off the VM afterwards. If saving the machine state
5666 fails the VM will be paused.
5667 </para>
5668 </listitem>
5669
5670 <listitem>
5671 <para>
5672 <literal>shutdown</literal>. Shuts down the VM in a gentle
5673 way by sending an <literal>ACPI</literal> shutdown event to
5674 the VM's operating system. The OS then has the chance of
5675 doing a clean shutdown.
5676 </para>
5677 </listitem>
5678
5679 </itemizedlist>
5680
5681 </sect2>
5682
5683 <sect2 id="vboxwatchdog-moreinfo">
5684
5685 <title>More Information</title>
5686
5687 <para>
5688 For more advanced options and parameters like verbose logging
5689 check the built-in command line help accessible with
5690 <option>--help</option>.
5691 </para>
5692
5693 </sect2>
5694
5695 <sect2 id="vboxwatchdog-linux">
5696
5697 <title>Linux: Starting the Watchdog Service With init</title>
5698
5699 <para>
5700 On Linux, the watchdog service can be automatically started
5701 during host boot by adding appropriate parameters to the file
5702 <filename>/etc/default/virtualbox</filename>. There is one
5703 mandatory parameter, <literal>VBOXWATCHDOG_USER</literal>, which
5704 must be set to the user which will later start the VMs. For
5705 backward compatibility you can also specify
5706 <literal>VBOXBALLOONCTRL_USER</literal>.
5707 </para>
5708
5709 <para>
5710 The parameters in the following table all start with the
5711 <literal>VBOXWATCHDOG_</literal> prefix string. For example:
5712 <literal>VBOXWATCHDOG_BALLOON_INTERVAL</literal> and
5713 <literal>VBOXWATCHDOG_LOGSIZE</literal>. Legacy parameters such
5714 as <literal>VBOXBALLOONCTRL_INTERVAL</literal> can still be
5715 used.
5716 </para>
5717
5718 <table id="table-vboxwatchdog-config-params" tabstyle="oracle-all">
5719 <title>&product-name; Watchdog Configuration Parameters</title>
5720 <tgroup cols="3">
5721 <thead>
5722 <row>
5723 <entry><para>
5724 <emphasis role="bold">Parameter</emphasis>
5725 </para></entry>
5726 <entry><para>
5727 <emphasis role="bold">Description</emphasis>
5728 </para></entry>
5729 <entry><para>
5730 <emphasis role="bold">Default</emphasis>
5731 </para></entry>
5732 </row>
5733 </thead>
5734 <tbody>
5735 <row>
5736 <entry><para>
5737 <literal>USER</literal>
5738 </para></entry>
5739 <entry><para>
5740 The user which the watchdog service runs as
5741 </para></entry>
5742 <entry><para></para></entry>
5743 </row>
5744 <row>
5745 <entry><para>
5746 <literal>ROTATE</literal>
5747 </para></entry>
5748 <entry><para>
5749 Number of log files, 0 disables log rotation
5750 </para></entry>
5751 <entry><para>
5752 10
5753 </para></entry>
5754 </row>
5755 <row>
5756 <entry><para>
5757 <literal>LOGSIZE</literal>
5758 </para></entry>
5759 <entry><para>
5760 Maximum log file size to trigger rotation, in bytes
5761 </para></entry>
5762 <entry><para>
5763 1MB
5764 </para></entry>
5765 </row>
5766 <row>
5767 <entry><para>
5768 <literal>LOGINTERVAL</literal>
5769 </para></entry>
5770 <entry><para>
5771 Maximum time interval to trigger log rotation, in
5772 seconds
5773 </para></entry>
5774 <entry><para>
5775 1 day
5776 </para></entry>
5777 </row>
5778 <row>
5779 <entry><para>
5780 <literal>BALLOON_INTERVAL</literal>
5781 </para></entry>
5782 <entry><para>
5783 Interval for checking the balloon size, in
5784 milliseconds
5785 </para></entry>
5786 <entry><para>
5787 30000
5788 </para></entry>
5789 </row>
5790 <row>
5791 <entry><para>
5792 <literal>BALLOON_INCREMENT</literal>
5793 </para></entry>
5794 <entry><para>
5795 Balloon size increment, in megabytes
5796 </para></entry>
5797 <entry><para>
5798 256
5799 </para></entry>
5800 </row>
5801 <row>
5802 <entry><para>
5803 <literal>BALLOON_DECREMENT</literal>
5804 </para></entry>
5805 <entry><para>
5806 Balloon size decrement, in megabytes
5807 </para></entry>
5808 <entry><para>
5809 128
5810 </para></entry>
5811 </row>
5812 <row>
5813 <entry><para>
5814 <literal>BALLOON_LOWERLIMIT</literal>
5815 </para></entry>
5816 <entry><para>
5817 Balloon size lower limit, in megabytes
5818 </para></entry>
5819 <entry><para>
5820 64
5821 </para></entry>
5822 </row>
5823 <row>
5824 <entry><para>
5825 <literal>BALLOON_SAFETYMARGIN</literal>
5826 </para></entry>
5827 <entry><para>
5828 Free memory required for decreasing the balloon size,
5829 in megabytes
5830 </para></entry>
5831 <entry><para>
5832 1024
5833 </para></entry>
5834 </row>
5835 </tbody>
5836 </tgroup>
5837 </table>
5838
5839 </sect2>
5840
5841 <sect2 id="vboxwatchdog-solaris">
5842
5843 <title>Oracle Solaris: Starting the Watchdog Service With SMF</title>
5844
5845 <para>
5846 On Oracle Solaris hosts, the &product-name; watchdog service
5847 daemon is integrated into the SMF framework. You can change the
5848 parameters, but do not have to if the defaults already match
5849 your needs:
5850 </para>
5851
5852<screen>svccfg -s svc:/application/virtualbox/balloonctrl:default setprop \
5853 config/balloon_interval=10000
5854svccfg -s svc:/application/virtualbox/balloonctrl:default setprop \
5855config/balloon_safetymargin=134217728</screen>
5856
5857 <para>
5858 <xref linkend="table-vboxwatchdog-config-params"/> also applies
5859 for Oracle Solaris. The parameter names must be changed to
5860 lowercase and a prefix of <literal>config/</literal> has to be
5861 added. For example: <literal>config/user</literal> or
5862 <literal>config/balloon_safetymargin</literal>. If you made any
5863 change, do not forget to run the following command to put the
5864 changes into effect immediately:
5865 </para>
5866
5867<screen>svcadm refresh svc:/application/virtualbox/balloonctrl:default</screen>
5868
5869 <para>
5870 If you forget the above command then the previous settings will
5871 be used when enabling the service. Check the current property
5872 settings with the following command:
5873 </para>
5874
5875<screen>svcprop -p config svc:/application/virtualbox/balloonctrl:default</screen>
5876
5877 <para>
5878 When everything is configured correctly you can start the
5879 &product-name; watchdog service with the following command:
5880 </para>
5881
5882<screen>svcadm enable svc:/application/virtualbox/balloonctrl:default</screen>
5883
5884 <para>
5885 For more information about SMF, please refer to the Oracle
5886 Solaris documentation.
5887 </para>
5888
5889 </sect2>
5890
5891 </sect1>
5892
5893 <sect1 id="otherextpacks">
5894
5895 <title>Other Extension Packs</title>
5896
5897 <para>
5898 Another extension pack called VNC is available. This extension
5899 pack is open source and replaces the previous integration of the
5900 VNC remote access protocol. This is experimental code, and is
5901 initially available in the &product-name; source code package
5902 only. It is to a large portion code contributed by users, and is
5903 not supported in any way by Oracle.
5904 </para>
5905
5906 <para>
5907 The keyboard handling is severely limited, and only the US
5908 keyboard layout works. Other keyboard layouts will have at least
5909 some keys which produce the wrong results, often with quite
5910 surprising effects, and for layouts which have significant
5911 differences to the US keyboard layout it is most likely unusable.
5912 </para>
5913
5914 <para>
5915 It is possible to install both the &product-name; Extension Pack
5916 and VNC, but only one VRDE module can be active at any time. The
5917 following command switches to the VNC VRDE module in VNC:
5918 </para>
5919
5920<screen>VBoxManage setproperty vrdeextpack VNC</screen>
5921
5922 <para>
5923 Configuring the remote access works very similarly to VRDP, see
5924 <xref linkend="vrde" />, with some limitations. VNC does not
5925 support specifying several port numbers, and the authentication is
5926 done differently. VNC can only deal with password authentication,
5927 and there is no option to use password hashes. This leaves no
5928 other choice than having a clear-text password in the VM
5929 configuration, which can be set with the following command:
5930 </para>
5931
5932<screen>VBoxManage modifyvm <replaceable>VM-name</replaceable> --vrdeproperty VNCPassword=secret</screen>
5933
5934 <para>
5935 The user is responsible for keeping this password secret, and it
5936 should be removed when a VM configuration is passed to another
5937 person, for whatever purpose. Some VNC servers claim to have
5938 encrypted passwords in the configuration. This is not true
5939 encryption, it is only concealing the passwords, which is only as
5940 secure as using clear-text passwords.
5941 </para>
5942
5943 <para>
5944 The following command switches back to VRDP, if installed:
5945 </para>
5946
5947<screen>VBoxManage setproperty vrdeextpack "&product-name; Extension Pack"</screen>
5948
5949 </sect1>
5950
5951 <sect1 id="autostart">
5952
5953 <title>Starting Virtual Machines During System Boot</title>
5954
5955 <para>
5956 You can start VMs automatically during system boot on Linux,
5957 Oracle Solaris, and Mac OS X platforms for all users.
5958 </para>
5959
5960 <sect2 id="autostart-linux">
5961
5962 <title>Linux: Starting the Autostart Service With init</title>
5963
5964 <para>
5965 On Linux, the autostart service is activated by setting two
5966 variables in <filename>/etc/default/virtualbox</filename>. The
5967 first one is <literal>VBOXAUTOSTART_DB</literal> which contains
5968 an absolute path to the autostart database directory. The
5969 directory should have write access for every user who should be
5970 able to start virtual machines automatically. Furthermore the
5971 directory should have the sticky bit set. The second variable is
5972 <literal>VBOXAUTOSTART_CONFIG</literal> which points the service
5973 to the autostart configuration file which is used during boot to
5974 determine whether to allow individual users to start a VM
5975 automatically and configure startup delays. The configuration
5976 file can be placed in <filename>/etc/vbox</filename> and
5977 contains several options. One is
5978 <literal>default_policy</literal> which controls whether the
5979 autostart service allows or denies to start a VM for users which
5980 are not in the exception list. The exception list starts with
5981 <literal>exception_list</literal> and contains a comma separated
5982 list with usernames. Furthermore a separate startup delay can be
5983 configured for every user to avoid overloading the host. A
5984 sample configuration is given below:
5985 </para>
5986
5987<screen>
5988# Default policy is to deny starting a VM, the other option is "allow".
5989default_policy = deny
5990
5991# Bob is allowed to start virtual machines but starting them
5992# will be delayed for 10 seconds
5993bob = {
5994 allow = true
5995 startup_delay = 10
5996}
5997
5998# Alice is not allowed to start virtual machines, useful to exclude certain users
5999# if the default policy is set to allow.
6000alice = {
6001 allow = false
6002}
6003</screen>
6004
6005 <para>
6006 Any user who wants to enable autostart for individual machines
6007 must set the path to the autostart database directory with the
6008 following command:
6009 </para>
6010
6011<screen>VBoxManage setproperty autostartdbpath <replaceable>autostart-directory</replaceable></screen>
6012
6013 </sect2>
6014
6015 <sect2 id="autostart-solaris">
6016
6017 <title>Oracle Solaris: Starting the Autostart Service With SMF</title>
6018
6019 <para>
6020 On Oracle Solaris hosts, the &product-name; autostart daemon is
6021 integrated into the SMF framework. To enable it you must point
6022 the service to an existing configuration file which has the same
6023 format as on Linux, see <xref linkend="autostart-linux" />. For
6024 example:
6025 </para>
6026
6027<screen># svccfg -s svc:/application/virtualbox/autostart:default setprop \
6028 config/config=/etc/vbox/autostart.cfg</screen>
6029
6030 <para>
6031 When everything is configured correctly you can start the
6032 &product-name; autostart service with the following command:
6033 </para>
6034
6035<screen># svcadm enable svc:/application/virtualbox/autostart:default</screen>
6036
6037 <para>
6038 For more information about SMF, see the Oracle Solaris
6039 documentation.
6040 </para>
6041
6042 </sect2>
6043
6044 <sect2 id="autostart-osx">
6045
6046 <title>Mac OS X: Starting the Autostart Service With launchd</title>
6047
6048 <para>
6049 On Mac OS X, launchd is used to start the &product-name;
6050 autostart service. An example configuration file can be found in
6051 <filename>/Applications/VirtualBox.app/Contents/MacOS/org.virtualbox.vboxautostart.plist</filename>.
6052 To enable the service copy the file to
6053 <filename>/Library/LaunchDaemons</filename> and change the
6054 <literal>Disabled</literal> key from <literal>true</literal> to
6055 <literal>false</literal>. Furthermore replace the second
6056 parameter to an existing configuration file which has the same
6057 format as on Linux, see <xref linkend="autostart-linux" />.
6058 </para>
6059
6060 <para>
6061 To manually start the service use the following command:
6062 </para>
6063
6064<screen># launchctl load /Library/LaunchDaemons/org.virtualbox.vboxautostart.plist</screen>
6065
6066 <para>
6067 For additional information on how launchd services can be
6068 configured see:
6069 </para>
6070
6071 <para>
6072 <ulink
6073 url="http://developer.apple.com/mac/library/documentation/MacOSX/Conceptual/BPSystemStartup/BPSystemStartup.html" />.
6074 </para>
6075
6076 </sect2>
6077
6078 <sect2 id="autostart-windows">
6079
6080 <title>Windows: Starting the Autostart Service</title>
6081
6082 <para>
6083 On Windows, autostart functionality consist of two components.
6084 First one is configuration file where the administrator can both
6085 set delayed start of the VMs and temporary disable autostarting
6086 for the particular user. The configuration file should be located
6087 in the folder accessible by all required users but it should have
6088 permissions allowing the only reading by everyone but
6089 administrators. The configuration file contains several options.
6090 One is <literal>default_policy</literal> which controls whether the
6091 autostart service allows or denies to start a VM for users which
6092 are not in the exception list. The exception list starts with
6093 <literal>exception_list</literal> and contains a comma separated
6094 list with usernames. Furthermore a separate startup delay can be
6095 configured for every user to avoid overloading the host. A
6096 sample configuration is given below:
6097 </para>
6098
6099<screen>
6100# Default policy is to deny starting a VM, the other option is "allow".
6101default_policy = deny
6102
6103# Bob is allowed to start virtual machines but starting them
6104# will be delayed for 10 seconds
6105bob = {
6106 allow = true
6107 startup_delay = 10
6108}
6109
6110# Alice is not allowed to start virtual machines, useful to exclude certain users
6111# if the default policy is set to allow.
6112alice = {
6113 allow = false
6114}
6115</screen>
6116
6117 <para>
6118 The user name can be specified using the following forms: "user",
6119 "domain\user", ".\user" and "user@domain". Administrator must add
6120 the <literal>VBOXAUTOSTART_CONFIG</literal> environment variable into
6121 system variables containing the path to the configuration file
6122 described above. The environment variable tells the autostart services
6123 what configuration file is used.
6124 </para>
6125
6126 <para>
6127 Second component of autostart functionality is Windows service, every
6128 instance of it works on behalf of particular user using its own
6129 credentials.
6130 </para>
6131
6132 <para>
6133 To enable autostarting for a particular user, a member of the
6134 administrators group must run the following command:
6135 </para>
6136
6137 <screen>VBoxAutostartSvc install --user=<replaceable>user</replaceable> [--password-file=<replaceable>password_file</replaceable>]</screen>
6138
6139 <para>
6140 The password file should contain the password followed by a line
6141 break. The rest of the file is ignored. The user will be asked
6142 for a password if the password file is not specified.
6143 </para>
6144
6145 <para>
6146 To disable autostarting for particular user, a member of the
6147 administrators group must run the following command:
6148 </para>
6149
6150 <screen>VBoxAutostartSvc delete --user=<replaceable>user</replaceable></screen>
6151
6152 <para>
6153 If a user has changed their password then a member of the
6154 administrators group must either reinstall the service or change
6155 the service credentials using Windows Service Manager. Due to
6156 Windows security policies, the autostart service cannot be
6157 installed for users with empty passwords.
6158 </para>
6159
6160 <para>
6161 Finally, the particular user should define which VM should be
6162 started at boot or not. The user should run the following command
6163 for every VM it desired to start at boot:
6164 </para>
6165
6166 <screen>VBoxManage modifyvm <replaceable>VM name or UUID</replaceable> --autostart-enabled on</screen>
6167
6168 <para>
6169 The user can remove the particular VM from the VMs starting at boot
6170 by running the following command:
6171 </para>
6172
6173 <screen>VBoxManage modifyvm <replaceable>VM name or UUID</replaceable> --autostart-enabled off</screen>
6174
6175 </sect2>
6176
6177 </sect1>
6178
6179 <sect1 id="vboxexpertstoragemgmt">
6180
6181 <title>&product-name; Expert Storage Management</title>
6182
6183 <para>
6184 In case the snapshot model of &product-name; is not sufficient it
6185 is possible to enable a special mode which makes it possible to
6186 reconfigure storage attachments while the VM is paused. The user
6187 has to make sure that the disk data stays consistent to the guest
6188 because unlike with hotplugging the guest is not informed about
6189 detached or newly attached media.
6190 </para>
6191
6192 <para>
6193 The expert storage management mode can be enabled per VM
6194 executing:
6195 </para>
6196
6197<screen>$ VBoxManage setextradata <replaceable>VM-name</replaceable> "VBoxInternal2/SilentReconfigureWhilePaused" 1</screen>
6198
6199 <para>
6200 You can reconfigure storage attachments later while the VM is
6201 paused by using the <command>VBoxManage storageattach</command>
6202 command.
6203 </para>
6204
6205 </sect1>
6206
6207 <sect1 id="hostpowertweaks">
6208
6209 <title>Handling of Host Power Management Events</title>
6210
6211 <para>
6212 Some host power management events are handled by &product-name;.
6213 The actual behavior depends on the platform:
6214 </para>
6215
6216 <itemizedlist>
6217
6218 <listitem>
6219 <para>
6220 <emphasis role="bold">Host Suspends.</emphasis> This event is
6221 generated when the host is about to suspend, that is, the host
6222 saves the state to some non-volatile storage and powers off.
6223 </para>
6224
6225 <para>
6226 This event is currently only handled on Windows hosts and Mac
6227 OS X hosts. When this event is generated, &product-name; will
6228 pause all running VMs.
6229 </para>
6230 </listitem>
6231
6232 <listitem>
6233 <para>
6234 <emphasis role="bold">Host Resumes.</emphasis> This event is
6235 generated when the host woke up from the suspended state.
6236 </para>
6237
6238 <para>
6239 This event is currently only handled on Windows hosts and Mac
6240 OS X hosts. When this event is generated, &product-name; will
6241 resume all VMs which are where paused before.
6242 </para>
6243 </listitem>
6244
6245 <listitem>
6246 <para>
6247 <emphasis role="bold">Battery Low.</emphasis> The battery
6248 level reached a critical level, usually less than 5 percent
6249 charged.
6250 </para>
6251
6252 <para>
6253 This event is currently only handled on Windows hosts and Mac
6254 OS X hosts. When this event is generated, &product-name; will
6255 save the state and terminate all VMs in preparation of a
6256 potential host powerdown.
6257 </para>
6258
6259 <para>
6260 The behavior can be configured. By executing the following
6261 command, no VM is saved:
6262 </para>
6263
6264<screen>$ VBoxManage setextradata global "VBoxInternal2/SavestateOnBatteryLow" 0</screen>
6265
6266 <para>
6267 This is a global setting as well as a per-VM setting. The
6268 per-VM value has higher precedence than the global value. The
6269 following command will save the state of all VMs but will not
6270 save the state of VM "foo":
6271 </para>
6272
6273<screen>$ VBoxManage setextradata global "VBoxInternal2/SavestateOnBatteryLow" 1
6274$ VBoxManage setextradata "foo" "VBoxInternal2/SavestateOnBatteryLow" 0</screen>
6275
6276 <para>
6277 The first line is actually not required as by default the
6278 savestate action is performed.
6279 </para>
6280 </listitem>
6281
6282 </itemizedlist>
6283
6284 </sect1>
6285
6286 <sect1 id="sse412passthrough">
6287
6288 <title>Passing Through SSE4.1/SSE4.2 Instructions</title>
6289
6290 <para>
6291 To provide SSE 4.1/SSE 4.2 support to guests, the host CPU has to
6292 implement these instruction sets. The instruction sets are exposed
6293 to guests by default, but it is possible to disable the
6294 instructions for certain guests by using the following commands:
6295 </para>
6296
6297<screen>$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
6298VBoxInternal/CPUM/IsaExts/SSE4.1 0
6299$ VBoxManage setextradata <replaceable>VM-name</replaceable> \
6300VBoxInternal/CPUM/IsaExts/SSE4.2 0</screen>
6301
6302 <para>
6303 These are per-VM settings which are enabled by default.
6304 </para>
6305
6306 </sect1>
6307
6308 <sect1 id="hidledssync">
6309
6310 <title>Support for Keyboard Indicator Synchronization</title>
6311
6312 <para>
6313 This feature makes the host keyboard indicators (LEDs) match those
6314 of the VM's emulated keyboard when the machine window is active.
6315 It is currently implemented for Mac OS X and Windows hosts. This
6316 feature is enabled by default on supported host OSes. You can
6317 disable this feature by running the following command:
6318 </para>
6319
6320<screen>$ VBoxManage setextradata <replaceable>VM-name</replaceable> GUI/HidLedsSync 0</screen>
6321
6322 <para>
6323 This is a per-VM setting that is enabled by default.
6324 </para>
6325
6326 </sect1>
6327
6328 <sect1 id="usbtrafficcapturing">
6329
6330 <title>Capturing USB Traffic for Selected Devices</title>
6331
6332 <para>
6333 You can capture USB traffic for single USB devices or on the root
6334 hub level, which captures the traffic of all USB devices attached
6335 to the root hub. &product-name; stores the traffic in a format
6336 which is compatible with Wireshark. To capture the traffic of a
6337 specific USB device it must be attached to the VM with
6338 <command>VBoxManage</command> using the following command:
6339 </para>
6340
6341<screen>VBoxManage controlvm <replaceable>VM-name</replaceable> usbattach <replaceable>device uuid</replaceable>|<replaceable>address</replaceable> --capturefile <replaceable>filename</replaceable></screen>
6342
6343 <para>
6344 In order to enable capturing on the root hub use the following
6345 command while the VM is not running:
6346 </para>
6347
6348<screen>VBoxManage setextradata <replaceable>VM-name</replaceable> \
6349VBoxInternal/Devices/usb-ehci/0/LUN#0/Config/CaptureFilename <replaceable>filename</replaceable></screen>
6350
6351 <para>
6352 The command above enables capturing on the root hub attached to
6353 the EHCI controller. To enable it for the OHCI or XHCI controller
6354 replace <literal>usb-ehci</literal> with
6355 <literal>usb-ohci</literal> or <literal>usb-xhci</literal>,
6356 respectively.
6357 </para>
6358
6359 </sect1>
6360
6361 <sect1 id="heartbeatservice">
6362
6363 <title>Configuring the Heartbeat Service</title>
6364
6365 <para>
6366 &product-name; ships a simple heartbeat service. Once the Guest
6367 Additions are active, the guest sends frequent heartbeat pings to
6368 the host. If the guest stops sending the heartbeat pings without
6369 properly terminating the service, the VM process will log this
6370 event in the VBox.log file. In the future it might be possible to
6371 configure dedicated actions but for now there is only a warning in
6372 the log file.
6373 </para>
6374
6375 <para>
6376 There are two parameters to configure. The <emphasis>heartbeat
6377 interval</emphasis> defines the time between two heartbeat pings.
6378 The default value is 2 seconds, that is, the heartbeat service of
6379 the &product-name; Guest Additions will send a heartbeat ping
6380 every two seconds. The value in nanoseconds can be configured like
6381 this:
6382 </para>
6383
6384<screen>VBoxManage setextradata <replaceable>VM-name</replaceable> \
6385VBoxInternal/Devices/VMMDev/0/Config/HeartbeatInterval 2000000000</screen>
6386
6387 <para>
6388 The <emphasis>heartbeat timeout</emphasis> defines the time the
6389 host waits starting from the last heartbeat ping before it defines
6390 the guest as unresponsive. The default value is 2 times the
6391 heartbeat interval (4 seconds) and can be configured as following,
6392 in nanoseconds:
6393 </para>
6394
6395<screen>VBoxManage setextradata <replaceable>VM-name</replaceable> \
6396VBoxInternal/Devices/VMMDev/0/Config/HeartbeatTimeout 4000000000</screen>
6397
6398 <para>
6399 If the heartbeat timeout expires, there will be a log message like
6400 <emphasis>VMMDev: HeartBeatCheckTimer: Guest seems to be
6401 unresponsive. Last heartbeat received 5 seconds ago.</emphasis> If
6402 another heartbeat ping arrives after this warning, there will be a
6403 log message like <emphasis>VMMDev: GuestHeartBeat: Guest is
6404 alive.</emphasis>
6405 </para>
6406
6407 </sect1>
6408
6409 <sect1 id="diskencryption">
6410
6411 <title>Encryption of Disk Images</title>
6412
6413 <para>
6414 &product-name; enables you to transparently encrypt the data
6415 stored in hard disk images for the guest. It does not depend on a
6416 specific image format to be used. Images which have the data
6417 encrypted are not portable between &product-name; and other
6418 virtualization software.
6419 </para>
6420
6421 <para>
6422 &product-name; uses the AES algorithm in XTS mode and supports
6423 128-bit or 256-bit data encryption keys (DEK). The DEK is stored
6424 encrypted in the medium properties and is decrypted during VM
6425 startup by entering a password which was chosen when the image was
6426 encrypted.
6427 </para>
6428
6429 <para>
6430 Since the DEK is stored as part of the VM configuration file, it
6431 is important that it is kept safe. Losing the DEK means that the
6432 data stored in the disk images is lost irrecoverably. Having
6433 complete and up to date backups of all data related to the VM is
6434 the responsibility of the user.
6435 </para>
6436
6437 <sect2 id="diskencryption-limitations">
6438
6439 <title>Limitations of Disk Encryption</title>
6440
6441 <para>
6442 There are some limitations the user needs to be aware of when
6443 using this feature:
6444 </para>
6445
6446 <itemizedlist>
6447
6448 <listitem>
6449 <para>
6450 This feature is part of the &product-name; Extension Pack,
6451 which needs to be installed. Otherwise disk encryption is
6452 unavailable.
6453 </para>
6454 </listitem>
6455
6456 <listitem>
6457 <para>
6458 Since encryption works only on the stored user data, it is
6459 currently not possible to check for metadata integrity of
6460 the disk image. Attackers might destroy data by removing or
6461 changing blocks of data in the image or change metadata
6462 items such as the disk size.
6463 </para>
6464 </listitem>
6465
6466 <listitem>
6467 <para>
6468 Exporting appliances which contain encrypted disk images is
6469 not possible because the OVF specification does not support
6470 this. All images are therefore decrypted during export.
6471 </para>
6472 </listitem>
6473
6474 <listitem>
6475 <para>
6476 The DEK is kept in memory while the VM is running to be able
6477 to decrypt data read and encrypt data written by the guest.
6478 While this should be obvious the user needs to be aware of
6479 this because an attacker might be able to extract the key on
6480 a compromised host and decrypt the data.
6481 </para>
6482 </listitem>
6483
6484 <listitem>
6485 <para>
6486 When encrypting or decrypting the images, the password is
6487 passed in clear text using the &product-name; API. This
6488 needs to be kept in mind, especially when using third party
6489 API clients which make use of the webservice where the
6490 password might be transmitted over the network. The use of
6491 HTTPS is mandatory in such a case.
6492 </para>
6493 </listitem>
6494
6495 <listitem>
6496 <para>
6497 Encrypting images with differencing images is only possible
6498 if there are no snapshots or a linear chain of snapshots.
6499 This limitation may be addressed in a future &product-name;
6500 version.
6501 </para>
6502 </listitem>
6503
6504 <listitem>
6505 <para>
6506 The disk encryption feature can protect the content of the
6507 disks configured for a VM only. It does not cover any other
6508 data related to a VM, including saved state or the
6509 configuration file itself.
6510 </para>
6511 </listitem>
6512
6513 </itemizedlist>
6514
6515 </sect2>
6516
6517 <sect2 id="diskencryption-encryption">
6518
6519 <title>Encrypting Disk Images</title>
6520
6521 <para>
6522 Encrypting disk images can be done either using the GUI or
6523 <command>VBoxManage</command>. While the GUI is easier to use,
6524 it works on a per VM basis and encrypts all disk images attached
6525 to the specific VM. With <command>VBoxManage</command> one can
6526 encrypt individual images, including all differencing images. To
6527 encrypt an unencrypted medium with
6528 <command>VBoxManage</command>, use:
6529 </para>
6530
6531<screen>VBoxManage encryptmedium <replaceable>uuid</replaceable>|<replaceable>filename</replaceable> \
6532--newpassword <replaceable>filename</replaceable>|- --cipher <replaceable>cipher-ID</replaceable> --newpasswordid "<replaceable>ID</replaceable></screen>
6533
6534 <para>
6535 To supply the encryption password point
6536 <command>VBoxManage</command> to the file where the password is
6537 stored or specify <option>-</option> to let VBoxManage ask you
6538 for the password on the command line.
6539 </para>
6540
6541 <para>
6542 The cipher parameter specifies the cipher to use for encryption
6543 and can be either <literal>AES-XTS128-PLAIN64</literal> or
6544 <literal>AES-XTS256-PLAIN64</literal>. The specified password
6545 identifier can be freely chosen by the user and is used for
6546 correct identification when supplying multiple passwords during
6547 VM startup.
6548 </para>
6549
6550 <para>
6551 If the user uses the same password when encrypting multiple
6552 images and also the same password identifier, the user needs to
6553 supply the password only once during VM startup.
6554 </para>
6555
6556 </sect2>
6557
6558 <sect2 id="diskencryption-startvm">
6559
6560 <title>Starting a VM with Encrypted Images</title>
6561
6562 <para>
6563 When a VM is started using the GUI, a dialog will open where the
6564 user needs to enter all passwords for all encrypted images
6565 attached to the VM. If another frontend like VBoxHeadless is
6566 used, the VM will be paused as soon as the guest tries to access
6567 an encrypted disk. The user needs to provide the passwords
6568 through <command>VBoxManage</command> using the following
6569 command:
6570 </para>
6571
6572<screen>VBoxManage controlvm <replaceable>uuid</replaceable>|<replaceable>vmname</replaceable> addencpassword <replaceable>ID</replaceable> <replaceable>password</replaceable> [--removeonsuspend yes|no]</screen>
6573
6574 <para>
6575 <replaceable>ID</replaceable> must be the same as the password
6576 identifier supplied when encrypting the images.
6577 <replaceable>password</replaceable> is the password used when
6578 encrypting the images. Optionally, you can specify
6579 <option>--removeonsuspend yes|no</option> to specify whether to
6580 remove the password from VM memory when the VM is suspended.
6581 Before the VM can be resumed, the user needs to supply the
6582 passwords again. This is useful when a VM is suspended by a host
6583 suspend event and the user does not want the password to remain
6584 in memory.
6585 </para>
6586
6587 </sect2>
6588
6589 <sect2 id="diskencryption-decryption">
6590
6591 <title>Decrypting Encrypted Images</title>
6592
6593 <para>
6594 In some circumstances it might be required to decrypt previously
6595 encrypted images. This can be done in the GUI for a complete VM
6596 or using <command>VBoxManage</command> with the following
6597 command:
6598 </para>
6599
6600<screen>VBoxManage encryptmedium <replaceable>uuid</replaceable>|<replaceable>filename</replaceable> --oldpassword <replaceable>file</replaceable>|-</screen>
6601
6602 <para>
6603 The only required parameter is the password the image was
6604 encrypted with. The options are the same as for encrypting
6605 images.
6606 </para>
6607
6608 </sect2>
6609
6610 </sect1>
6611
6612 <sect1 id="gimdebug">
6613
6614 <title>Paravirtualized Debugging</title>
6615
6616 <para>
6617 This section covers debugging of guest operating systems using
6618 interfaces supported by paravirtualization providers.
6619 </para>
6620
6621 <note>
6622 <para>
6623 Paravirtualized debugging significantly alter guest operating
6624 system behaviour and should only be used by expert users for
6625 debugging and diagnostics.
6626 </para>
6627 </note>
6628
6629 <para>
6630 These debug options are specified as a string of key-value pairs
6631 separated by commas. An empty string disables paravirtualized
6632 debugging.
6633 </para>
6634
6635 <sect2 id="gimdebughyperv">
6636
6637 <title>Hyper-V Debug Options</title>
6638
6639 <para>
6640 All of the options listed below are optional, and thus the
6641 default value specified will be used when the corresponding
6642 key-value pair is not specified.
6643 </para>
6644
6645 <itemizedlist>
6646
6647 <listitem>
6648 <para>
6649 Key:
6650 <emphasis role="bold"><literal>enabled</literal></emphasis>
6651 </para>
6652
6653 <para>
6654 Value: <literal>0</literal> or <literal>1</literal>
6655 </para>
6656
6657 <para>
6658 Default: <literal>0</literal>
6659 </para>
6660
6661 <para>
6662 Specify <literal>1</literal> to enable the Hyper-V debug
6663 interface. If this key-value pair is not specified or the
6664 value is not <literal>1</literal>, the Hyper-V debug
6665 interface is disabled regardless of other key-value pairs
6666 being present.
6667 </para>
6668 </listitem>
6669
6670 <listitem>
6671 <para>
6672 Key:
6673 <emphasis role="bold"><literal>address</literal></emphasis>
6674 </para>
6675
6676 <para>
6677 Value: IPv4 address
6678 </para>
6679
6680 <para>
6681 Default: 127.0.0.1
6682 </para>
6683
6684 <para>
6685 Specify the IPv4 address where the remote debugger is
6686 connected.
6687 </para>
6688 </listitem>
6689
6690 <listitem>
6691 <para>
6692 Key:
6693 <emphasis role="bold"><literal>port</literal></emphasis>
6694 </para>
6695
6696 <para>
6697 Value: UDP port number
6698 </para>
6699
6700 <para>
6701 Default: 50000
6702 </para>
6703
6704 <para>
6705 Specify the UDP port number where the remote debugger is
6706 connected.
6707 </para>
6708 </listitem>
6709
6710 <listitem>
6711 <para>
6712 Key:
6713 <emphasis role="bold"><literal>vendor</literal></emphasis>
6714 </para>
6715
6716 <para>
6717 Value: Hyper-V vendor signature reported by CPUID to the
6718 guest
6719 </para>
6720
6721 <para>
6722 Default: When debugging is enabled: <literal>Microsoft
6723 Hv</literal>, otherwise: <literal>VBoxVBoxVBox</literal>
6724 </para>
6725
6726 <para>
6727 Specify the Hyper-V vendor signature which is exposed to the
6728 guest by CPUID. For debugging Microsoft Windows guests, it
6729 is required the hypervisor reports the Microsoft vendor.
6730 </para>
6731 </listitem>
6732
6733 <listitem>
6734 <para>
6735 Key:
6736 <emphasis role="bold"><literal>hypercallinterface</literal>
6737 </emphasis>
6738 </para>
6739
6740 <para>
6741 Value: <literal>0</literal> or <literal>1</literal>
6742 </para>
6743
6744 <para>
6745 Default: <literal>0</literal>
6746 </para>
6747
6748 <para>
6749 Specify whether hypercalls should be suggested for
6750 initiating debug data transfers between host and guest
6751 rather than MSRs when requested by the guest.
6752 </para>
6753 </listitem>
6754
6755 <listitem>
6756 <para>
6757 Key: <emphasis role="bold"><literal>vsinterface</literal>
6758 </emphasis>
6759 </para>
6760
6761 <para>
6762 Value: <literal>0</literal> or <literal>1</literal>
6763 </para>
6764
6765 <para>
6766 Default: When debugging is enabled, <literal>1</literal>,
6767 otherwise <literal>0</literal>
6768 </para>
6769
6770 <para>
6771 Specify whether to expose the VS#1 virtualization service
6772 interface to the guest. This interface is required for
6773 debugging Microsoft Windows 10 32-bit guests, but is
6774 optional for other Windows versions.
6775 </para>
6776 </listitem>
6777
6778 </itemizedlist>
6779
6780 <sect3 id="gimdebughyperv-windows-setup">
6781
6782 <title>Setting up Windows Guests for Debugging with the Hyper-V
6783 Paravirtualization Provider</title>
6784
6785 <para>
6786 Windows supports debugging over a serial cable, USB, IEEE 1394
6787 Firewire, and Ethernet. USB and IEEE 1394 are not applicable
6788 for virtual machines, and Ethernet requires Windows 8 or
6789 later. While a serial connection is universally usable, it is
6790 slow.
6791 </para>
6792
6793 <para>
6794 Debugging using the Hyper-V debug transport, supported on
6795 Windows Vista and later, offers significant benefits. It
6796 provides excellent performance due to direct host-to-guest
6797 transfers, it is easy to set up and requires minimal support
6798 from the hypervisor. It can be used with the debugger running
6799 on the same host as the VM or with the debugger and VM on
6800 separate machines connected over a network.
6801 </para>
6802
6803 <para>
6804 <emphasis role="bold">Prerequisites</emphasis>
6805 </para>
6806
6807 <itemizedlist>
6808
6809 <listitem>
6810 <para>
6811 A VM configured for Hyper-V paravirtualization running a
6812 Windows Vista or newer Windows guest. You can check the
6813 effective paravirtualization provider for your VM with the
6814 output of the following <command>VBoxManage</command>
6815 command:
6816 </para>
6817
6818<screen>$ VBoxManage showvminfo <replaceable>VM-name</replaceable></screen>
6819 </listitem>
6820
6821 <listitem>
6822 <para>
6823 A sufficiently up-to-date version of the Microsoft WinDbg
6824 debugger required to debug the version of Windows in your
6825 VM.
6826 </para>
6827 </listitem>
6828
6829 <listitem>
6830 <para>
6831 While Windows 8 and newer Windows guests ship with Hyper-V
6832 debug support, Windows 7 and Vista do not. To use Hyper-V
6833 debugging with a Windows 7 or Vista guest, copy the file
6834 <filename>kdvm.dll</filename> from a Windows 8.0
6835 installation. This file is typically located in
6836 <filename>C:\Windows\System32</filename>. Copy it to the
6837 same location in your Windows 7/Vista guest. Make sure you
6838 copy the 32-bit or 64-bit version of the DLL which matches
6839 your guest OS.
6840 </para>
6841
6842 <note>
6843 <para>
6844 Only Windows 8.0 ships <filename>kdvm.dll</filename>.
6845 Windows 8.1 and newer Windows versions do not.
6846 </para>
6847 </note>
6848 </listitem>
6849
6850 </itemizedlist>
6851
6852 <para>
6853 <emphasis role="bold">VM and Guest Configuration</emphasis>
6854 </para>
6855
6856 <orderedlist>
6857
6858 <listitem>
6859 <para>
6860 Power off the VM.
6861 </para>
6862 </listitem>
6863
6864 <listitem>
6865 <para>
6866 Enable the debug options with the following
6867 <command>VBoxManage</command> command:
6868 </para>
6869
6870<screen>$ VBoxManage modifyvm <replaceable>VM-name</replaceable> --paravirtdebug "enabled=1"</screen>
6871
6872 <para>
6873 The above command assumes your debugger will connect to
6874 your host machine on UDP port 50000. However, if you need
6875 to run the debugger on a remote machine you may specify
6876 the remote address and port here. For example:
6877 </para>
6878
6879<screen>$ VBoxManage modifyvm <replaceable>VM-name</replaceable> \
6880--paravirtdebug "enabled=1,address=192.168.32.1,port=55000"</screen>
6881
6882 <para>
6883 See <xref linkend="gimdebughyperv" /> for the complete set
6884 of options.
6885 </para>
6886 </listitem>
6887
6888 <listitem>
6889 <para>
6890 Start the VM.
6891 </para>
6892 </listitem>
6893
6894 <listitem>
6895 <para>
6896 In the guest, start an elevated command prompt and execute
6897 the following commands:
6898 </para>
6899
6900 <itemizedlist>
6901
6902 <listitem>
6903 <para>
6904 For a Windows 8 or newer Windows guest:
6905 </para>
6906
6907<screen>bcdedit /dbgsettings net hostip:5.5.5.5 port:50000 key:1.2.3.4</screen>
6908 </listitem>
6909
6910 <listitem>
6911 <para>
6912 For a Windows 7 or Vista guest:
6913 </para>
6914
6915<screen>bcdedit /set loadoptions host_ip=5.5.5.5,host_port=50000,encryption_key=1.2.3.4</screen>
6916
6917<screen>bcdedit /set dbgtransport kdvm.dll</screen>
6918
6919 <para>
6920 The IP address and port in the
6921 <command>bcdedit</command> command are ignored when
6922 using the Hyper-V debug transport. Any valid IP and a
6923 port number greater than 49151 and lower than 65536
6924 can be entered.
6925 </para>
6926
6927 <para>
6928 The encryption key in the <command>bcdedit</command>
6929 command is relevant and must be valid. The key
6930 "1.2.3.4" used in the above example is valid and may
6931 be used if security is not a concern. If you do not
6932 specify any encryption key, <command>bcdedit</command>
6933 will generate one for you and you will need to copy
6934 this key to later enter in Microsoft WinDbg on the
6935 remote end. This encryption key is used to encrypt the
6936 debug data exchanged between Windows and the debugger.
6937 </para>
6938 </listitem>
6939
6940 <listitem>
6941 <para>
6942 Run one or more of the following commands to enable
6943 debugging for the appropriate phase or component of
6944 your Windows guest:
6945 </para>
6946
6947<screen>bcdedit /set debug on</screen>
6948
6949<screen>bcdedit /set bootdebug on</screen>
6950
6951<screen>bcdedit /set {bootmgr} bootdebug on</screen>
6952
6953 <para>
6954 Please note that the <command>bootdebug</command>
6955 options are only effective on Windows 8 or newer when
6956 using the Hyper-V debug transport. Refer to Microsoft
6957 Windows documentation for detailed explanation of
6958 <command>bcdedit</command> options.
6959 </para>
6960 </listitem>
6961
6962 </itemizedlist>
6963 </listitem>
6964
6965 <listitem>
6966 <para>
6967 Start Microsoft WinDbg on your host machine or remote
6968 host.
6969 </para>
6970
6971 <para>
6972 From the <emphasis role="bold">File</emphasis> menu,
6973 select <emphasis role="bold">Kernel Debug</emphasis>. On
6974 the <emphasis role="bold">NET</emphasis> tab, specify the
6975 UDP port number you used in the
6976 <literal>paravirtdebug</literal> options. If you did not
6977 specify any, leave it as 50000. Ensure that the UDP port
6978 is not blocked by a firewall or other security software.
6979 </para>
6980
6981 <para>
6982 In the <emphasis role="bold">Key</emphasis> field, enter
6983 <literal>1.2.3.4</literal> or the encryption key from the
6984 <command>bcdedit</command> command in your Windows guest.
6985 </para>
6986
6987 <para>
6988 Click <emphasis role="bold">OK</emphasis> to start
6989 listening for connections. Microsoft WinDbg typically
6990 shows a Waiting to Reconnect message during this phase.
6991 </para>
6992
6993 <para>
6994 Alternatively, to directly start a debug session, run
6995 WinDbg from the command line as follows :
6996 </para>
6997
6998<screen>windbg.exe -k net:port=50000,key=1.2.3.4</screen>
6999
7000 <para>
7001 See the WinDbg documentation for the complete command line
7002 syntax.
7003 </para>
7004 </listitem>
7005
7006 <listitem>
7007 <para>
7008 Reboot your Windows guest and it should then connect as a
7009 debuggee with Microsoft WinDbg.
7010 </para>
7011 </listitem>
7012
7013 </orderedlist>
7014
7015 </sect3>
7016
7017 </sect2>
7018
7019 </sect1>
7020
7021 <sect1 id="pcspeaker_passthrough">
7022
7023 <title>PC Speaker Passthrough</title>
7024
7025 <para>
7026 As an experimental feature, primarily due to being limited to
7027 Linux host only and unknown Linux distribution coverage,
7028 &product-name; supports passing through the PC speaker to the
7029 host. The PC speaker, sometimes called the system speaker, is a
7030 way to produce audible feedback such as beeps without the need for
7031 regular audio and sound card support.
7032 </para>
7033
7034 <para>
7035 The PC speaker passthrough feature in &product-name; handles beeps
7036 only. Advanced PC speaker use by the VM, such as PCM audio, will
7037 not work, resulting in undefined host behavior.
7038 </para>
7039
7040 <para>
7041 Producing beeps on Linux is a very complex topic. &product-name;
7042 offers a collection of options, in an attempt to make this work
7043 deterministically and reliably on as many Linux distributions and
7044 system configurations as possible. These are summarized in the
7045 following table.
7046 </para>
7047
7048 <table id="table-pcspeaker-config" tabstyle="oracle-all">
7049 <title>PC Speaker Configuration Options</title>
7050 <tgroup cols="3">
7051 <thead>
7052 <row>
7053 <entry><para>
7054 <emphasis role="bold">Code</emphasis>
7055 </para></entry>
7056 <entry><para>
7057 <emphasis role="bold">Device</emphasis>
7058 </para></entry>
7059 <entry><para>
7060 <emphasis role="bold">Notes</emphasis>
7061 </para></entry>
7062 </row>
7063 </thead>
7064 <tbody>
7065 <row>
7066 <entry><para>
7067 1
7068 </para></entry>
7069 <entry><para>
7070 <filename>/dev/input/by-path/platform-pcspkr-event-spkr</filename>
7071 </para></entry>
7072 <entry><para>
7073 Direct host PC speaker use.
7074 </para></entry>
7075 </row>
7076 <row>
7077 <entry><para>
7078 2
7079 </para></entry>
7080 <entry><filename>/dev/tty</filename></entry>
7081 <entry><para>
7082 Uses the terminal association of the VM process. VM
7083 needs to be started on a virtual console.
7084 </para></entry>
7085 </row>
7086 <row>
7087 <entry><para>
7088 3
7089 </para></entry>
7090 <entry><para>
7091 <filename>/dev/tty0</filename> or
7092 <filename>/dev/vc/0</filename>
7093 </para></entry>
7094 <entry><para>
7095 Can only be used by user <literal>root</literal> or
7096 users with <literal>cap_sys_tty_config</literal>
7097 capability.
7098 </para></entry>
7099 </row>
7100 <row>
7101 <entry><para>
7102 9
7103 </para></entry>
7104 <entry><para>
7105 A user-specified console or evdev device path.
7106 </para></entry>
7107 <entry><para>
7108 As for codes 1 to 3, but with a custom device path.
7109 </para></entry>
7110 </row>
7111 <row>
7112 <entry><para>
7113 70
7114 </para></entry>
7115 <entry><para>
7116 <filename>/dev/tty</filename>
7117 </para></entry>
7118 <entry><para>
7119 Standard beep only. Loses frequency and length. See code
7120 2.
7121 </para></entry>
7122 </row>
7123 <row>
7124 <entry><para>
7125 79
7126 </para></entry>
7127 <entry><para>
7128 A user-specified terminal device path.
7129 </para></entry>
7130 <entry><para>
7131 As for code 70, but with a custom device path.
7132 </para></entry>
7133 </row>
7134 <row>
7135 <entry><para>
7136 100
7137 </para></entry>
7138 <entry><para>
7139 All of the above.
7140 </para></entry>
7141 <entry><para>
7142 Tries all the available codes.
7143 </para></entry>
7144 </row>
7145 </tbody>
7146 </tgroup>
7147 </table>
7148
7149 <para>
7150 To enable PC speaker passthrough use the following command:
7151 </para>
7152
7153<screen>VBoxManage setextradata <replaceable>VM-name</replaceable> "VBoxInternal/Devices/i8254/0/Config/PassthroughSpeaker" <replaceable>N</replaceable></screen>
7154
7155 <para>
7156 Replace <replaceable>N</replaceable> with the code representing
7157 the case you want to use. Changing this setting takes effect when
7158 you next start the VM. It is safe to enable PC speaker passthrough
7159 on all host OSes. It will only have an effect on Linux.
7160 </para>
7161
7162 <para>
7163 The VM log file, <filename>VBox.log</filename>, contains lines
7164 with the prefix <literal>PIT: speaker:</literal> showing the PC
7165 speaker passthrough setup activities. It gives hints which device
7166 it picked or why it failed.
7167 </para>
7168
7169 <para>
7170 Enabling PC speaker passthrough for the VM is usually the simple
7171 part. The real difficulty is making sure that &product-name; can
7172 access the necessary device, because in a typical Linux install
7173 most of them can only be accessed by user <literal>root</literal>.
7174 You should follow the preferred way to persistently change this,
7175 such as by referring to your distribution's documentation. Since
7176 there are countless Linux distribution variants, we can only give
7177 the general hints that there is often a way to give the X11
7178 session user access to additional devices, or you need to find a
7179 working solution using a udev configuration file. If everything
7180 fails you might try setting the permissions using a script which
7181 is run late enough in the host system startup.
7182 </para>
7183
7184 <para>
7185 Sometimes additional rules are applied by the kernel to limit
7186 access. For example, that the VM process must have the same
7187 controlling terminal as the device configured to be used for
7188 beeping, something which is often very difficult to achieve for
7189 GUI applications such as &product-name;. The table above contains
7190 some hints, but in general refer to the Linux documentation.
7191 </para>
7192
7193 <para>
7194 If you have trouble getting any beeps even if the device
7195 permissions are set up and VBox.log confirms that it uses evdev or
7196 console for the PC speaker control, check if your system has a PC
7197 speaker. Some systems do not have one. Other complications can
7198 arise from Linux rerouting the PC speaker output to a sound card.
7199 Check if the beeps are audible if you connect speakers to your
7200 sound card. Today almost all systems have one. Finally, check if
7201 the audio mixer control has a channel named "beep", which could be
7202 hidden in the mixer settings, and that it is not muted.
7203 </para>
7204
7205 </sect1>
7206
7207 <sect1 id="usbip">
7208
7209 <title>Accessing USB devices Exposed Over the Network with USB/IP</title>
7210
7211 <para>
7212 &product-name; supports passing through USB devices which are
7213 exposed over the network using the USB over IP protocol without
7214 the need to configure the client side provided by the kernel and
7215 usbip tools. Furthermore, this feature works with &product-name;
7216 running on any supported host, rather than just Linux alone, as is
7217 the case with the official client.
7218 </para>
7219
7220 <para>
7221 To enable support for passing through USB/IP devices, use the
7222 following command to add the device server that exports the
7223 devices:
7224 </para>
7225
7226<screen>VBoxManage usbdevsource add <replaceable>unique-name</replaceable> --backend <replaceable>USB-IP</replaceable> --address <replaceable>device-server</replaceable>[:<replaceable>port</replaceable>]</screen>
7227
7228 <para>
7229 USB devices exported on the device server are then accessible
7230 through the GUI or <command>VBoxManage</command>, like any USB
7231 devices attached locally. This can be used multiple times to
7232 access different device servers.
7233 </para>
7234
7235 <para>
7236 To remove a device server, the following command can be used:
7237 </para>
7238
7239<screen>$ VBoxManage usbdevsource remove <replaceable>unique-name</replaceable></screen>
7240
7241 <sect2 id="usbip-setup-server">
7242
7243 <title>Setting up USB/IP Support on a Linux System</title>
7244
7245 <para>
7246 This section gives a brief overview on how to set up a Linux
7247 based system to act as a USB device server. The system on the
7248 server requires that the <filename>usbip-core.ko</filename> and
7249 <filename>usbip-host.ko</filename> kernel drivers are available,
7250 and that the USB/IP tools package is installed. The particular
7251 installation method for the necessary tools depends on which
7252 distribution is used. For example, for Debian based systems, use
7253 the following command to install the required tools:
7254 </para>
7255
7256<screen>$ apt-get install usbip-utils</screen>
7257
7258 <para>
7259 To check whether the necessary tools are already installed use
7260 the following command:
7261 </para>
7262
7263<screen>
7264$ usbip list -l
7265 </screen>
7266
7267 <para>
7268 This should produce output similar to that shown in the example
7269 below:
7270 </para>
7271
7272<screen>
7273 - busid 4-2 (0bda:0301)
7274 Realtek Semiconductor Corp. : multicard reader (0bda:0301)
7275
7276 - busid 5-1 (046d:c52b)
7277 Logitech, Inc. : Unifying Receiver (046d:c52b)
7278 </screen>
7279
7280 <para>
7281 If everything is installed, the USB/IP server needs to be
7282 started as <literal>root</literal> using the following command:
7283 </para>
7284
7285<screen># usbipd -D</screen>
7286
7287 <para>
7288 See the documentation for the installed distribution to
7289 determine how to start the service when the system boots.
7290 </para>
7291
7292 <para>
7293 By default, no device on the server is exported. This must be
7294 done manually for each device. To export a device use the
7295 following command:
7296 </para>
7297
7298<screen># usbip bind -b "bus identifier"</screen>
7299
7300 <para>
7301 To export the multicard reader in the previous example:
7302 </para>
7303
7304<screen># usbip bind -b 4-2</screen>
7305
7306 </sect2>
7307
7308 <sect2 id="usbip-security">
7309
7310 <title>Security Considerations</title>
7311
7312 <para>
7313 The communication between the server and client is unencrypted
7314 and there is no authorization required to access exported
7315 devices. An attacker might sniff sensitive data or gain control
7316 over a device. To mitigate this risk, the device should be
7317 exposed over a local network to which only trusted clients have
7318 access. To access the device remotely over a public network, a
7319 VPN solution should be used to provide the required level of
7320 security protection.
7321 </para>
7322
7323 </sect2>
7324
7325 </sect1>
7326
7327 <sect1 id="hyperv-support">
7328
7329 <title>Using Hyper-V with &product-name;</title>
7330
7331 <para>
7332 &product-name; can be used on a Windows host where Hyper-V is
7333 running. This is an experimental feature.
7334 </para>
7335
7336 <para>
7337 No configuration is required. &product-name; detects Hyper-V
7338 automatically and uses Hyper-V as the virtualization engine for
7339 the host system. The CPU icon in the VM window status bar
7340 indicates that Hyper-V is being used.
7341 </para>
7342
7343 <note>
7344 <para>
7345 When using this feature, some host systems might experience
7346 significant &product-name; performance degradation.
7347 </para>
7348 </note>
7349
7350 </sect1>
7351
7352 <sect1 id="nested-virt">
7353
7354 <title>Nested Virtualization</title>
7355
7356 <para>
7357 &product-name; supports <emphasis>nested
7358 virtualization</emphasis>. This feature enables the passthrough of
7359 hardware virtualization functions to the guest VM. That means that
7360 you can install a hypervisor, such as &product-name;, Oracle VM
7361 Server or KVM, on an &product-name; guest. You can then create and
7362 run VMs within the guest VM.
7363 </para>
7364
7365 <para>
7366 Hardware virtualization features not present on the host CPU will
7367 not be exposed to the guest. In addition, some features such as
7368 nested paging are not yet supported for passthrough to the guest.
7369 </para>
7370
7371 <para>
7372 You can enable the nested virtualization feature in one of the
7373 following ways:
7374 </para>
7375
7376 <itemizedlist>
7377
7378 <listitem>
7379 <para>
7380 From the VirtualBox Manager, select the
7381 <emphasis role="bold">Enable Nested VT-x/AMD-V</emphasis>
7382 check box on the <emphasis role="bold">Processor</emphasis>
7383 tab. To disable the feature, deselect the check box.
7384 </para>
7385 </listitem>
7386
7387 <listitem>
7388 <para>
7389 Use the <option>--nested-hw-virt</option> option of the
7390 <command>VBoxManage modifyvm</command> command to enable or
7391 disable nested virtualization. See
7392 <xref linkend="vboxmanage-modifyvm"/>.
7393 </para>
7394 </listitem>
7395
7396 </itemizedlist>
7397
7398 </sect1>
7399
7400 <xi:include href="user_isomakercmd-man.xml" xpointer="element(/1)" xmlns:xi="http://www.w3.org/2001/XInclude" />
7401
7402</chapter>
注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette