diff options
Diffstat (limited to 'doc/manual/en_US')
53 files changed, 49481 insertions, 0 deletions
diff --git a/doc/manual/en_US/.scm-settings b/doc/manual/en_US/.scm-settings new file mode 100644 index 00000000..84896a5f --- /dev/null +++ b/doc/manual/en_US/.scm-settings @@ -0,0 +1,21 @@ +# $Id: .scm-settings $ +## @file +# Source code massager settings for the manual. +# + +# +# Copyright (C) 2010-2019 Oracle Corporation +# +# This file is part of VirtualBox Open Source Edition (OSE), as +# available from http://www.virtualbox.org. This file is free software; +# you can redistribute it and/or modify it under the terms of the GNU +# General Public License (GPL) as published by the Free Software +# Foundation, in version 2 as it comes in the "COPYING" file of the +# VirtualBox OSE distribution. VirtualBox OSE is distributed in the +# hope that it will be useful, but WITHOUT ANY WARRANTY of any kind. +# + + +/oracle-accessibility-en.xml: --external-copyright --no-strip-trailing-blanks +/oracle-support-en.xml: --external-copyright --no-strip-trailing-blanks + diff --git a/doc/manual/en_US/Accessibility.xml b/doc/manual/en_US/Accessibility.xml new file mode 100644 index 00000000..b7d8ea23 --- /dev/null +++ b/doc/manual/en_US/Accessibility.xml @@ -0,0 +1,229 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" + "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"[ +<!ENTITY % all.entities SYSTEM "all-entities.ent"> +%all.entities; +]> + +<book> + <bookinfo> + <title>&VBOX_PRODUCT;</title> + + <subtitle>Accessibility Reference</subtitle> + + <edition>Version &VBOX_VERSION_STRING;</edition> + + <corpauthor>&VBOX_VENDOR;</corpauthor> + + <address>https://www.virtualbox.org</address> + + <copyright> + <year>2016-&VBOX_C_YEAR;</year> + + <holder>&VBOX_VENDOR;</holder> + </copyright> + </bookinfo> + + <chapter> + <title>Introduction</title> + <para> + Welcome to the <emphasis role="strong">VirtualBox Accessibility Support</emphasis> documentation! This document is primarily + a reference to help people who are interested in our project accessibility support and will describe how to use VirtualBox + user interface step-by-step. Since whole the application navigation will be explained here, this document will also be + helpful for those who are not familiar with our product user interface and wish to learn more. It will be written in a bit + excessive manner so that many obvious things will be explained too precisely to make it easier to understand by ear for a + blind users. The document will be periodically updated with recent changes and test-cases allowing us to more strictly + follow the required guidelines and make our product fully accessible. + </para> + <para> + Our application is based on Qt5, a powerful cross-platform library which allows to visualize various user interface ideas + the most flexible and native way. This also means that the library we use is responsible for many navigation and + accessibility aspects (like fonts, size hints, colors, look&feel patterns and many other things), but not for all of + them. Nativity as one of the main ideas of the Qt-based application sometimes brings additional complexity because there is + always at least one host which uses unique combination of fonts and colors which breaks accessibility support in an + unpredictable way. + </para> + <para> + Independently on platform we are supporting screen-reader applications which can communicate with Qt5 accessibility + interface which supports Microsoft Active Accessibility (MSAA), OS X Accessibility, and the Unix/X11 AT-SPI standard. + </para> + <para> + Our application user interface is able to be started in two modes: + <itemizedlist> + <listitem> + <para> + First of them is <emphasis role="strong">VirtualBox Manager</emphasis> user interface, the main application window + which allows to manage and configure virtual machines and their groups. Besides that, this window provides user with + access to various global and machine related tools allowing to administrate some of VirtualBox objects and their + settings. + </para> + </listitem> + <listitem> + <para> + Second application mode is <emphasis role="strong">Virtual Machine</emphasis> user interface, which allows to control + virtual machine guest screens as separate application windows. Besides that, this interface allows to access some of + machine tools and adjust guest screens up to your needs, by changing their resolution and toggling full-screen, + seamless and scaled modes. + </para> + </listitem> + </itemizedlist> + But first of all we should start from the <emphasis role="strong">General Concept</emphasis> which is related to whole the + GUI and summarizes the navigation and accessibility aspects we are using for whole application. + </para> + </chapter> + + <chapter> + <title>General concept</title> + <para> + This chapter describes the general navigation and accessibility concept. We should note that not every detail of this + concept is already implemented and not every widget in our project already follows that concept. There is still large work + to be done in that regard. But in the end whole the project should correspond to this concept. + </para> + <para> + In short, every application window of our project should be navigated using the following approaches: + <itemizedlist> + <listitem><para>Mouse Navigation</para></listitem> + <listitem><para>Keyboard Navigation</para></listitem> + <listitem><para>Screen-reader Navigation</para></listitem> + </itemizedlist> + </para> + <sect1> + <title>Mouse Navigation</title> + <itemizedlist> + <listitem> + <para> + Each interactable widget can be focused with mouse (if that is not restricted by underlying host OS). + </para> + </listitem> + <listitem> + <para> + Each hovered interactable widget causes own tool-tip to appear. + </para> + </listitem> + <listitem> + <para> + Each tool-tip is given either in imperative mood (ex. "Create new virtual machine") or in short form (ex. "New"). + </para> + </listitem> + <listitem> + <para> + Short tool-tip form is only used if context is obvious for a user. + </para> + </listitem> + <listitem> + <para> + Tool-tip can contain shortcut mentioned in parentheses. + </para> + </listitem> + <listitem> + <para> + Each hovered menu bar / toolbar action causes own status-tip to appear (if window have status-bar). + </para> + </listitem> + <listitem> + <para> + Each status-tip is given in imperative mood only. + </para> + </listitem> + <listitem> + <para> + TBD... + </para> + </listitem> + </itemizedlist> + </sect1> + <sect1> + <title>Keyboard Navigation</title> + <itemizedlist> + <listitem> + <para> + Each interactable widget can be focused with keyboard (if that is not restricted by underlying host OS). + </para> + </listitem> + <listitem> + <para> + Focusing is possible through tabbing or mnemonic navigation. + </para> + </listitem> + <listitem> + <para> + Each button and menu bar / toolbar action can be directly activated with keyboard. + </para> + </listitem> + <listitem> + <para> + Activation is possible via shortcut or mnemonic. + </para> + </listitem> + <listitem> + <para> + Each shortcut is configurable through application preferences. + </para> + </listitem> + <listitem> + <para> + Mnemonic mentioned above is underlined alphanumeric character which is a part of widget label (if widget has label). + Mnemonic being triggered in conjunction with the Alt key. + </para> + </listitem> + <listitem> + <para> + Each mnemonic is unique within the visible part of current application window, there are no collisions. + </para> + </listitem> + <listitem> + <para> + TBD... + </para> + </listitem> + </itemizedlist> + </sect1> + <sect1> + <title>Screen-reader Navigation</title> + <itemizedlist> + <listitem> + <para> + Each interactable widget can be focused with screen-reader cursor. + </para> + </listitem> + <listitem> + <para> + Each focused widget have clear name (or full description) in native user language. + </para> + </listitem> + <listitem> + <para> + Each button and menu bar / toolbar action can be directly activated through the screen-reader cursor functionality. + </para> + </listitem> + <listitem> + <para> + Each complex widget which has children (like list, tree, table and similar) is represented as closed group which + encapsulates it's children clearly. + </para> + </listitem> + <listitem> + <para> + While navigating user is able to skip any group without forcing to be entered inside. + </para> + </listitem> + <listitem> + <para> + Each group child can be a group itself with the same rules as above applicable. + </para> + </listitem> + <listitem> + <para> + Each text-field can be directly edited through the screen-reader cursor functionality. + </para> + </listitem> + <listitem> + <para> + TBD... + </para> + </listitem> + </itemizedlist> + </sect1> + </chapter> +</book> +<!-- vim: set shiftwidth=2 tabstop=2 expandtab: --> diff --git a/doc/manual/en_US/Makefile.kup b/doc/manual/en_US/Makefile.kup new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/doc/manual/en_US/Makefile.kup diff --git a/doc/manual/en_US/SDKRef.xml b/doc/manual/en_US/SDKRef.xml new file mode 100644 index 00000000..a754380d --- /dev/null +++ b/doc/manual/en_US/SDKRef.xml @@ -0,0 +1,6017 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" + "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"[ +<!ENTITY % all.entities SYSTEM "all-entities.ent"> +%all.entities; +]> + +<book> + <bookinfo> + <title>&VBOX_PRODUCT;</title> + + <subtitle>Programming Guide and Reference</subtitle> + + <edition>Version &VBOX_VERSION_STRING;</edition> + + <corpauthor>&VBOX_VENDOR;</corpauthor> + + <address>http://www.virtualbox.org</address> + + <copyright> + <year>2004-&VBOX_C_YEAR;</year> + + <holder>&VBOX_VENDOR;</holder> + </copyright> + </bookinfo> + + <chapter> + <title>Introduction</title> + + <para>VirtualBox comes with comprehensive support for third-party + developers. This Software Development Kit (SDK) contains all the + documentation and interface files that are needed to write code that + interacts with VirtualBox.</para> + + <sect1> + <title>Modularity: the building blocks of VirtualBox</title> + + <para>VirtualBox is cleanly separated into several layers, which can be + visualized like in the picture below:</para> + + <mediaobject> + <imageobject> + <imagedata align="center" fileref="images/vbox-components.png" + width="12cm"/> + </imageobject> + </mediaobject> + + <para>The orange area represents code that runs in kernel mode, the blue + area represents userspace code.</para> + + <para>At the bottom of the stack resides the hypervisor -- the core of + the virtualization engine, controlling execution of the virtual machines + and making sure they do not conflict with each other or whatever the + host computer is doing otherwise.</para> + + <para>On top of the hypervisor, additional internal modules provide + extra functionality. For example, the RDP server, which can deliver the + graphical output of a VM remotely to an RDP client, is a separate module + that is only loosely tacked into the virtual graphics device. Live + Migration and Resource Monitor are additional modules currently in the + process of being added to VirtualBox.</para> + + <para>What is primarily of interest for purposes of the SDK is the API + layer block that sits on top of all the previously mentioned blocks. + This API, which we call the <emphasis role="bold">"Main API"</emphasis>, + exposes the entire feature set of the virtualization engine below. It is + completely documented in this SDK Reference -- see <xref + linkend="sdkref_classes"/> and <xref linkend="sdkref_enums"/> -- and + available to anyone who wishes to control VirtualBox programmatically. + We chose the name "Main API" to differentiate it from other programming + interfaces of VirtualBox that may be publicly accessible.</para> + + <para>With the Main API, you can create, configure, start, stop and + delete virtual machines, retrieve performance statistics about running + VMs, configure the VirtualBox installation in general, and more. In + fact, internally, the front-end programs + <computeroutput>VirtualBox</computeroutput> and + <computeroutput>VBoxManage</computeroutput> use nothing but this API as + well -- there are no hidden backdoors into the virtualization engine for + our own front-ends. This ensures the entire Main API is both + well-documented and well-tested. (The same applies to + <computeroutput>VBoxHeadless</computeroutput>, which is not shown in the + image.)</para> + </sect1> + + <sect1 id="webservice-or-com"> + <title>Two guises of the same "Main API": the web service or + COM/XPCOM</title> + + <para>There are several ways in which the Main API can be called by + other code:<orderedlist> + <listitem> + <para>VirtualBox comes with a <emphasis role="bold">web + service</emphasis> that maps nearly the entire Main API. The web + service ships in a stand-alone executable + (<computeroutput>vboxwebsrv</computeroutput>) that, when running, + acts as an HTTP server, accepts SOAP connections and processes + them.</para> + + <para>Since the entire web service API is publicly described in a + web service description file (in WSDL format), you can write + client programs that call the web service in any language with a + toolkit that understands WSDL. These days, that includes most + programming languages that are available: Java, C++, .NET, PHP, + Python, Perl and probably many more.</para> + + <para>All of this is explained in detail in subsequent chapters of + this book.</para> + + <para>There are two ways in which you can write client code that + uses the web service:<orderedlist> + <listitem> + <para>For Java as well as Python, the SDK contains + easy-to-use classes that allow you to use the web service in + an object-oriented, straightforward manner. We shall refer + to this as the <emphasis role="bold">"object-oriented web + service (OOWS)"</emphasis>.</para> + + <para>The OO bindings for Java are described in <xref + linkend="javaapi"/>, those for Python in <xref + linkend="glue-python-ws"/>.</para> + </listitem> + + <listitem> + <para>Alternatively, you can use the web service directly, + without the object-oriented client layer. We shall refer to + this as the <emphasis role="bold">"raw web + service"</emphasis>.</para> + + <para>You will then have neither native object orientation + nor full type safety, since web services are neither + object-oriented nor stateful. However, in this way, you can + write client code even in languages for which we do not ship + object-oriented client code; all you need is a programming + language with a toolkit that can parse WSDL and generate + client wrapper code from it.</para> + + <para>We describe this further in <xref + linkend="raw-webservice"/>, with samples for Java and + Perl.</para> + </listitem> + </orderedlist></para> + </listitem> + + <listitem> + <para>Internally, for portability and easier maintenance, the Main + API is implemented using the <emphasis role="bold">Component + Object Model (COM), </emphasis> an interprocess mechanism for + software components originally introduced by Microsoft for + Microsoft Windows. On a Windows host, VirtualBox will use + Microsoft COM; on other hosts where COM is not present, it ships + with XPCOM, a free software implementation of COM originally + created by the Mozilla project for their browsers.</para> + + <para>So, if you are familiar with COM and the C++ programming + language (or with any other programming language that can handle + COM/XPCOM objects, such as Java, Visual Basic or C#), then you can + use the COM/XPCOM API directly. VirtualBox comes with all + necessary files and documentation to build fully functional COM + applications. For an introduction, please see <xref + linkend="api_com"/> below.</para> + + <para>The VirtualBox front-ends (the graphical user interfaces as + well as the command line), which are all written in C++, use + COM/XPCOM to call the Main API. Technically, the web service is + another front-end to this COM API, mapping almost all of it to + SOAP clients.</para> + </listitem> + </orderedlist></para> + + <para>If you wonder which way to choose, here are a few + comparisons:<table> + <title>Comparison web service vs. COM/XPCOM</title> + + <tgroup cols="2"> + <tbody> + <row> + <entry><emphasis role="bold">Web service</emphasis></entry> + + <entry><emphasis role="bold">COM/XPCOM</emphasis></entry> + </row> + + <row> + <entry><emphasis role="bold">Pro:</emphasis> Easy to use with + Java and Python with the object-oriented web service; + extensive support even with other languages (C++, .NET, PHP, + Perl and others)</entry> + + <entry><emphasis role="bold">Con:</emphasis> Usable from + languages where COM bridge available (most languages on + Windows platform, Python and C++ on other hosts)</entry> + </row> + + <row> + <entry><emphasis role="bold">Pro:</emphasis> Client can be on + remote machine</entry> + + <entry><emphasis role="bold">Con: </emphasis>Client must be on + the same host where virtual machine is executed</entry> + </row> + + <row> + <entry><emphasis role="bold">Con: </emphasis>Significant + overhead due to XML marshalling over the wire for each method + call</entry> + + <entry><emphasis role="bold">Pro: </emphasis>Relatively low + invocation overhead</entry> + </row> + </tbody> + </tgroup> + </table></para> + + <para>In the following chapters, we will describe the different ways in + which to program VirtualBox, starting with the method that is easiest to + use and then increase complexity as we go along.</para> + </sect1> + + <sect1 id="api_soap_intro"> + <title>About web services in general</title> + + <para>Web services are a particular type of programming interface. + Whereas, with "normal" programming, a program calls an application + programming interface (API) defined by another program or the operating + system and both sides of the interface have to agree on the calling + convention and, in most cases, use the same programming language, web + services use Internet standards such as HTTP and XML to + communicate.<footnote> + <para>In some ways, web services promise to deliver the same thing + as CORBA and DCOM did years ago. However, while these previous + technologies relied on specific binary protocols and thus proved to + be difficult to use between diverging platforms, web services + circumvent these incompatibilities by using text-only standards like + HTTP and XML. On the downside (and, one could say, typical of things + related to XML), a lot of standards are involved before a web + service can be implemented. Many of the standards invented around + XML are used one way or another. As a result, web services are slow + and verbose, and the details can be incredibly messy. The relevant + standards here are called SOAP and WSDL, where SOAP describes the + format of the messages that are exchanged (an XML document wrapped + in an HTTP header), and WSDL is an XML format that describes a + complete API provided by a web service. WSDL in turn uses XML Schema + to describe types, which is not exactly terse either. However, as + you will see from the samples provided in this chapter, the + VirtualBox web service shields you from these details and is easy to + use.</para> + </footnote></para> + + <para>In order to successfully use a web service, a number of things are + required -- primarily, a web service accepting connections; service + descriptions; and then a client that connects to that web service. The + connections are governed by the SOAP standard, which describes how + messages are to be exchanged between a service and its clients; the + service descriptions are governed by WSDL.</para> + + <para>In the case of VirtualBox, this translates into the following + three components:<orderedlist> + <listitem> + <para>The VirtualBox web service (the "server"): this is the + <computeroutput>vboxwebsrv</computeroutput> executable shipped + with VirtualBox. Once you start this executable (which acts as a + HTTP server on a specific TCP/IP port), clients can connect to the + web service and thus control a VirtualBox installation.</para> + </listitem> + + <listitem> + <para>VirtualBox also comes with WSDL files that describe the + services provided by the web service. You can find these files in + the <computeroutput>sdk/bindings/webservice/</computeroutput> + directory. These files are understood by the web service toolkits + that are shipped with most programming languages and enable you to + easily access a web service even if you don't use our + object-oriented client layers. VirtualBox is shipped with + pregenerated web service glue code for several languages (Python, + Perl, Java).</para> + </listitem> + + <listitem> + <para>A client that connects to the web service in order to + control the VirtualBox installation.</para> + + <para>Unless you play with some of the samples shipped with + VirtualBox, this needs to be written by you.</para> + </listitem> + </orderedlist></para> + </sect1> + + <sect1 id="runvboxwebsrv"> + <title>Running the web service</title> + + <para>The web service ships in an stand-alone executable, + <computeroutput>vboxwebsrv</computeroutput>, that, when running, acts as + a HTTP server, accepts SOAP connections and processes them -- remotely + or from the same machine.<note> + <para>The web service executable is not contained with the + VirtualBox SDK, but instead ships with the standard VirtualBox + binary package for your specific platform. Since the SDK contains + only platform-independent text files and documentation, the binaries + are instead shipped with the platform-specific packages. For this + reason the information how to run it as a service is included in the + VirtualBox documentation.</para> + </note></para> + + <para>The <computeroutput>vboxwebsrv</computeroutput> program, which + implements the web service, is a text-mode (console) program which, + after being started, simply runs until it is interrupted with Ctrl-C or + a kill command.</para> + + <para>Once the web service is started, it acts as a front-end to the + VirtualBox installation of the user account that it is running under. In + other words, if the web service is run under the user account of + <computeroutput>user1</computeroutput>, it will see and manipulate the + virtual machines and other data represented by the VirtualBox data of + that user (for example, on a Linux machine, under + <computeroutput>/home/user1/.config/VirtualBox</computeroutput>; see the + VirtualBox User Manual for details on where this data is stored).</para> + + <sect2 id="vboxwebsrv-ref"> + <title>Command line options of vboxwebsrv</title> + + <para>The web service supports the following command line + options:</para> + + <itemizedlist> + <listitem> + <para><computeroutput>--help</computeroutput> (or + <computeroutput>-h</computeroutput>): print a brief summary of + command line options.</para> + </listitem> + + <listitem> + <para><computeroutput>--background</computeroutput> (or + <computeroutput>-b</computeroutput>): run the web service as a + background daemon. This option is not supported on Windows + hosts.</para> + </listitem> + + <listitem> + <para><computeroutput>--host</computeroutput> (or + <computeroutput>-H</computeroutput>): This specifies the host to + bind to and defaults to "localhost".</para> + </listitem> + + <listitem> + <para><computeroutput>--port</computeroutput> (or + <computeroutput>-p</computeroutput>): This specifies which port to + bind to on the host and defaults to 18083.</para> + </listitem> + + <listitem> + <para><computeroutput>--ssl</computeroutput> (or + <computeroutput>-s</computeroutput>): This enables SSL + support.</para> + </listitem> + + <listitem> + <para><computeroutput>--keyfile</computeroutput> (or + <computeroutput>-K</computeroutput>): This specifies the file name + containing the server private key and the certificate. This is a + mandatory parameter if SSL is enabled.</para> + </listitem> + + <listitem> + <para><computeroutput>--passwordfile</computeroutput> (or + <computeroutput>-a</computeroutput>): This specifies the file name + containing the password for the server private key. If unspecified + or an empty string is specified this is interpreted as an empty + password (i.e. the private key is not protected by a password). If + the file name <computeroutput>-</computeroutput> is specified then + then the password is read from the standard input stream, otherwise + from the specified file. The user is responsible for appropriate + access rights to protect the confidential password.</para> + </listitem> + + <listitem> + <para><computeroutput>--cacert</computeroutput> (or + <computeroutput>-c</computeroutput>): This specifies the file name + containing the CA certificate appropriate for the server + certificate.</para> + </listitem> + + <listitem> + <para><computeroutput>--capath</computeroutput> (or + <computeroutput>-C</computeroutput>): This specifies the directory + containing several CA certificates appropriate for the server + certificate.</para> + </listitem> + + <listitem> + <para><computeroutput>--dhfile</computeroutput> (or + <computeroutput>-D</computeroutput>): This specifies the file name + containing the DH key. Alternatively it can contain the number of + bits of the DH key to generate. If left empty, RSA is used.</para> + </listitem> + + <listitem> + <para><computeroutput>--randfile</computeroutput> (or + <computeroutput>-r</computeroutput>): This specifies the file name + containing the seed for the random number generator. If left empty, + an operating system specific source of the seed.</para> + </listitem> + + <listitem> + <para><computeroutput>--timeout</computeroutput> (or + <computeroutput>-t</computeroutput>): This specifies the session + timeout, in seconds, and defaults to 300 (five minutes). A web + service client that has logged on but makes no calls to the web + service will automatically be disconnected after the number of + seconds specified here, as if it had called the + <computeroutput>IWebSessionManager::logoff()</computeroutput> + method provided by the web service itself.</para> + + <para>It is normally vital that each web service client call this + method, as the web service can accumulate large amounts of memory + when running, especially if a web service client does not properly + release managed object references. As a result, this timeout value + should not be set too high, especially on machines with a high + load on the web service, or the web service may eventually deny + service.</para> + </listitem> + + <listitem> + <para><computeroutput>--check-interval</computeroutput> (or + <computeroutput>-i</computeroutput>): This specifies the interval + in which the web service checks for timed-out clients, in seconds, + and defaults to 5. This normally does not need to be + changed.</para> + </listitem> + + <listitem> + <para><computeroutput>--threads</computeroutput> (or + <computeroutput>-T</computeroutput>): This specifies the maximum + number or worker threads, and defaults to 100. This normally does + not need to be changed.</para> + </listitem> + + <listitem> + <para><computeroutput>--keepalive</computeroutput> (or + <computeroutput>-k</computeroutput>): This specifies the maximum + number of requests which can be sent in one web service connection, + and defaults to 100. This normally does not need to be + changed.</para> + </listitem> + + <listitem> + <para><computeroutput>--authentication</computeroutput> (or + <computeroutput>-A</computeroutput>): This specifies the desired + web service authentication method. If the parameter is not + specified or the empty string is specified it does not change the + authentication method, otherwise it is set to the specified value. + Using this parameter is a good measure against accidental + misconfiguration, as the web service ensures periodically that it + isn't changed.</para> + </listitem> + + <listitem> + <para><computeroutput>--verbose</computeroutput> (or + <computeroutput>-v</computeroutput>): Normally, the web service + outputs only brief messages to the console each time a request is + served. With this option, the web service prints much more detailed + data about every request and the COM methods that those requests + are mapped to internally, which can be useful for debugging client + programs.</para> + </listitem> + + <listitem> + <para><computeroutput>--pidfile</computeroutput> (or + <computeroutput>-P</computeroutput>): Name of the PID file which is + created when the daemon was started.</para> + </listitem> + + <listitem> + <para><computeroutput>--logfile</computeroutput> (or + <computeroutput>-F</computeroutput>) + <computeroutput><file></computeroutput>: If this is + specified, the web service not only prints its output to the + console, but also writes it to the specified file. The file is + created if it does not exist; if it does exist, new output is + appended to it. This is useful if you run the web service + unattended and need to debug problems after they have + occurred.</para> + </listitem> + + <listitem> + <para><computeroutput>--logrotate</computeroutput> (or + <computeroutput>-R</computeroutput>): Number of old log files to + keep, defaults to 10. Log rotation is disabled if set to 0.</para> + </listitem> + + <listitem> + <para><computeroutput>--logsize</computeroutput> (or + <computeroutput>-S</computeroutput>): Maximum size of log file in + bytes, defaults to 100MB. Log rotation is triggered if the file + grows beyond this limit.</para> + </listitem> + + <listitem> + <para><computeroutput>--loginterval</computeroutput> (or + <computeroutput>-I</computeroutput>): Maximum time interval to be + put in a log file before rotation is triggered, in seconds, and + defaults to one day.</para> + </listitem> + </itemizedlist> + </sect2> + + <sect2 id="websrv_authenticate"> + <title>Authenticating at web service logon</title> + + <para>As opposed to the COM/XPCOM variant of the Main API, a client + that wants to use the web service must first log on by calling the + <link linkend="IWebsessionManager__logon">IWebsessionManager::logon()</link> + API that is specific to the + web service. Logon is necessary for the web service to be stateful; + internally, it maintains a session for each client that connects to + it.</para> + + <para>The <computeroutput>IWebsessionManager::logon()</computeroutput> + API takes a user name and a password as arguments, which the web + service then passes to a customizable authentication plugin that + performs the actual authentication.</para> + + <para>For testing purposes, it is recommended that you first disable + authentication with this command: + <screen>VBoxManage setproperty websrvauthlibrary null</screen></para> + + <para><warning> + <para>This will cause all logons to succeed, regardless of user + name or password. This should of course not be used in a + production environment.</para> + </warning>Generally, the mechanism by which clients are + authenticated is configurable by way of the + <computeroutput>VBoxManage</computeroutput> command:</para> + + <para><screen>VBoxManage setproperty websrvauthlibrary default|null|<library></screen></para> + + <para>This way you can specify any shared object/dynamic link module + that conforms with the specifications for VirtualBox external + authentication modules as laid out in section <emphasis + role="bold">VRDE authentication</emphasis> of the VirtualBox User + Manual; the web service uses the same kind of modules as the + VirtualBox VRDE server. For technical details on VirtualBox external + authentication modules see <xref linkend="vbox-auth"/></para> + + <para>By default, after installation, the web service uses the + VBoxAuth module that ships with VirtualBox. This module uses PAM on + Linux hosts to authenticate users. Any valid username/password + combination is accepted, it does not have to be the username and + password of the user running the web service daemon. Unless + <computeroutput>vboxwebsrv</computeroutput> runs as root, PAM + authentication can fail, because sometimes the file + <computeroutput>/etc/shadow</computeroutput>, which is used by PAM, is + not readable. On most Linux distribution PAM uses a suid root helper + internally, so make sure you test this before deploying it. One can + override this behavior by setting the environment variable + <computeroutput>VBOX_PAM_ALLOW_INACTIVE</computeroutput> which will + suppress failures when unable to read the shadow password file. Please + use this variable carefully, and only if you fully understand what + you're doing.</para> + </sect2> + </sect1> + </chapter> + + <chapter> + <title>Environment-specific notes</title> + + <para>The Main API described in <xref linkend="sdkref_classes"/> and + <xref linkend="sdkref_enums"/> is mostly identical in all the supported + programming environments which have been briefly mentioned in the + introduction of this book. As a result, the Main API's general concepts + described in <xref linkend="concepts"/> are the same whether you use the + object-oriented web service (OOWS) for JAX-WS or a raw web service + connection via, say, Perl, or whether you use C++ COM bindings.</para> + + <para>Some things are different depending on your environment, however. + These differences are explained in this chapter.</para> + + <sect1 id="glue"> + <title>Using the object-oriented web service (OOWS)</title> + + <para>As explained in <xref linkend="webservice-or-com"/>, VirtualBox + ships with client-side libraries for Java, Python and PHP that allow you + to use the VirtualBox web service in an intuitive, object-oriented way. + These libraries shield you from the client-side complications of managed + object references and other implementation details that come with the + VirtualBox web service. (If you are interested in these complications, + have a look at <xref linkend="raw-webservice"/>).</para> + + <para>We recommend that you start your experiments with the VirtualBox + web service by using our object-oriented client libraries for JAX-WS, a + web service toolkit for Java, which enables you to write code to + interact with VirtualBox in the simplest manner possible.</para> + + <para>As "interfaces", "attributes" and "methods" are COM concepts, + please read the documentation in <xref linkend="sdkref_classes"/> and + <xref linkend="sdkref_enums"/> with the following notes in mind.</para> + + <para>The OOWS bindings attempt to map the Main API as closely as + possible to the Java, Python and PHP languages. In other words, objects + are objects, interfaces become classes, and you can call methods on + objects as you would on local objects.</para> + + <para>The main difference remains with attributes: to read an attribute, + call a "getXXX" method, with "XXX" being the attribute name with a + capitalized first letter. So when the Main API Reference says that + <computeroutput>IMachine</computeroutput> has a "name" attribute (see + <link linkend="IMachine__name">IMachine::name</link>), call + <computeroutput>getName()</computeroutput> on an IMachine object to + obtain a machine's name. Unless the attribute is marked as read-only in + the documentation, there will also be a corresponding "set" + method.</para> + + <sect2 id="glue-jax-ws"> + <title>The object-oriented web service for JAX-WS</title> + + <para>JAX-WS is a powerful toolkit by Sun Microsystems to build both + server and client code with Java. It is part of Java 6 (JDK 1.6), but + can also be obtained separately for Java 5 (JDK 1.5). The VirtualBox + SDK comes with precompiled OOWS bindings working with both Java 5 and + 6.</para> + + <para>The following sections explain how to get the JAX-WS sample code + running and explain a few common practices when using the JAX-WS + object-oriented web service.</para> + + <sect3> + <title>Preparations</title> + + <para>Since JAX-WS is already integrated into Java 6, no additional + preparations are needed for Java 6.</para> + + <para>If you are using Java 5 (JDK 1.5.x), you will first need to + download and install an external JAX-WS implementation, as Java 5 + does not support JAX-WS out of the box; for example, you can + download one from here: <ulink + url="https://jax-ws.dev.java.net/2.1.4/JAXWS2.1.4-20080502.jar">https://jax-ws.dev.java.net/2.1.4/JAXWS2.1.4-20080502.jar</ulink>. + Then perform the installation (<computeroutput>java -jar + JAXWS2.1.4-20080502.jar</computeroutput>).</para> + </sect3> + + <sect3> + <title>Getting started: running the sample code</title> + + <para>To run the OOWS for JAX-WS samples that we ship with the SDK, + perform the following steps: <orderedlist> + <listitem> + <para>Open a terminal and change to the directory where the + JAX-WS samples reside.<footnote> + <para>In + <computeroutput>sdk/bindings/glue/java/</computeroutput>.</para> + </footnote> Examine the header of + <computeroutput>Makefile</computeroutput> to see if the + supplied variables (Java compiler, Java executable) and a few + other details match your system settings.</para> + </listitem> + + <listitem> + <para>To start the VirtualBox web service, open a second + terminal and change to the directory where the VirtualBox + executables are located. Then type: + <screen>./vboxwebsrv -v</screen></para> + + <para>The web service now waits for connections and will run + until you press Ctrl+C in this second terminal. The -v + argument causes it to log all connections to the terminal. + (See <xref linkend="runvboxwebsrv"/> for details on how + to run the web service.)</para> + </listitem> + + <listitem> + <para>Back in the first terminal and still in the samples + directory, to start a simple client example just type: + <screen>make run16</screen></para> + + <para>if you're on a Java 6 system; on a Java 5 system, run + <computeroutput>make run15</computeroutput> instead.</para> + + <para>This should work on all Unix-like systems such as Linux + and Solaris. For Windows systems, use commands similar to what + is used in the Makefile.</para> + + <para>This will compile the + <computeroutput>clienttest.java</computeroutput> code on the + first call and then execute the resulting + <computeroutput>clienttest</computeroutput> class to show the + locally installed VMs (see below).</para> + </listitem> + </orderedlist></para> + + <para>The <computeroutput>clienttest</computeroutput> sample + imitates a few typical command line tasks that + <computeroutput>VBoxManage</computeroutput>, VirtualBox's regular + command-line front-end, would provide (see the VirtualBox User + Manual for details). In particular, you can run:<itemizedlist> + <listitem> + <para><computeroutput>java clienttest show + vms</computeroutput>: show the virtual machines that are + registered locally.</para> + </listitem> + + <listitem> + <para><computeroutput>java clienttest list + hostinfo</computeroutput>: show various information about the + host this VirtualBox installation runs on.</para> + </listitem> + + <listitem> + <para><computeroutput>java clienttest startvm + <vmname|uuid></computeroutput>: start the given virtual + machine.</para> + </listitem> + </itemizedlist></para> + + <para>The <computeroutput>clienttest.java</computeroutput> sample + code illustrates common basic practices how to use the VirtualBox + OOWS for JAX-WS, which we will explain in more detail in the + following chapters.</para> + </sect3> + + <sect3> + <title>Logging on to the web service</title> + + <para>Before a web service client can do anything useful, two + objects need to be created, as can be seen in the + <computeroutput>clienttest</computeroutput> constructor:<orderedlist> + <listitem> + <para>An instance of + <link linkend="IWebsessionManager">IWebsessionManager</link>, + which is an interface provided by the web service to manage + "web sessions" -- that is, stateful connections to the web + service with persistent objects upon which methods can be + invoked.</para> + + <para>In the OOWS for JAX-WS, the IWebsessionManager class + must be constructed explicitly, and a URL must be provided in + the constructor that specifies where the web service (the + server) awaits connections. The code in + <computeroutput>clienttest.java</computeroutput> connects to + "http://localhost:18083/", which is the default.</para> + + <para>The port number, by default 18083, must match the port + number given to the + <computeroutput>vboxwebsrv</computeroutput> command line; see + <xref linkend="vboxwebsrv-ref"/>.</para> + </listitem> + + <listitem> + <para>After that, the code calls + <link linkend="IWebsessionManager__logon">IWebsessionManager::logon()</link>, + which is the first call that actually communicates with the + server. This authenticates the client with the web service and + returns an instance of + <link linkend="IVirtualBox">IVirtualBox</link>, + the most fundamental interface of the VirtualBox web service, + from which all other functionality can be derived.</para> + + <para>If logon doesn't work, please take another look at <xref + linkend="websrv_authenticate"/>.</para> + </listitem> + </orderedlist></para> + </sect3> + + <sect3> + <title>Object management</title> + + <para>The current OOWS for JAX-WS has certain memory management + related limitations. When you no longer need an object, call its + <link linkend="IManagedObjectRef__release">IManagedObjectRef::release()</link> + method explicitly, which + frees appropriate managed reference, as is required by the raw + web service; see <xref linkend="managed-object-references"/> for + details. This limitation may be reconsidered in a future version of + the VirtualBox SDK.</para> + </sect3> + </sect2> + + <sect2 id="glue-python-ws"> + <title>The object-oriented web service for Python</title> + + <para>VirtualBox comes with two flavors of a Python API: one for web + service, discussed here, and one for the COM/XPCOM API discussed in + <xref linkend="pycom"/>. The client code is mostly similar, except + for the initialization part, so it is up to the application developer + to choose the appropriate technology. Moreover, a common Python glue + layer exists, abstracting out concrete platform access details, see + <xref linkend="glue-python"/>.</para> + + <para>The minimum supported Python version is 2.6.</para> + + <para>As indicated in <xref linkend="webservice-or-com"/>, the + COM/XPCOM API gives better performance without the SOAP overhead, and + does not require a web server to be running. On the other hand, the + COM/XPCOM Python API requires a suitable Python bridge for your Python + installation (VirtualBox ships the most important ones for each + platform<footnote> + <para>On On Mac OS X only the Python versions bundled with the OS + are officially supported. This means 2.6 and 2.7 for 10.9 and later.</para> + </footnote>). On Windows, you can use the Main API from Python if the + Win32 extensions package for Python<footnote> + <para>See <ulink + url="http://sourceforge.net/project/showfiles.php?group_id=78018">http://sourceforge.net/project/showfiles.php?group_id=78018</ulink>.</para> + </footnote> is installed. Versions of Python Win32 extensions earlier + than 2.16 are known to have bugs, leading to issues with VirtualBox + Python bindings, so please make sure to use latest available Python + and Win32 extensions.</para> + + <para>The VirtualBox OOWS for Python relies on the Python ZSI SOAP + implementation (see <ulink + url="http://pywebsvcs.sourceforge.net/zsi.html">http://pywebsvcs.sourceforge.net/zsi.html</ulink>), + which you will need to install locally before trying the examples. + Most Linux distributions come with package for ZSI, such as + <computeroutput>python-zsi</computeroutput> in Ubuntu.</para> + + <para>To get started, open a terminal and change to the + <computeroutput>bindings/glue/python/sample</computeroutput> + directory, which contains an example of a simple interactive shell + able to control a VirtualBox instance. The shell is written using the + API layer, thereby hiding different implementation details, so it is + actually an example of code share among XPCOM, MSCOM and web services. + If you are interested in how to interact with the web services layer + directly, have a look at + <computeroutput>install/vboxapi/__init__.py</computeroutput> which + contains the glue layer for all target platforms (i.e. XPCOM, MSCOM + and web services).</para> + + <para>To start the shell, perform the following commands: + <screen>/opt/VirtualBox/vboxwebsrv -t 0 + # start web service with object autocollection disabled +export VBOX_PROGRAM_PATH=/opt/VirtualBox + # your VirtualBox installation directory +export VBOX_SDK_PATH=/home/youruser/vbox-sdk + # where you've extracted the SDK +./vboxshell.py -w </screen> + See <xref linkend="vboxshell"/> for more + details on the shell's functionality. For you, as a VirtualBox + application developer, the vboxshell sample could be interesting as an + example of how to write code targeting both local and remote cases + (COM/XPCOM and SOAP). The common part of the shell is the same -- the + only difference is how it interacts with the invocation layer. You can + use the <computeroutput>connect</computeroutput> shell command to + connect to remote VirtualBox servers; in this case you can skip + starting the local web server.</para> + </sect2> + + <sect2> + <title>The object-oriented web service for PHP</title> + + <para>VirtualBox also comes with object-oriented web service (OOWS) + wrappers for PHP5. These wrappers rely on the PHP SOAP + Extension<footnote> + <para>See + <ulink url="https://www.php.net/soap">https://www.php.net/soap</ulink>.</para> + </footnote>, which can be installed by configuring PHP with + <computeroutput>--enable-soap</computeroutput>.</para> + </sect2> + </sect1> + + <sect1 id="raw-webservice"> + <title>Using the raw web service with any language</title> + + <para>The following examples show you how to use the raw web service, + without the object-oriented client-side code that was described in the + previous chapter.</para> + + <para>Generally, when reading the documentation in <xref + linkend="sdkref_classes"/> and <xref linkend="sdkref_enums"/>, due to + the limitations of SOAP and WSDL lined out in <xref + linkend="rawws-conventions"/>, please have the following notes in + mind:</para> + + <para><orderedlist> + <listitem> + <para>Any COM method call becomes a <emphasis role="bold">plain + function call</emphasis> in the raw web service, with the object + as an additional first parameter (before the "real" parameters + listed in the documentation). So when the documentation says that + the <computeroutput>IVirtualBox</computeroutput> interface + supports the <computeroutput>createMachine()</computeroutput> + method (see + <link linkend="IVirtualBox__createMachine">IVirtualBox::createMachine()</link>), + the web service operation is + <computeroutput>IVirtualBox_createMachine(...)</computeroutput>, + and a managed object reference to an + <computeroutput>IVirtualBox</computeroutput> object must be passed + as the first argument.</para> + </listitem> + + <listitem> + <para>For <emphasis role="bold">attributes</emphasis> in + interfaces, there will be at least one "get" function; there will + also be a "set" function, unless the attribute is "readonly". The + attribute name will be appended to the "get" or "set" prefix, with + a capitalized first letter. So, the "version" readonly attribute + of the <computeroutput>IVirtualBox</computeroutput> interface can + be retrieved by calling + <computeroutput>IVirtualBox_getVersion(vbox)</computeroutput>, + with <computeroutput>vbox</computeroutput> being the VirtualBox + object.</para> + </listitem> + + <listitem> + <para>Whenever the API documentation says that a method (or an + attribute getter) returns an <emphasis + role="bold">object</emphasis>, it will returned a managed object + reference in the web service instead. As said above, managed + object references should be released if the web service client + does not log off again immediately!</para> + </listitem> + </orderedlist></para> + + <para></para> + + <sect2 id="webservice-java-sample"> + <title>Raw web service example for Java with Axis</title> + + <para>Axis is an older web service toolkit created by the Apache + foundation. If your distribution does not have it installed, you can + get a binary from <ulink + url="http://www.apache.org">http://www.apache.org</ulink>. The + following examples assume that you have Axis 1.4 installed.</para> + + <para>The VirtualBox SDK ships with an example for Axis that, again, + is called <computeroutput>clienttest.java</computeroutput> and that + imitates a few of the commands of + <computeroutput>VBoxManage</computeroutput> over the wire.</para> + + <para>Then perform the following steps:<orderedlist> + <listitem> + <para>Create a working directory somewhere. Under your + VirtualBox installation directory, find the + <computeroutput>sdk/webservice/samples/java/axis/</computeroutput> + directory and copy the file + <computeroutput>clienttest.java</computeroutput> to your working + directory.</para> + </listitem> + + <listitem> + <para>Open a terminal in your working directory. Execute the + following command: + <screen>java org.apache.axis.wsdl.WSDL2Java /path/to/vboxwebService.wsdl</screen></para> + + <para>The <computeroutput>vboxwebService.wsdl</computeroutput> + file should be located in the + <computeroutput>sdk/webservice/</computeroutput> + directory.</para> + + <para>If this fails, your Apache Axis may not be located on your + system classpath, and you may have to adjust the CLASSPATH + environment variable. Something like this: + <screen>export CLASSPATH="/path-to-axis-1_4/lib/*":$CLASSPATH</screen></para> + + <para>Use the directory where the Axis JAR files are located. + Mind the quotes so that your shell passes the "*" character to + the java executable without expanding. Alternatively, add a + corresponding <computeroutput>-classpath</computeroutput> + argument to the "java" call above.</para> + + <para>If the command executes successfully, you should see an + "org" directory with subdirectories containing Java source files + in your working directory. These classes represent the + interfaces that the VirtualBox web service offers, as described + by the WSDL file.</para> + + <para>This is the bit that makes using web services so + attractive to client developers: if a language's toolkit + understands WSDL, it can generate large amounts of support code + automatically. Clients can then easily use this support code and + can be done with just a few lines of code.</para> + </listitem> + + <listitem> + <para>Next, compile the + <computeroutput>clienttest.java</computeroutput> + source:<screen>javac clienttest.java </screen></para> + + <para>This should yield a "clienttest.class" file.</para> + </listitem> + + <listitem> + <para>To start the VirtualBox web service, open a second + terminal and change to the directory where the VirtualBox + executables are located. Then type: + <screen>./vboxwebsrv -v</screen></para> + + <para>The web service now waits for connections and will run + until you press Ctrl+C in this second terminal. The -v argument + causes it to log all connections to the terminal. (See <xref + linkend="runvboxwebsrv"/> for details on how to run the + web service.)</para> + </listitem> + + <listitem> + <para>Back in the original terminal where you compiled the Java + source, run the resulting binary, which will then connect to the + web service:<screen>java clienttest</screen></para> + + <para>The client sample will connect to the web service (on + localhost, but the code could be changed to connect remotely if + the web service was running on a different machine) and make a + number of method calls. It will output the version number of + your VirtualBox installation and a list of all virtual machines + that are currently registered (with a bit of seemingly random + data, which will be explained later).</para> + </listitem> + </orderedlist></para> + </sect2> + + <sect2 id="raw-webservice-perl"> + <title>Raw web service example for Perl</title> + + <para>We also ship a small sample for Perl. It uses the SOAP::Lite + perl module to communicate with the VirtualBox web service.</para> + + <para>The + <computeroutput>sdk/bindings/webservice/perl/lib/</computeroutput> + directory contains a pre-generated Perl module that allows for + communicating with the web service from Perl. You can generate such a + module yourself using the "stubmaker" tool that comes with SOAP::Lite, + but since that tool is slow as well as sometimes unreliable, we are + shipping a working module with the SDK for your convenience.</para> + + <para>Perform the following steps:<orderedlist> + <listitem> + <para>If SOAP::Lite is not yet installed on your system, you + will need to install the package first. On Debian-based systems, + the package is called + <computeroutput>libsoap-lite-perl</computeroutput>; on Gentoo, + it's <computeroutput>dev-perl/SOAP-Lite</computeroutput>.</para> + </listitem> + + <listitem> + <para>Open a terminal in the + <computeroutput>sdk/bindings/webservice/perl/samples/</computeroutput> + directory.</para> + </listitem> + + <listitem> + <para>To start the VirtualBox web service, open a second + terminal and change to the directory where the VirtualBox + executables are located. Then type: + <screen>./vboxwebsrv -v</screen></para> + + <para>The web service now waits for connections and will run + until you press Ctrl+C in this second terminal. The -v argument + causes it to log all connections to the terminal. (See <xref + linkend="runvboxwebsrv"/> for details on how to run the + web service.)</para> + </listitem> + + <listitem> + <para>In the first terminal with the Perl sample, run the + clienttest.pl script: + <screen>perl -I ../lib clienttest.pl</screen></para> + </listitem> + </orderedlist></para> + </sect2> + + <sect2> + <title>Programming considerations for the raw web service</title> + + <para>If you use the raw web service, you need to keep a number of + things in mind, or you will sooner or later run into issues that are + not immediately obvious. By contrast, the object-oriented client-side + libraries described in <xref linkend="glue"/> take care of these + things automatically and thus greatly simplify using the web + service.</para> + + <sect3 id="rawws-conventions"> + <title>Fundamental conventions</title> + + <para>If you are familiar with other web services, you may find the + VirtualBox web service to behave a bit differently to accommodate + for the fact that VirtualBox web service more or less maps the + VirtualBox Main COM API. The following main differences had to be + taken care of:<itemizedlist> + <listitem> + <para>Web services, as expressed by WSDL, are not + object-oriented. Even worse, they are normally stateless (or, + in web services terminology, "loosely coupled"). Web service + operations are entirely procedural, and one cannot normally + make assumptions about the state of a web service between + function calls.</para> + + <para>In particular, this normally means that you cannot work + on objects in one method call that were created by another + call.</para> + </listitem> + + <listitem> + <para>By contrast, the VirtualBox Main API, being expressed in + COM, is object-oriented and works entirely on objects, which + are grouped into public interfaces, which in turn have + attributes and methods associated with them.</para> + </listitem> + </itemizedlist> For the VirtualBox web service, this results in + three fundamental conventions:<orderedlist> + <listitem> + <para>All <emphasis role="bold">function names</emphasis> in + the VirtualBox web service consist of an interface name and a + method name, joined together by an underscore. This is because + there are only functions ("operations") in WSDL, but no + classes, interfaces, or methods.</para> + + <para>In addition, all calls to the VirtualBox web service + (except for logon, see below) take a <emphasis + role="bold">managed object reference</emphasis> as the first + argument, representing the object upon which the underlying + method is invoked. (Managed object references are explained in + detail below; see <xref + linkend="managed-object-references"/>.)</para> + + <para>So, when one would normally code, in the pseudo-code of + an object-oriented language, to invoke a method upon an + object:<screen>IMachine machine; +result = machine.getName();</screen></para> + + <para>In the VirtualBox web service, this looks something like + this (again, pseudo-code):<screen>IMachineRef machine; +result = IMachine_getName(machine);</screen></para> + </listitem> + + <listitem> + <para>To make the web service stateful, and objects persistent + between method calls, the VirtualBox web service introduces a + <emphasis role="bold">session manager</emphasis> (by way of the + <link linkend="IWebsessionManager">IWebsessionManager</link> + interface), which manages object references. Any client wishing + to interact with the web service must first log on to the + session manager and in turn receives a managed object reference + to an object that supports the + <link linkend="IVirtualBox">IVirtualBox</link> + interface (the basic interface in the Main API).</para> + </listitem> + </orderedlist></para> + + <para>In other words, as opposed to other web services, <emphasis + role="bold">the VirtualBox web service is both object-oriented and + stateful.</emphasis></para> + </sect3> + + <sect3> + <title>Example: A typical web service client session</title> + + <para>A typical short web service session to retrieve the version + number of the VirtualBox web service (to be precise, the underlying + Main API version number) looks like this:<orderedlist> + <listitem> + <para>A client logs on to the web service by calling + <link linkend="IWebsessionManager__logon">IWebsessionManager::logon()</link> + with a valid user name and password. See + <xref linkend="websrv_authenticate"/> + for details about how authentication works.</para> + </listitem> + + <listitem> + <para>On the server side, + <computeroutput>vboxwebsrv</computeroutput> creates a session, + which persists until the client calls + <link linkend="IWebsessionManager__logoff">IWebsessionManager::logoff()</link> + or the session times out after a configurable period of + inactivity (see <xref linkend="vboxwebsrv-ref"/>).</para> + + <para>For the new session, the web service creates an instance + of <link linkend="IVirtualBox">IVirtualBox</link>. + This interface is the most central one in the Main API and + allows access to all other interfaces, either through + attributes or method calls. For example, IVirtualBox contains + a list of all virtual machines that are currently registered + (as they would be listed on the left side of the VirtualBox + main program).</para> + + <para>The web service then creates a managed object reference + for this instance of IVirtualBox and returns it to the calling + client, which receives it as the return value of the logon + call. Something like this:</para> + + <screen>string oVirtualBox; +oVirtualBox = webservice.IWebsessionManager_logon("user", "pass");</screen> + + <para>(The managed object reference "oVirtualBox" is just a + string consisting of digits and dashes. However, it is a + string with a meaning and will be checked by the web service. + For details, see below. As hinted above, + <link linkend="IWebsessionManager__logon">IWebsessionManager::logon()</link> + is the <emphasis>only</emphasis> operation provided by the web + service which does not take a managed object reference as the + first argument!)</para> + </listitem> + + <listitem> + <para>The VirtualBox Main API documentation says that the + <computeroutput>IVirtualBox</computeroutput> interface has a + <link linkend="IVirtualBox__version">version</link> + attribute, which is a string. For each attribute, there is a + "get" and a "set" method in COM, which maps to according + operations in the web service. So, to retrieve the "version" + attribute of this <computeroutput>IVirtualBox</computeroutput> + object, the web service client does this: + <screen>string version; +version = webservice.IVirtualBox_getVersion(oVirtualBox); + +print version;</screen></para> + + <para>And it will print + "&VBOX_VERSION_MAJOR;.&VBOX_VERSION_MINOR;.&VBOX_VERSION_BUILD;".</para> + </listitem> + + <listitem> + <para>The web service client calls + <link linkend="IWebsessionManager__logoff">IWebsessionManager::logoff()</link> + with the VirtualBox managed object reference. This will clean + up all allocated resources.</para> + </listitem> + </orderedlist></para> + </sect3> + + <sect3 id="managed-object-references"> + <title>Managed object references</title> + + <para>To a web service client, a managed object reference looks like + a string: two 64-bit hex numbers separated by a dash. This string, + however, represents a COM object that "lives" in the web service + process. The two 64-bit numbers encoded in the managed object + reference represent a session ID (which is the same for all objects + in the same web service session, i.e. for all objects after one + logon) and a unique object ID within that session.</para> + + <para>Managed object references are created in two + situations:<orderedlist> + <listitem> + <para>When a client logs on, by calling + <link linkend="IWebsessionManager__logon">IWebsessionManager::logon()</link>.</para> + + <para>Upon logon, the websession manager creates one instance + of <link linkend="IVirtualBox">IVirtualBox</link>, + which can be used for directly performing calls to its + methods, or used as a parameter for calling some methods of + <link linkend="IWebsessionManager">IWebsessionManager</link>. + Creating Main API session objects is performed using + <link linkend="IWebsessionManager__getSessionObject">IWebsessionManager::getSessionObject()</link>.</para> + + <para>(Technically, there is always only one + <link linkend="IVirtualBox">IVirtualBox</link> object, which + is shared between all websessions and clients, as it is a COM + singleton. However, each session receives its own managed + object reference to it.)</para> + </listitem> + + <listitem> + <para>Whenever a web service clients invokes an operation + whose COM implementation creates COM objects.</para> + + <para>For example, + <link linkend="IVirtualBox__createMachine">IVirtualBox::createMachine()</link> + creates a new instance of + <link linkend="IMachine">IMachine</link>; + the COM object returned by the COM method call is then wrapped + into a managed object reference by the web server, and this + reference is returned to the web service client.</para> + </listitem> + </orderedlist></para> + + <para>Internally, in the web service process, each managed object + reference is simply a small data structure, containing a COM pointer + to the "real" COM object, the web session ID and the object ID. This + structure is allocated on creation and stored efficiently in hashes, + so that the web service can look up the COM object quickly whenever + a web service client wishes to make a method call. The random + session ID also ensures that one web service client cannot intercept + the objects of another.</para> + + <para>Managed object references are not destroyed automatically and + must be released by explicitly calling + <link linkend="IManagedObjectRef__release">IManagedObjectRef::release()</link>. + This is important, as + otherwise hundreds or thousands of managed object references (and + corresponding COM objects, which can consume much more memory!) can + pile up in the web service process and eventually cause it to deny + service.</para> + + <para>To reiterate: The underlying COM object, which the reference + points to, is only freed if the managed object reference is + released. It is therefore vital that web service clients properly + clean up after the managed object references that are returned to + them.</para> + + <para>When a web service client calls + <link linkend="IWebsessionManager__logoff">IWebsessionManager::logoff()</link>, + all managed object references created during the session are + automatically freed. For short-lived sessions that do not create a + lot of objects, logging off may therefore be sufficient, although it + is certainly not "best practice".</para> + </sect3> + + <sect3> + <title>Some more detail about web service operation</title> + + <sect4 id="soap"> + <title>SOAP messages</title> + + <para>Whenever a client makes a call to a web service, this + involves a complicated procedure internally. These calls are + remote procedure calls. Each such procedure call typically + consists of two "message" being passed, where each message is a + plain-text HTTP request with a standard HTTP header and a special + XML document following. This XML document encodes the name of the + procedure to call and the argument names and values passed to + it.</para> + + <para>To give you an idea of what such a message looks like, + assuming that a web service provides a procedure called + "SayHello", which takes a string "name" as an argument and returns + "Hello" with a space and that name appended, the request message + could look like this:</para> + + <para><screen><?xml version="1.0" encoding="UTF-8"?> +<SOAP-ENV:Envelope + xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" + xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:xsd="http://www.w3.org/2001/XMLSchema" + xmlns:test="http://test/"> +<SOAP-ENV:Body> + <test:SayHello> + <name>Peter</name> + </test:SayHello> + </SOAP-ENV:Body> +</SOAP-ENV:Envelope></screen>A similar message -- the "response" message + -- would be sent back from the web service to the client, + containing the return value "Hello Peter".</para> + + <para>Most programming languages provide automatic support to + generate such messages whenever code in that programming language + makes such a request. In other words, these programming languages + allow for writing something like this (in pseudo-C++ code):</para> + + <para><screen>webServiceClass service("localhost", 18083); // server and port +string result = service.SayHello("Peter"); // invoke remote procedure</screen> + and would, for these two pseudo-lines, automatically perform these + steps:</para> + + <para><orderedlist> + <listitem> + <para>prepare a connection to a web service running on port + 18083 of "localhost";</para> + </listitem> + + <listitem> + <para>for the <computeroutput>SayHello()</computeroutput> + function of the web service, generate a SOAP message like in + the above example by encoding all arguments of the remote + procedure call (which could involve all kinds of type + conversions and complex marshalling for arrays and + structures);</para> + </listitem> + + <listitem> + <para>connect to the web service via HTTP and send that + message;</para> + </listitem> + + <listitem> + <para>wait for the web service to send a response + message;</para> + </listitem> + + <listitem> + <para>decode that response message and put the return value + of the remote procedure into the "result" variable.</para> + </listitem> + </orderedlist></para> + </sect4> + + <sect4 id="wsdl"> + <title>Service descriptions in WSDL</title> + + <para>In the above explanations about SOAP, it was left open how + the programming language learns about how to translate function + calls in its own syntax into proper SOAP messages. In other words, + the programming language needs to know what operations the web + service supports and what types of arguments are required for the + operation's data in order to be able to properly serialize and + deserialize the data to and from the web service. For example, if + a web service operation expects a number in "double" floating + point format for a particular parameter, the programming language + cannot send to it a string instead.</para> + + <para>For this, the Web Service Definition Language (WSDL) was + invented, another XML substandard that describes exactly what + operations the web service supports and, for each operation, which + parameters and types are needed with each request and response + message. WSDL descriptions can be incredibly verbose, and one of + the few good things that can be said about this standard is that + it is indeed supported by most programming languages.</para> + + <para>So, if it is said that a programming language "supports" web + services, this typically means that a programming language has + support for parsing WSDL files and somehow integrating the remote + procedure calls into the native language syntax -- for example, + like in the Java sample shown in <xref + linkend="webservice-java-sample"/>.</para> + + <para>For details about how programming languages support web + services, please refer to the documentation that comes with the + individual languages. Here are a few pointers:</para> + + <orderedlist> + <listitem> + <para>For <emphasis role="bold">C++, </emphasis> among many + others, the gSOAP toolkit is a good option. Parts of gSOAP are + also used in VirtualBox to implement the VirtualBox web + service.</para> + </listitem> + + <listitem> + <para>For <emphasis role="bold">Java, </emphasis> there are + several implementations already described in this document + (see <xref linkend="glue-jax-ws"/> and <xref + linkend="webservice-java-sample"/>).</para> + </listitem> + + <listitem> + <para><emphasis role="bold">Perl</emphasis> supports WSDL via + the SOAP::Lite package. This in turn comes with a tool called + <computeroutput>stubmaker.pl</computeroutput> that allows you + to turn any WSDL file into a Perl package that you can import. + (You can also import any WSDL file "live" by having it parsed + every time the script runs, but that can take a while.) You + can then code (again, assuming the above example): + <screen>my $result = servicename->sayHello("Peter");</screen> + </para> + + <para>A sample that uses SOAP::Lite was described in <xref + linkend="raw-webservice-perl"/>.</para> + </listitem> + </orderedlist> + </sect4> + </sect3> + </sect2> + </sect1> + + <sect1 id="api_com"> + <title>Using COM/XPCOM directly</title> + + <para>If you do not require <emphasis>remote</emphasis> procedure calls + such as those offered by the VirtualBox web service, and if you know + Python or C++ as well as COM, you might find it preferable to program + VirtualBox's Main API directly via COM.</para> + + <para>COM stands for "Component Object Model" and is a standard + originally introduced by Microsoft in the 1990s for Microsoft Windows. + It allows for organizing software in an object-oriented way and across + processes; code in one process may access objects that live in another + process.</para> + + <para>COM has several advantages: it is language-neutral, meaning that + even though all of VirtualBox is internally written in C++, programs + written in other languages could communicate with it. COM also cleanly + separates interface from implementation, so that external programs need + not know anything about the messy and complicated details of VirtualBox + internals.</para> + + <para>On a Windows host, all parts of VirtualBox will use the COM + functionality that is native to Windows. On other hosts (including + Linux), VirtualBox comes with a built-in implementation of XPCOM, as + originally created by the Mozilla project, which we have enhanced to + support interprocess communication on a level comparable to Microsoft + COM. Internally, VirtualBox has an abstraction layer that allows the + same VirtualBox code to work both with native COM as well as our XPCOM + implementation.</para> + + <sect2 id="pycom"> + <title>Python COM API</title> + + <para>On Windows, Python scripts can use COM and VirtualBox interfaces + to control almost all aspects of virtual machine execution. As an + example, use the following commands to instantiate the VirtualBox + object and start a VM: <screen> + vbox = win32com.client.Dispatch("VirtualBox.VirtualBox") + session = win32com.client.Dispatch("VirtualBox.Session") + mach = vbox.findMachine("uuid or name of machine to start") + progress = mach.launchVMProcess(session, "gui", "") + progress.waitForCompletion(-1) + </screen> Also, see + <computeroutput>/bindings/glue/python/samples/vboxshell.py</computeroutput> + for more advanced usage scenarious. However, unless you have specific + requirements, we strongly recommend to use the generic glue layer + described in the next section to access MS COM objects.</para> + </sect2> + + <sect2 id="glue-python"> + <title>Common Python bindings layer</title> + + <para>As different wrappers ultimately provide access to the same + underlying API, and to simplify porting and development of Python + application using the VirtualBox Main API, we developed a common glue + layer that abstracts out most platform-specific details from the + application and allows the developer to focus on application logic. + The VirtualBox installer automatically sets up this glue layer for the + system default Python install. See below for details on how to set up + the glue layer if you want to use a different Python + installation.</para> + + <para>The minimum supported Python version is 2.6.</para> + + <para>In this layer, the class + <computeroutput>VirtualBoxManager</computeroutput> hides most + platform-specific details. It can be used to access both the local + (COM) and the web service based API. The following code can be used by + an application to use the glue layer.</para> + + <screen># This code assumes vboxapi.py from VirtualBox distribution +# being in PYTHONPATH, or installed system-wide +from vboxapi import VirtualBoxManager + +# This code initializes VirtualBox manager with default style +# and parameters +virtualBoxManager = VirtualBoxManager(None, None) + +# Alternatively, one can be more verbose, and initialize +# glue with web service backend, and provide authentication +# information +virtualBoxManager = VirtualBoxManager("WEBSERVICE", + {'url':'http://myhost.com::18083/', + 'user':'me', + 'password':'secret'}) </screen> + + <para>We supply the <computeroutput>VirtualBoxManager</computeroutput> + constructor with 2 arguments: style and parameters. Style defines + which bindings style to use (could be "MSCOM", "XPCOM" or + "WEBSERVICE"), and if set to <computeroutput>None</computeroutput> + defaults to usable platform bindings (MS COM on Windows, XPCOM on + other platforms). The second argument defines parameters, passed to + the platform-specific module, as we do in the second example, where we + pass username and password to be used to authenticate against the web + service.</para> + + <para>After obtaining the + <computeroutput>VirtualBoxManager</computeroutput> instance, one can + perform operations on the IVirtualBox class. For example, the + following code will a start virtual machine by name or ID:</para> + + <screen>from vboxapi import VirtualBoxManager +mgr = VirtualBoxManager(None, None) +vbox = mgr.vbox +name = "Linux" +mach = vbox.findMachine(name) +session = mgr.getSessionObject(vbox) +progress = mach.launchVMProcess(session, "gui", "") +progress.waitForCompletion(-1) +mgr.closeMachineSession(session) + </screen> + <para> + Following code will print all registered machines and their log + folders + </para> + <screen>from vboxapi import VirtualBoxManager +mgr = VirtualBoxManager(None, None) +vbox = mgr.vbox + +for m in mgr.getArray(vbox, 'machines'): +print "Machine '%s' logs in '%s'" %(m.name, m.logFolder) + </screen> + + <para>Code above demonstrates cross-platform access to array properties + (certain limitations prevent one from using + <computeroutput>vbox.machines</computeroutput> to access a list of + available virtual machines in case of XPCOM), and a mechanism of + uniform session creation and closing + (<computeroutput>mgr.getSessionObject()</computeroutput>).</para> + + <para>In case you want to use the glue layer with a different Python + installation, use these steps in a shell to add the necessary + files:</para> + + <screen> # cd VBOX_INSTALL_PATH/sdk/installer + # PYTHON vboxapisetup.py install</screen> + </sect2> + + <sect2 id="cppcom"> + <title>C++ COM API</title> + + <para>C++ is the language that VirtualBox itself is written in, so C++ + is the most direct way to use the Main API -- but it is not + necessarily the easiest, as using COM and XPCOM has its own set of + complications.</para> + + <para>VirtualBox ships with sample programs that demonstrate how to + use the Main API to implement a number of tasks on your host platform. + These samples can be found in the + <computeroutput>/bindings/xpcom/samples</computeroutput> directory for + Linux, Mac OS X and Solaris and + <computeroutput>/bindings/mscom/samples</computeroutput> for Windows. + The two samples are actually different, because the one for Windows + uses native COM, whereas the other uses our XPCOM implementation, as + described above.</para> + + <para>Since COM and XPCOM are conceptually very similar but vary in + the implementation details, we have created a "glue" layer that + shields COM client code from these differences. All VirtualBox uses is + this glue layer, so the same code written once works on both Windows + hosts (with native COM) as well as on other hosts (with our XPCOM + implementation). It is recommended to always use this glue code + instead of using the COM and XPCOM APIs directly, as it is very easy + to make your code completely independent from the platform it is + running on.<!-- A third sample, + <computeroutput>tstVBoxAPIGlue.cpp</computeroutput>, illustrates how to + use the glue layer. +--></para> + + <para>In order to encapsulate platform differences between Microsoft + COM and XPCOM, the following items should be kept in mind when using + the glue layer:</para> + + <para><orderedlist> + <listitem> + <para><emphasis role="bold">Attribute getters and + setters.</emphasis> COM has the notion of "attributes" in + interfaces, which roughly compare to C++ member variables in + classes. The difference is that for each attribute declared in + an interface, COM automatically provides a "get" method to + return the attribute's value. Unless the attribute has been + marked as "readonly", a "set" attribute is also provided.</para> + + <para>To illustrate, the IVirtualBox interface has a "version" + attribute, which is read-only and of the "wstring" type (the + standard string type in COM). As a result, you can call the + "get" method for this attribute to retrieve the version number + of VirtualBox.</para> + + <para>Unfortunately, the implementation differs between COM and + XPCOM. Microsoft COM names the "get" method like this: + <computeroutput>get_Attribute()</computeroutput>, whereas XPCOM + uses this syntax: + <computeroutput>GetAttribute()</computeroutput> (and accordingly + for "set" methods). To hide these differences, the VirtualBox + glue code provides the + <computeroutput>COMGETTER(attrib)</computeroutput> and + <computeroutput>COMSETTER(attrib)</computeroutput> macros. So, + <computeroutput>COMGETTER(version)()</computeroutput> (note, two + pairs of brackets) expands to + <computeroutput>get_Version()</computeroutput> on Windows and + <computeroutput>GetVersion()</computeroutput> on other + platforms.</para> + </listitem> + + <listitem> + <para><emphasis role="bold">Unicode conversions.</emphasis> + While the rest of the modern world has pretty much settled on + encoding strings in UTF-8, COM, unfortunately, uses UCS-16 + encoding. This requires a lot of conversions, in particular + between the VirtualBox Main API and the Qt GUI, which, like the + rest of Qt, likes to use UTF-8.</para> + + <para>To facilitate these conversions, VirtualBox provides the + <computeroutput>com::Bstr</computeroutput> and + <computeroutput>com::Utf8Str</computeroutput> classes, which + support all kinds of conversions back and forth.</para> + </listitem> + + <listitem> + <para><emphasis role="bold">COM autopointers.</emphasis> + Possibly the greatest pain of using COM -- reference counting -- + is alleviated by the + <computeroutput>ComPtr<></computeroutput> template + provided by the <computeroutput>ptr.h</computeroutput> file in + the glue layer.</para> + </listitem> + </orderedlist></para> + </sect2> + + <sect2 id="event-queue"> + <title>Event queue processing</title> + + <para>Both VirtualBox client programs and frontends should + periodically perform processing of the main event queue, and do that + on the application's main thread. In case of a typical GUI Windows/Mac + OS application this happens automatically in the GUI's dispatch loop. + However, for CLI only application, the appropriate actions have to be + taken. For C++ applications, the VirtualBox SDK provided glue method + <screen> + int EventQueue::processEventQueue(uint32_t cMsTimeout) + </screen> can be used for both blocking and non-blocking operations. + For the Python bindings, a common layer provides the method <screen> + VirtualBoxManager.waitForEvents(ms) + </screen> with similar semantics.</para> + + <para>Things get somewhat more complicated for situations where an + application using VirtualBox cannot directly control the main event + loop and the main event queue is separated from the event queue of the + programming librarly (for example in case of Qt on Unix platforms). In + such a case, the application developer is advised to use a + platform/toolkit specific event injection mechanism to force event + queue checks either based on periodical timer events delivered to the + main thread, or by using custom platform messages to notify the main + thread when events are available. See the VBoxSDL and Qt (VirtualBox) + frontends as examples.</para> + </sect2> + + <sect2 id="vbcom"> + <title>Visual Basic and Visual Basic Script (VBS) on Windows + hosts</title> + + <para>On Windows hosts, one can control some of the VirtualBox Main + API functionality from VBS scripts, and pretty much everything from + Visual Basic programs.<footnote> + <para>The difference results from the way VBS treats COM + safearrays, which are used to keep lists in the Main API. VBS + expects every array element to be a + <computeroutput>VARIANT</computeroutput>, which is too strict a + limitation for any high performance API. We may lift this + restriction for interface APIs in a future version, or + alternatively provide conversion APIs.</para> + </footnote></para> + + <para>VBS is scripting language available in any recent Windows + environment. As an example, the following VBS code will print + VirtualBox version: <screen> + set vb = CreateObject("VirtualBox.VirtualBox") + Wscript.Echo "VirtualBox version " & vb.version + </screen> See + <computeroutput>bindings/mscom/vbs/sample/vboxinfo.vbs</computeroutput> + for the complete sample.</para> + + <para>Visual Basic is a popular high level language capable of + accessing COM objects. The following VB code will iterate over all + available virtual machines:<screen> + Dim vb As VirtualBox.IVirtualBox + + vb = CreateObject("VirtualBox.VirtualBox") + machines = "" + For Each m In vb.Machines + m = m & " " & m.Name + Next + </screen> See + <computeroutput>bindings/mscom/vb/sample/vboxinfo.vb</computeroutput> + for the complete sample.</para> + </sect2> + + <sect2 id="cbinding"> + <title>C binding to VirtualBox API</title> + + <para>The VirtualBox API originally is designed as object oriented, + using XPCOM or COM as the middleware, which translates natively to C++. + This means that in order to use it from C there needs to be some + helper code to bridge the language differences and reduce the + differences between platforms.</para> + + <sect3 id="capi_glue"> + <title>Cross-platform C binding to VirtualBox API</title> + + <para>Starting with version 4.3, VirtualBox offers a C binding + which allows using the same C client sources for all platforms, + covering Windows, Linux, Mac OS X and Solaris. It is the + preferred way to write API clients, even though the old style + is still available.</para> + + </sect3> + + <sect3 id="c-gettingstarted"> + <title>Getting started</title> + + <para>The following sections describe how to use the VirtualBox API + in a C program. The necessary files are included in the SDK, in the + directories <computeroutput>sdk/bindings/c/include</computeroutput> + and <computeroutput>sdk/bindings/c/glue</computeroutput>.</para> + + <para>As part of the SDK, a sample program + <computeroutput>tstCAPIGlue.c</computeroutput> is provided in the + directory <computeroutput>sdk/bindings/c/samples</computeroutput> + which demonstrates + using the C binding to initialize the API, get handles for + VirtualBox and Session objects, make calls to list and start virtual + machines, monitor events, and uninitialize resources when done. The + sample program is trying to illustrate all relevant concepts, so it + is a great source of detail information. Among many other generally + useful code sequences it contains a function which shows how to + retrieve error details in C code if they are available from the API + call.</para> + + <para>The sample program <computeroutput>tstCAPIGlue</computeroutput> + can be built using the provided + <computeroutput>Makefile</computeroutput> and can be run without + arguments.</para> + + <para>It uses the VBoxCAPIGlue library (source code is in directory + <computeroutput>sdk/bindings/c/glue</computeroutput>, to be used in + your API client code) to open the C binding layer during runtime, + which is preferred to other means as it isolates the code which + locates the necessary dynamic library, using a known working way + which works on all platforms. If you encounter problems with this + glue code in <computeroutput>VBoxCAPIGlue.c</computeroutput>, let the + VirtualBox developers know, rather than inventing incompatible + solutions.</para> + + <para>The following sections document the important concepts needed + to correctly use the C binding, as it is vital for developing API + client code which manages memory correctly, updates the reference + counters correctly, avoiding crashes and memory leaks. Often API + clients need to handle events, so the C API specifics are also + described below.</para> + </sect3> + + <sect3 id="c-initialization"> + <title>VirtualBox C API initialization</title> + + <para>Just like in C++, the API and the underlying middleware needs + to be initialized before it can be used. The + <computeroutput>VBoxCAPI_v4_3.h</computeroutput> header provides the + interface to the C binding, but you can alternatively and more + conveniently also include + <computeroutput>VBoxCAPIGlue.h</computeroutput>, + as this avoids the VirtualBox version dependent header file name and + makes sure the global variable <code>g_pVBoxFuncs</code> contains a + pointer to the structure which contains the helper function pointers. + Here's how to initialize the C API:<screen>#include "VBoxCAPIGlue.h" +... +IVirtualBoxClient *vboxclient = NULL; +IVirtualBox *vbox = NULL; +ISession *session = NULL; +HRESULT rc; +ULONG revision; + +/* + * VBoxCGlueInit() loads the necessary dynamic library, handles errors + * (producing an error message hinting what went wrong) and gives you + * the pointer to the function table (g_pVBoxFuncs). + * + * Once you get the function table, then how and which functions + * to use is explained below. + * + * g_pVBoxFuncs->pfnClientInitialize does all the necessary startup + * action and provides us with pointers to an IVirtualBoxClient instance. + * It should be matched by a call to g_pVBoxFuncs->pfnClientUninitialize() + * when done. + */ + +if (VBoxCGlueInit()) +{ + fprintf(stderr, "s: FATAL: VBoxCGlueInit failed: %s\n", + argv[0], g_szVBoxErrMsg); + return EXIT_FAILURE; +} + +g_pVBoxFuncs->pfnClientInitialize(NULL, &vboxclient); +if (!vboxclient) +{ + fprintf(stderr, "%s: FATAL: could not get VirtualBoxClient reference\n", + argv[0]); + return EXIT_FAILURE; +}</screen></para> + + <para>If <computeroutput>vboxclient</computeroutput> is still + <computeroutput>NULL</computeroutput> this means the initializationi + failed and the VirtualBox C API cannot be used.</para> + + <para>It is possible to write C applications using multiple threads + which all use the VirtualBox API, as long as you're initializing + the C API in each thread which your application creates. This is done + with <code>g_pVBoxFuncs->pfnClientThreadInitialize()</code> and + likewise before the thread is terminated the API must be + uninitialized with + <code>g_pVBoxFuncs->pfnClientThreadUninitialize()</code>. You don't + have to use these functions in worker threads created by COM/XPCOM + (which you might observe if your code uses active event handling), + everything is initialized correctly already. On Windows the C + bindings create a marshaller which supports a wide range of COM + threading models, from STA to MTA, so you don't have to worry about + these details unless you plan to use active event handlers. See + the sample code how to get this to work reliably (in other words + think twice if passive event handling isn't the better solution after + you looked at the sample code).</para> + </sect3> + + <sect3 id="c-invocation"> + <title>C API attribute and method invocation</title> + + <para>Method invocation is straightforward. It looks pretty much + like the C++ way, by using a macro which internally accesses the + vtable, and additionally needs to be passed a pointer to the objecti + as the first argument to serve as the + <computeroutput>this</computeroutput> pointer.</para> + + <para>Using the C binding, all method invocations return a numeric + result code of type <code>HRESULT</code> (with a few exceptions + which normally are not relevant).</para> + + <para>If an interface is specified as returning an object, a pointer + to a pointer to the appropriate object must be passed as the last + argument. The method will then store an object pointer in that + location.</para> + + <para>Likewise, attributes (properties) can be queried or set using + method invocations, using specially named methods. For each + attribute there exists a getter method, the name of which is composed + of <computeroutput>get_</computeroutput> followed by the capitalized + attribute name. Unless the attribute is read-only, an analogous + <computeroutput>set_</computeroutput> method exists. Let's apply + these rules to get the <computeroutput>IVirtualBox</computeroutput> + reference, an <computeroutput>ISession</computeroutput> instance + reference and read the + <link linkend="IVirtualBox__revision">IVirtualBox::revision</link> + attribute: + <screen>rc = IVirtualBoxClient_get_VirtualBox(vboxclient, &vbox); +if (FAILED(rc) || !vbox) +{ + PrintErrorInfo(argv[0], "FATAL: could not get VirtualBox reference", rc); + return EXIT_FAILURE; +} +rc = IVirtualBoxClient_get_Session(vboxclient, &session); +if (FAILED(rc) || !session) +{ + PrintErrorInfo(argv[0], "FATAL: could not get Session reference", rc); + return EXIT_FAILURE; +} + +rc = IVirtualBox_get_Revision(vbox, &revision); +if (SUCCEEDED(rc)) +{ + printf("Revision: %u\n", revision); +}</screen></para> + + <para>The convenience macros for calling a method are named by + prepending the method name with the interface name (using + <code>_</code>as the separator).</para> + + <para>So far only attribute getters were illustrated, but generic + method calls are straightforward, too: + <screen>IMachine *machine = NULL; +BSTR vmname = ...; +... +/* + * Calling IMachine::findMachine(...) + */ +rc = IVirtualBox_FindMachine(vbox, vmname, &machine);</screen></para> + + <para>As a more complicated example of a method invocation, let's + call + <link linkend="IMachine__launchVMProcess">IMachine::launchVMProcess</link> + which returns an IProgress object. Note again that the method name is + capitalized: + <screen>IProgress *progress; +... +rc = IMachine_LaunchVMProcess( + machine, /* this */ + session, /* arg 1 */ + sessionType, /* arg 2 */ + env, /* arg 3 */ + &progress /* Out */ +);</screen></para> + + <para>All objects with their methods and attributes are documented + in <xref linkend="sdkref_classes"/>.</para> + </sect3> + + <sect3 id="c-string-handling"> + <title>String handling</title> + + <para>When dealing with strings you have to be aware of a string's + encoding and ownership.</para> + + <para>Internally, the API uses UTF-16 encoded strings. A set of + conversion functions is provided to convert other encodings to and + from UTF-16. The type of a UTF-16 character is + <computeroutput>BSTR</computeroutput> (or its constant counterpart + <computeroutput>CBSTR</computeroutput>), which is an array type, + represented by a pointer to the start of the zero-terminated string. + There are functions for converting between UTF-8 and UTF-16 strings + available through <code>g_pVBoxFuncs</code>: + <screen>int (*pfnUtf16ToUtf8)(CBSTR pwszString, char **ppszString); +int (*pfnUtf8ToUtf16)(const char *pszString, BSTR *ppwszString);</screen></para> + + <para>The ownership of a string determines who is responsible for + releasing resources associated with the string. Whenever the API + creates a string (essentially for output parameters), ownership is + transferred to the caller. To avoid resource leaks, the caller + should release resources once the string is no longer needed. + There are plenty of examples in the sample code.</para> + </sect3> + + <sect3 id="c-safearray"> + <title>Array handling</title> + + <para>Arrays are handled somewhat similarly to strings, with the + additional information of the number of elements in the array. The + exact details of string passing depends on the platform middleware + (COM/XPCOM), and therefore the C binding offers helper functions to + gloss over these differences.</para> + + <para>Passing arrays as input parameters to API methods is usually + done by the following sequence, calling a hypothetical + <code>IArrayDemo_PassArray</code> API method: + <screen>static const ULONG aElements[] = { 1, 2, 3, 4 }; +ULONG cElements = sizeof(aElements) / sizeof(aElements[0]); +SAFEARRAY *psa = NULL; +psa = g_pVBoxFuncs->pfnSafeArrayCreateVector(VT_I4, 0, cElements); +g_pVBoxFuncs->pfnSafeArrayCopyInParamHelper(psa, aElements, sizeof(aElements)); +IArrayDemo_PassArray(pThis, ComSafeArrayAsInParam(psa)); +g_pVBoxFuncs->pfnSafeArrayDestroy(psa);</screen></para> + + <para>Likewise, getting arrays results from output parameters is done + using helper functions which manage memory allocations as part of + their other functionality: + <screen>SAFEARRAY *psa = g_pVBoxFuncs->pfnSafeArrayOutParamAlloc(); +ULONG *pData; +ULONG cElements; +IArrayDemo_ReturnArray(pThis, ComSafeArrayAsOutTypeParam(psa, ULONG)); +g_pVBoxFuncs->pfnSafeArrayCopyOutParamHelper((void **)&pData, &cElements, VT_I4, psa); +g_pVBoxFuncs->pfnSafeArrayDestroy(psa);</screen></para> + + <para>This covers the necessary functionality for all array element + types except interface references. These need special helpers to + manage the reference counting correctly. The following code snippet + gets the list of VMs, and passes the first IMachine reference to + another API function (assuming that there is at least one element + in the array, to simplify the example): + <screen>SAFEARRAY psa = g_pVBoxFuncs->pfnSafeArrayOutParamAlloc(); +IMachine **machines = NULL; +ULONG machineCnt = 0; +ULONG i; +IVirtualBox_get_Machines(virtualBox, ComSafeArrayAsOutIfaceParam(machinesSA, IMachine *)); +g_pVBoxFuncs->pfnSafeArrayCopyOutIfaceParamHelper((IUnknown ***)&machines, &machineCnt, machinesSA); +g_pVBoxFuncs->pfnSafeArrayDestroy(machinesSA); +/* Now "machines" contains the IMachine references, and machineCnt the + * number of elements in the array. */ +... +SAFEARRAY *psa = g_pVBoxFuncs->pfnSafeArrayCreateVector(VT_IUNKNOWN, 0, 1); +g_pVBoxFuncs->pfnSafeArrayCopyInParamHelper(psa, (void *)&machines[0], sizeof(machines[0])); +IVirtualBox_GetMachineStates(ComSafeArrayAsInParam(psa), ...); +... +g_pVBoxFuncs->pfnSafeArrayDestroy(psa); +for (i = 0; i < machineCnt; ++i) +{ + IMachine *machine = machines[i]; + IMachine_Release(machine); +} +free(machines);</screen></para> + + <para>Handling output parameters needs more special effort than + input parameters, thus only for the former there are special helpers, + and the latter is handled through the generic array support.</para> + </sect3> + + <sect3 id="c-eventhandling"> + <title>Event handling</title> + + <para>The VirtualBox API offers two types of event handling, active + and passive, and consequently there is support for both with the + C API binding. Active event handling (based on asynchronous + callback invocation for event delivery) is more difficult, as it + requires the construction of valid C++ objects in C, which is + inherently platform and compiler dependent. Passive event handling + is much simpler, it relies on an event loop, fetching events and + triggering the necessary handlers explicitly in the API client code. + Both approaches depend on an event loop to make sure that events + get delivered in a timely manner, with differences what exactly needs + to be done.</para> + + <para>The C API sample contains code for both event handling styles, + and one has to modify the appropriate <code>#define</code> to select + which style is actually used by the compiled program. It allows a + good comparison between the two variants, and the code sequences are + probably worth reusing without much change in other API clients + with only minor adaptions.</para> + + <para>Active event handling needs to ensure that the following helper + function is called frequently enough in the primary thread: + <screen>g_pVBoxFuncs->pfnProcessEventQueue(cTimeoutMS);</screen></para> + + <para>The actual event handler implementation is quite tedious, as + it has to implement a complete API interface. Especially on Windows + it is a lot of work to implement the complicated + <code>IDispatch</code> interface, requiring to load COM type + information and using it in the <code>IDispatch</code> method + implementation. Overall this is quite tedious compared to passive + event handling.</para> + + <para>Passive event handling uses a similar event loop structure, + which requires calling the following function in a loop, and + processing the returned event appropriately: + <screen>rc = IEventSource_GetEvent(pEventSource, pListener, cTimeoutMS, &pEvent);</screen></para> + + <para>After processing the event it needs to be marked as processed + with the following method call: + <screen>rc = IEventSource_EventProcessed(pEventSource, pListener, pEvent);</screen></para> + + <para>This is vital for vetoable events, as they would be stuck + otherwise, waiting whether the veto comes or not. It does not do any + harm for other event types, and in the end is cheaper than checking + if the event at hand is vetoable or not.</para> + + <para>The general event handling concepts are described in the API + specification (see <xref linkend="events"/>), including how to + aggregate multiple event sources for processing in one event loop. + As mentioned, the sample illustrates the practical aspects of how to + use both types of event handling, active and passive, from a C + application. Additional hints are in the comments documenting + the helper methods in + <computeroutput>VBoxCAPI_v4_3.h</computeroutput>. The code complexity + of active event handling (and its inherenly platform/compiler + specific aspects) should be motivation to use passive event handling + whereever possible.</para> + </sect3> + + <sect3 id="c-uninitialization"> + <title>C API uninitialization</title> + + <para>Uninitialization is performed by + <computeroutput>g_pVBoxFuncs->pfnClientUninitialize().</computeroutput> + If your program can exit from more than one place, it is a good idea + to install this function as an exit handler with Standard C's + <computeroutput>atexit()</computeroutput> just after calling + <computeroutput>g_pVBoxFuncs->pfnClientInitialize()</computeroutput> + , e.g. <screen>#include <stdlib.h> +#include <stdio.h> + +... + +/* + * Make sure g_pVBoxFuncs->pfnClientUninitialize() is called at exit, no + * matter if we return from the initial call to main or call exit() + * somewhere else. Note that atexit registered functions are not + * called upon abnormal termination, i.e. when calling abort() or + * signal(). + */ + +if (atexit(g_pVBoxFuncs->pfnClientUninitialize()) != 0) { + fprintf(stderr, "failed to register g_pVBoxFuncs->pfnClientUninitialize()\n"); + exit(EXIT_FAILURE); +}</screen></para> + + <para>Another idea would be to write your own <computeroutput>void + myexit(int status)</computeroutput> function, calling + <computeroutput>g_pVBoxFuncs->pfnClientUninitialize()</computeroutput> + followed by the real <computeroutput>exit()</computeroutput>, and + use it instead of <computeroutput>exit()</computeroutput> throughout + your program and at the end of + <computeroutput>main.</computeroutput></para> + + <para>If you expect the program to be terminated by a signal (e.g. + user types CTRL-C sending SIGINT) you might want to install a signal + handler setting a flag noting that a signal was sent and then + calling + <computeroutput>g_pVBoxFuncs->pfnClientUninitialize()</computeroutput> + later on, <emphasis>not</emphasis> from the handler itself.</para> + + <para>That said, if a client program forgets to call + <computeroutput>g_pVBoxFuncs->pfnClientUninitialize()</computeroutput> + before it terminates, there is a mechanism in place which will + eventually release references held by the client. On Windows it can + take quite a while, in the order of 6-7 minutes.</para> + </sect3> + + <sect3 id="c-linking"> + <title>Compiling and linking</title> + + <para>A program using the C binding has to open the library during + runtime using the help of glue code provided and as shown in the + example <computeroutput>tstCAPIGlue.c</computeroutput>. + Compilation and linking can be achieved with a makefile fragment + similar to:<screen># Where is the SDK directory? +PATH_SDK = ../../.. +CAPI_INC = -I$(PATH_SDK)/bindings/c/include +ifeq ($(BUILD_PLATFORM),win) +PLATFORM_INC = -I$(PATH_SDK)/bindings/mscom/include +PLATFORM_LIB = $(PATH_SDK)/bindings/mscom/lib +else +PLATFORM_INC = -I$(PATH_SDK)/bindings/xpcom/include +PLATFORM_LIB = $(PATH_SDK)/bindings/xpcom/lib +endif +GLUE_DIR = $(PATH_SDK)/bindings/c/glue +GLUE_INC = -I$(GLUE_DIR) + +# Compile Glue Library +VBoxCAPIGlue.o: $(GLUE_DIR)/VBoxCAPIGlue.c + $(CC) $(CFLAGS) $(CAPI_INC) $(PLATFORM_INC) $(GLUE_INC) -o $@ -c $< + +# Compile interface ID list +VirtualBox_i.o: $(PLATFORM_LIB)/VirtualBox_i.c + $(CC) $(CFLAGS) $(CAPI_INC) $(PLATFORM_INC) $(GLUE_INC) -o $@ -c $< + +# Compile program code +program.o: program.c + $(CC) $(CFLAGS) $(CAPI_INC) $(PLATFORM_INC) $(GLUE_INC) -o $@ -c $< + +# Link program. +program: program.o VBoxCAPICGlue.o VirtualBox_i.o + $(CC) -o $@ $^ -ldl -lpthread</screen></para> + </sect3> + + <sect3 id="capi_conversion"> + <title>Conversion of code using legacy C binding</title> + + <para>This section aims to make the task of converting code using + the legacy C binding to the new style a breeze, by pointing out some + key steps.</para> + + <para>One necessary change is adjusting your Makefile to reflect the + different include paths. See above. There are now 3 relevant include + directories, and most of it is pointing to the C binding directory. + The XPCOM include directory is still relevant for platforms where + the XPCOM middleware is used, but most of the include files live + elsewhere now, so it's good to have it last. Additionally the + <computeroutput>VirtualBox_i.c</computeroutput> file needs to be + compiled and linked to the program, it contains the IIDs relevant + for the VirtualBox API, making sure they are not replicated endlessly + if the code refers to them frequently.</para> + + <para>The C API client code should include + <computeroutput>VBoxCAPIGlue.h</computeroutput> instead of + <computeroutput>VBoxXPCOMCGlue.h</computeroutput> or + <computeroutput>VBoxCAPI_v4_3.h</computeroutput>, as this makes sure + the correct macros and internal translations are selected.</para> + + <para>All API method calls (anything mentioning <code>vtbl</code>) + should be rewritten using the convenience macros for calling methods, + as these hide the internal details, are generally easier to use and + shorter to type. You should remove as many as possible + <code>(nsISupports **)</code> or similar typecasts, as the new style + should use the correct type in most places, increasing the type + safety in case of an error in the source code.</para> + + <para>To gloss over the platform differences, API client code should + no longer rely on XPCOM specific interface names such as + <code>nsISupports</code>, <code>nsIException</code> and + <code>nsIEventQueue</code>, and replace them by the platform + independent interface names <code>IUnknown</code> and + <code>IErrorInfo</code> for the first two respectively. Event queue + handling should be replaced by using the platform independent way + described in <xref linkend="c-eventhandling"/>.</para> + + <para>Finally adjust the string and array handling to use the new + helpers, as these make sure the code works without changes with + both COM and XPCOM, which are significantly different in this area. + The code should be double checked if it uses the correct way to + manage memory, and is freeing it only after the last use.</para> + </sect3> + + <sect3 id="xpcom_cbinding"> + <title>Legacy C binding to VirtualBox API for XPCOM</title> + + <note> + <para>This section applies to Linux, Mac OS X and Solaris + hosts only and describes deprecated use of the API from C.</para> + </note> + + <para>Starting with version 2.2, VirtualBox offers a C binding for + its API which works only on platforms using XPCOM. Refer to the + old SDK documentation (included in the SDK packages for version 4.3.6 + or earlier), it still applies unchanged. The fundamental concepts are + similar (but the syntactical details are quite different) to the + newer cross-platform C binding which should be used for all new code, + as the support for the old C binding will go away in a major release + after version 4.3.</para> + </sect3> + </sect2> + </sect1> + </chapter> + + <chapter id="concepts"> + <title>Basic VirtualBox concepts; some examples</title> + + <para>The following explains some basic VirtualBox concepts such as the + VirtualBox object, sessions and how virtual machines are manipulated and + launched using the Main API. The coding examples use a pseudo-code style + closely related to the object-oriented web service (OOWS) for JAX-WS. + Depending on which environment you are using, you will need to adjust the + examples.</para> + + <sect1> + <title>Obtaining basic machine information. Reading attributes</title> + + <para>Any program using the Main API will first need access to the + global VirtualBox object (see + <link linkend="IVirtualBox">IVirtualBox</link>), from which all other + functionality of the API is derived. With the OOWS for JAX-WS, this is + returned from the + <link linkend="IWebsessionManager__logon">IWebsessionManager::logon()</link> + call.</para> + + <para>To enumerate virtual machines, one would look at the "machines" + array attribute in the VirtualBox object (see + <link linkend="IVirtualBox__machines">IVirtualBox::machines</link>). + This array contains all virtual machines currently registered with the + host, each of them being an instance of + <link linkend="IMachine">IMachine</link>. + From each such instance, one can query additional information, such as + the UUID, the name, memory, operating system and more by looking at the + attributes; see the attributes list in + <link linkend="IMachine">IMachine</link> documentation.</para> + + <para>As mentioned in the preceding chapters, depending on your + programming environment, attributes are mapped to corresponding "get" + and (if the attribute is not read-only) "set" methods. So when the + documentation says that IMachine has a + "<link linkend="IMachine__name">name</link>" attribute, this means you + need to code something + like the following to get the machine's name: + <screen>IMachine machine = ...; +String name = machine.getName();</screen> + Boolean attribute getters can sometimes be called + <computeroutput>isAttribute()</computeroutput> due to JAX-WS naming + conventions.</para> + </sect1> + + <sect1> + <title>Changing machine settings: Sessions</title> + + <para>As said in the previous section, to read a machine's attribute, + one invokes the corresponding "get" method. One would think that to + change settings of a machine, it would suffice to call the corresponding + "set" method -- for example, to set a VM's memory to 1024 MB, one would + call <computeroutput>setMemorySize(1024)</computeroutput>. Try that, and + you will get an error: "The machine is not mutable."</para> + + <para>So unfortunately, things are not that easy. VirtualBox is a + complicated environment in which multiple processes compete for possibly + the same resources, especially machine settings. As a result, machines + must be "locked" before they can either be modified or started. This is + to prevent multiple processes from making conflicting changes to a + machine: it should, for example, not be allowed to change the memory + size of a virtual machine while it is running. (You can't add more + memory to a real computer while it is running either, at least not to an + ordinary PC.) Also, two processes must not change settings at the same + time, or start a machine at the same time.</para> + + <para>These requirements are implemented in the Main API by way of + "sessions", in particular, the <link linkend="ISession">ISession</link> + interface. Each process which talks to + VirtualBox needs its own instance of ISession. In the web service, you + can request the creation of such an object by calling + <link linkend="IWebsessionManager__getSessionObject">IWebsessionManager::getSessionObject()</link>. + More complex management tasks might need multiple instances of ISession, + and each call returns a new one.</para> + + <para>This session object must then be used like a mutex semaphore in + common programming environments. Before you can change machine settings, + you must write-lock the machine by calling + <link linkend="IMachine__lockMachine">IMachine::lockMachine()</link> + with your process's session object.</para> + + <para>After the machine has been locked, the + <link linkend="ISession__machine">ISession::machine</link> attribute + contains a copy of the original IMachine object upon which the session + was opened, but this copy is "mutable": you can invoke "set" methods on + it.</para> + + <para>When done making the changes to the machine, you must call + <link linkend="IMachine__saveSettings">IMachine::saveSettings()</link>, + which will copy the changes you have made from your "mutable" machine + back to the real machine and write them out to the machine settings XML + file. This will make your changes permanent.</para> + + <para>Finally, it is important to always unlock the machine again, by + calling + <link linkend="ISession__unlockMachine">ISession::unlockMachine()</link>. + Otherwise, when the calling process end, the machine will receive the + "aborted" state, which can lead to loss of data.</para> + + <para>So, as an example, the sequence to change a machine's memory to + 1024 MB is something like this:<screen>IWebsessionManager mgr ...; +IVirtualBox vbox = mgr.logon(user, pass); +... +IMachine machine = ...; // read-only machine +ISession session = mgr.getSessionObject(); +machine.lockMachine(session, LockType.Write); // machine is now locked for writing +IMachine mutable = session.getMachine(); // obtain the mutable machine copy +mutable.setMemorySize(1024); +mutable.saveSettings(); // write settings to XML +session.unlockMachine();</screen></para> + </sect1> + + <sect1> + <title>Launching virtual machines</title> + + <para>To launch a virtual machine, you call + <link linkend="IMachine__launchVMProcess">IMachine::launchVMProcess()</link>. + In doing so, the caller instructs the VirtualBox engine to start a new + process with the virtual machine in it, since to the host, each virtual + machine looks like single process, even if it has hundreds of its own + processes inside. (This new VM process in turn obtains a write lock on + the machine, as described above, to prevent conflicting changes from + other processes; this is why opening another session will fail while the + VM is running.)</para> + + <para>Starting a machine looks something like this: + <screen>IWebsessionManager mgr ...; +IVirtualBox vbox = mgr.logon(user, pass); +... +IMachine machine = ...; // read-only machine +ISession session = mgr.getSessionObject(); +IProgress prog = machine.launchVMProcess(session, + "gui", // session type + ""); // possibly environment setting +prog.waitForCompletion(10000); // give the process 10 secs +if (prog.getResultCode() != 0) // check success + System.out.println("Cannot launch VM!")</screen></para> + + <para>The caller's session object can then be used as a sort of remote + control to the VM process that was launched. It contains a "console" + object (see <link linkend="ISession__console">ISession::console</link>) + with which the VM can be paused, + stopped, snapshotted or other things.</para> + </sect1> + + <sect1 id="events"> + <title>VirtualBox events</title> + + <para>In VirtualBox, "events" provide a uniform mechanism to register + for and consume specific events. A VirtualBox client can register an + "event listener" (represented by the + <link linkend="IEventListener">IEventListener</link> interface), which + will then get notified by the server when an event (represented by the + <link linkend="IEvent">IEvent</link> interface) happens.</para> + + <para>The IEvent interface is an abstract parent interface for all + events that can occur in VirtualBox. The actual events that the server + sends out are then of one of the specific subclasses, for example + <link linkend="IMachineStateChangedEvent">IMachineStateChangedEvent</link> + or + <link linkend="IMediumChangedEvent">IMediumChangedEvent</link>.</para> + + <para>As an example, the VirtualBox GUI waits for machine events and can + thus update its display when the machine state changes or machine + settings are modified, even if this happens in another client. This is + how the GUI can automatically refresh its display even if you manipulate + a machine from another client, for example, from VBoxManage.</para> + + <para>To register an event listener to listen to events, use code like + this:<screen>EventSource es = console.getEventSource(); +IEventListener listener = es.createListener(); +VBoxEventType aTypes[] = (VBoxEventType.OnMachineStateChanged); + // list of event types to listen for +es.registerListener(listener, aTypes, false /* active */); + // register passive listener +IEvent ev = es.getEvent(listener, 1000); + // wait up to one second for event to happen +if (ev != null) +{ + // downcast to specific event interface (in this case we have only registered + // for one type, otherwise IEvent::type would tell us) + IMachineStateChangedEvent mcse = IMachineStateChangedEvent.queryInterface(ev); + ... // inspect and do something + es.eventProcessed(listener, ev); +} +... +es.unregisterListener(listener); </screen></para> + + <para>A graphical user interface would probably best start its own + thread to wait for events and then process these in a loop.</para> + + <para>The events mechanism was introduced with VirtualBox 3.3 and + replaces various callback interfaces which were called for each event in + the interface. The callback mechanism was not compatible with scripting + languages, local Java bindings and remote web services as they do not + support callbacks. The new mechanism with events and event listeners + works with all of these.</para> + + <para>To simplify developement of application using events, concept of + event aggregator was introduced. Essentially it's mechanism to aggregate + multiple event sources into single one, and then work with this single + aggregated event source instead of original sources. As an example, one + can evaluate demo recorder in VirtualBox Python shell, shipped with SDK + - it records mouse and keyboard events, represented as separate event + sources. Code is essentially like this:<screen> + listener = console.eventSource.createListener() + agg = console.eventSource.createAggregator([console.keyboard.eventSource, console.mouse.eventSource]) + agg.registerListener(listener, [ctx['global'].constants.VBoxEventType_Any], False) + registered = True + end = time.time() + dur + while time.time() < end: + ev = agg.getEvent(listener, 1000) + processEent(ev) + agg.unregisterListener(listener)</screen> Without using aggregators + consumer have to poll on both sources, or start multiple threads to + block on those sources.</para> + </sect1> + </chapter> + + <chapter id="vboxshell"> + <title>The VirtualBox shell</title> + + <para>VirtualBox comes with an extensible shell, which allows you to + control your virtual machines from the command line. It is also a + nontrivial example of how to use the VirtualBox APIs from Python, for all + three COM/XPCOM/WS styles of the API.</para> + + <para>You can easily extend this shell with your own commands. Create a + subdirectory named + <computeroutput>.config/VirtualBox/shexts</computeroutput> below your home + directory (respectively <computeroutput>.VirtualBox/shexts</computeroutput> + on a Windows system and + <computeroutput>Library/VirtualBox/shexts</computeroutput> on OS X) and put + a Python file implementing your shell extension commands in this directory. + This file must contain an array named + <computeroutput>commands</computeroutput> containing your command + definitions: <screen> + commands = { + 'cmd1': ['Command cmd1 help', cmd1], + 'cmd2': ['Command cmd2 help', cmd2] + } + </screen> For example, to create a command for creating hard drive + images, the following code can be used: <screen> + def createHdd(ctx,args): + # Show some meaningful error message on wrong input + if (len(args) < 3): + print "usage: createHdd sizeM location type" + return 0 + + # Get arguments + size = int(args[1]) + loc = args[2] + if len(args) > 3: + format = args[3] + else: + # And provide some meaningful defaults + format = "vdi" + + # Call VirtualBox API, using context's fields + hdd = ctx['vb'].createMedium(format, loc, ctx['global'].constants.AccessMode_ReadWrite, \ + ctx['global'].constants.DeviceType_HardDisk) + # Access constants using ctx['global'].constants + progress = hdd.createBaseStorage(size, (ctx['global'].constants.MediumVariant_Standard, )) + # use standard progress bar mechanism + ctx['progressBar'](progress) + + + # Report errors + if not hdd.id: + print "cannot create disk (file %s exist?)" %(loc) + return 0 + + # Give user some feedback on success too + print "created HDD with id: %s" %(hdd.id) + + # 0 means continue execution, other values mean exit from the interpreter + return 0 + + commands = { + 'myCreateHDD': ['Create virtual HDD, createHdd size location type', createHdd] + } + </screen> Just store the above text in the file + <computeroutput>createHdd</computeroutput> (or any other meaningful name) + in <computeroutput>.config/VirtualBox/shexts/</computeroutput>. Start the + VirtualBox shell, or just issue the + <computeroutput>reloadExts</computeroutput> command, if the shell is + already running. Your new command will now be available.</para> + </chapter> + + <xi:include href="SDKRef_apiref.xml" xpointer="xpointer(/book/*)" + xmlns:xi="http://www.w3.org/2001/XInclude" /> + + <chapter id="hgcm"> + <title>Host-Guest Communication Manager</title> + + <para>The VirtualBox Host-Guest Communication Manager (HGCM) allows a + guest application or a guest driver to call a host shared library. The + following features of VirtualBox are implemented using HGCM: <itemizedlist> + <listitem> + <para>Shared Folders</para> + </listitem> + + <listitem> + <para>Shared Clipboard</para> + </listitem> + + <listitem> + <para>Guest configuration interface</para> + </listitem> + </itemizedlist></para> + + <para>The shared library contains a so called HGCM service. The guest HGCM + clients establish connections to the service to call it. When calling a + HGCM service the client supplies a function code and a number of + parameters for the function.</para> + + <sect1> + <title>Virtual hardware implementation</title> + + <para>HGCM uses the VMM virtual PCI device to exchange data between the + guest and the host. The guest always acts as an initiator of requests. A + request is constructed in the guest physical memory, which must be + locked by the guest. The physical address is passed to the VMM device + using a 32-bit <computeroutput>out edx, eax</computeroutput> + instruction. The physical memory must be allocated below 4GB by 64-bit + guests.</para> + + <para>The host parses the request header and data and queues the request + for a host HGCM service. The guest continues execution and usually waits + on a HGCM event semaphore.</para> + + <para>When the request has been processed by the HGCM service, the VMM + device sets the completion flag in the request header, sets the HGCM + event and raises an IRQ for the guest. The IRQ handler signals the HGCM + event semaphore and all HGCM callers check the completion flag in the + corresponding request header. If the flag is set, the request is + considered completed.</para> + </sect1> + + <sect1> + <title>Protocol specification</title> + + <para>The HGCM protocol definitions are contained in the + <computeroutput>VBox/VBoxGuest.h</computeroutput></para> + + <sect2> + <title>Request header</title> + + <para>HGCM request structures contains a generic header + (VMMDevHGCMRequestHeader): <table> + <title>HGCM Request Generic Header</title> + + <tgroup cols="2"> + <tbody> + <row> + <entry><emphasis role="bold">Name</emphasis></entry> + + <entry><emphasis role="bold">Description</emphasis></entry> + </row> + + <row> + <entry>size</entry> + + <entry>Size of the entire request.</entry> + </row> + + <row> + <entry>version</entry> + + <entry>Version of the header, must be set to + <computeroutput>0x10001</computeroutput>.</entry> + </row> + + <row> + <entry>type</entry> + + <entry>Type of the request.</entry> + </row> + + <row> + <entry>rc</entry> + + <entry>HGCM return code, which will be set by the VMM + device.</entry> + </row> + + <row> + <entry>reserved1</entry> + + <entry>A reserved field 1.</entry> + </row> + + <row> + <entry>reserved2</entry> + + <entry>A reserved field 2.</entry> + </row> + + <row> + <entry>flags</entry> + + <entry>HGCM flags, set by the VMM device.</entry> + </row> + + <row> + <entry>result</entry> + + <entry>The HGCM result code, set by the VMM device.</entry> + </row> + </tbody> + </tgroup> + </table> <note> + <itemizedlist> + <listitem> + <para>All fields are 32-bit.</para> + </listitem> + + <listitem> + <para>Fields from <computeroutput>size</computeroutput> to + <computeroutput>reserved2</computeroutput> are a standard VMM + device request header, which is used for other interfaces as + well.</para> + </listitem> + </itemizedlist> + </note></para> + + <para>The <emphasis role="bold">type</emphasis> field indicates the + type of the HGCM request: <table> + <title>Request Types</title> + + <tgroup cols="2"> + <tbody> + <row> + <entry><emphasis role="bold">Name (decimal + value)</emphasis></entry> + + <entry><emphasis role="bold">Description</emphasis></entry> + </row> + + <row> + <entry>VMMDevReq_HGCMConnect + (<computeroutput>60</computeroutput>)</entry> + + <entry>Connect to a HGCM service.</entry> + </row> + + <row> + <entry>VMMDevReq_HGCMDisconnect + (<computeroutput>61</computeroutput>)</entry> + + <entry>Disconnect from the service.</entry> + </row> + + <row> + <entry>VMMDevReq_HGCMCall32 + (<computeroutput>62</computeroutput>)</entry> + + <entry>Call a HGCM function using the 32-bit + interface.</entry> + </row> + + <row> + <entry>VMMDevReq_HGCMCall64 + (<computeroutput>63</computeroutput>)</entry> + + <entry>Call a HGCM function using the 64-bit + interface.</entry> + </row> + + <row> + <entry>VMMDevReq_HGCMCancel + (<computeroutput>64</computeroutput>)</entry> + + <entry>Cancel a HGCM request currently being processed by a + host HGCM service.</entry> + </row> + </tbody> + </tgroup> + </table></para> + + <para>The <emphasis role="bold">flags</emphasis> field may contain: + <table> + <title>Flags</title> + + <tgroup cols="2"> + <tbody> + <row> + <entry><emphasis role="bold">Name (hexadecimal + value)</emphasis></entry> + + <entry><emphasis role="bold">Description</emphasis></entry> + </row> + + <row> + <entry>VBOX_HGCM_REQ_DONE + (<computeroutput>0x00000001</computeroutput>)</entry> + + <entry>The request has been processed by the host + service.</entry> + </row> + + <row> + <entry>VBOX_HGCM_REQ_CANCELLED + (<computeroutput>0x00000002</computeroutput>)</entry> + + <entry>This request was cancelled.</entry> + </row> + </tbody> + </tgroup> + </table></para> + </sect2> + + <sect2> + <title>Connect</title> + + <para>The connection request must be issued by the guest HGCM client + before it can call the HGCM service (VMMDevHGCMConnect): <table> + <title>Connect request</title> + + <tgroup cols="2"> + <tbody> + <row> + <entry><emphasis role="bold">Name</emphasis></entry> + + <entry><emphasis role="bold">Description</emphasis></entry> + </row> + + <row> + <entry>header</entry> + + <entry>The generic HGCM request header with type equal to + VMMDevReq_HGCMConnect + (<computeroutput>60</computeroutput>).</entry> + </row> + + <row> + <entry>type</entry> + + <entry>The type of the service location information (32 + bit).</entry> + </row> + + <row> + <entry>location</entry> + + <entry>The service location information (128 bytes).</entry> + </row> + + <row> + <entry>clientId</entry> + + <entry>The client identifier assigned to the connecting + client by the HGCM subsystem (32-bit).</entry> + </row> + </tbody> + </tgroup> + </table> The <emphasis role="bold">type</emphasis> field tells the + HGCM how to look for the requested service: <table> + <title>Location Information Types</title> + + <tgroup cols="2"> + <tbody> + <row> + <entry><emphasis role="bold">Name (hexadecimal + value)</emphasis></entry> + + <entry><emphasis role="bold">Description</emphasis></entry> + </row> + + <row> + <entry>VMMDevHGCMLoc_LocalHost + (<computeroutput>0x1</computeroutput>)</entry> + + <entry>The requested service is a shared library located on + the host and the location information contains the library + name.</entry> + </row> + + <row> + <entry>VMMDevHGCMLoc_LocalHost_Existing + (<computeroutput>0x2</computeroutput>)</entry> + + <entry>The requested service is a preloaded one and the + location information contains the service name.</entry> + </row> + </tbody> + </tgroup> + </table> <note> + <para>Currently preloaded HGCM services are hard-coded in + VirtualBox: <itemizedlist> + <listitem> + <para>VBoxSharedFolders</para> + </listitem> + + <listitem> + <para>VBoxSharedClipboard</para> + </listitem> + + <listitem> + <para>VBoxGuestPropSvc</para> + </listitem> + + <listitem> + <para>VBoxSharedOpenGL</para> + </listitem> + </itemizedlist></para> + </note> There is no difference between both types of HGCM services, + only the location mechanism is different.</para> + + <para>The client identifier is returned by the host and must be used + in all subsequent requests by the client.</para> + </sect2> + + <sect2> + <title>Disconnect</title> + + <para>This request disconnects the client and makes the client + identifier invalid (VMMDevHGCMDisconnect): <table> + <title>Disconnect request</title> + + <tgroup cols="2"> + <tbody> + <row> + <entry><emphasis role="bold">Name</emphasis></entry> + + <entry><emphasis role="bold">Description</emphasis></entry> + </row> + + <row> + <entry>header</entry> + + <entry>The generic HGCM request header with type equal to + VMMDevReq_HGCMDisconnect + (<computeroutput>61</computeroutput>).</entry> + </row> + + <row> + <entry>clientId</entry> + + <entry>The client identifier previously returned by the + connect request (32-bit).</entry> + </row> + </tbody> + </tgroup> + </table></para> + </sect2> + + <sect2> + <title>Call32 and Call64</title> + + <para>Calls the HGCM service entry point (VMMDevHGCMCall) using 32-bit + or 64-bit addresses: <table> + <title>Call request</title> + + <tgroup cols="2"> + <tbody> + <row> + <entry><emphasis role="bold">Name</emphasis></entry> + + <entry><emphasis role="bold">Description</emphasis></entry> + </row> + + <row> + <entry>header</entry> + + <entry>The generic HGCM request header with type equal to + either VMMDevReq_HGCMCall32 + (<computeroutput>62</computeroutput>) or + VMMDevReq_HGCMCall64 + (<computeroutput>63</computeroutput>).</entry> + </row> + + <row> + <entry>clientId</entry> + + <entry>The client identifier previously returned by the + connect request (32-bit).</entry> + </row> + + <row> + <entry>function</entry> + + <entry>The function code to be processed by the service (32 + bit).</entry> + </row> + + <row> + <entry>cParms</entry> + + <entry>The number of following parameters (32-bit). This + value is 0 if the function requires no parameters.</entry> + </row> + + <row> + <entry>parms</entry> + + <entry>An array of parameter description structures + (HGCMFunctionParameter32 or + HGCMFunctionParameter64).</entry> + </row> + </tbody> + </tgroup> + </table></para> + + <para>The 32-bit parameter description (HGCMFunctionParameter32) + consists of 32-bit type field and 8 bytes of an opaque value, so 12 + bytes in total. The 64-bit variant (HGCMFunctionParameter64) consists + of the type and 12 bytes of a value, so 16 bytes in total.</para> + + <para><table> + <title>Parameter types</title> + + <tgroup cols="2"> + <tbody> + <row> + <entry><emphasis role="bold">Type</emphasis></entry> + + <entry><emphasis role="bold">Format of the + value</emphasis></entry> + </row> + + <row> + <entry>VMMDevHGCMParmType_32bit (1)</entry> + + <entry>A 32-bit value.</entry> + </row> + + <row> + <entry>VMMDevHGCMParmType_64bit (2)</entry> + + <entry>A 64-bit value.</entry> + </row> + + <row> + <entry>VMMDevHGCMParmType_PhysAddr (3)</entry> + + <entry>A 32-bit size followed by a 32-bit or 64-bit guest + physical address.</entry> + </row> + + <row> + <entry>VMMDevHGCMParmType_LinAddr (4)</entry> + + <entry>A 32-bit size followed by a 32-bit or 64-bit guest + linear address. The buffer is used both for guest to host + and for host to guest data.</entry> + </row> + + <row> + <entry>VMMDevHGCMParmType_LinAddr_In (5)</entry> + + <entry>Same as VMMDevHGCMParmType_LinAddr but the buffer is + used only for host to guest data.</entry> + </row> + + <row> + <entry>VMMDevHGCMParmType_LinAddr_Out (6)</entry> + + <entry>Same as VMMDevHGCMParmType_LinAddr but the buffer is + used only for guest to host data.</entry> + </row> + + <row> + <entry>VMMDevHGCMParmType_LinAddr_Locked (7)</entry> + + <entry>Same as VMMDevHGCMParmType_LinAddr but the buffer is + already locked by the guest.</entry> + </row> + + <row> + <entry>VMMDevHGCMParmType_LinAddr_Locked_In (1)</entry> + + <entry>Same as VMMDevHGCMParmType_LinAddr_In but the buffer + is already locked by the guest.</entry> + </row> + + <row> + <entry>VMMDevHGCMParmType_LinAddr_Locked_Out (1)</entry> + + <entry>Same as VMMDevHGCMParmType_LinAddr_Out but the buffer + is already locked by the guest.</entry> + </row> + </tbody> + </tgroup> + </table></para> + + <para>The</para> + </sect2> + + <sect2> + <title>Cancel</title> + + <para>This request cancels a call request (VMMDevHGCMCancel): <table> + <title>Cancel request</title> + + <tgroup cols="2"> + <tbody> + <row> + <entry><emphasis role="bold">Name</emphasis></entry> + + <entry><emphasis role="bold">Description</emphasis></entry> + </row> + + <row> + <entry>header</entry> + + <entry>The generic HGCM request header with type equal to + VMMDevReq_HGCMCancel + (<computeroutput>64</computeroutput>).</entry> + </row> + </tbody> + </tgroup> + </table></para> + </sect2> + </sect1> + + <sect1> + <title>Guest software interface</title> + + <para>The guest HGCM clients can call HGCM services from both drivers + and applications.</para> + + <sect2> + <title>The guest driver interface</title> + + <para>The driver interface is implemented in the VirtualBox guest + additions driver (VBoxGuest), which works with the VMM virtual device. + Drivers must use the VBox Guest Library (VBGL), which provides an API + for HGCM clients (<computeroutput>VBox/VBoxGuestLib.h</computeroutput> + and <computeroutput>VBox/VBoxGuest.h</computeroutput>).</para> + + <para><screen> +DECLR0VBGL(int) VbglR0HGCMConnect(VBGLHGCMHANDLE *pHandle, const char *pszServiceName, HGCMCLIENTID *pidClient); + </screen> Connects to the service: <screen> + VBoxGuestHGCMConnectInfo data; + + memset(&data, sizeof(VBoxGuestHGCMConnectInfo)); + + data.result = VINF_SUCCESS; + data.Loc.type = VMMDevHGCMLoc_LocalHost_Existing; + strcpy (data.Loc.u.host.achName, "VBoxSharedFolders"); + + rc = VbglHGCMConnect (&handle, "VBoxSharedFolders"&data); + + if (RT_SUCCESS (rc)) + { + rc = data.result; + } + + if (RT_SUCCESS (rc)) + { + /* Get the assigned client identifier. */ + ulClientID = data.u32ClientID; + } + </screen></para> + + <para><screen> +DECLVBGL(int) VbglHGCMDisconnect (VBGLHGCMHANDLE handle, VBoxGuestHGCMDisconnectInfo *pData); + </screen> Disconnects from the service. <screen> + VBoxGuestHGCMDisconnectInfo data; + + RtlZeroMemory (&data, sizeof (VBoxGuestHGCMDisconnectInfo)); + + data.result = VINF_SUCCESS; + data.u32ClientID = ulClientID; + + rc = VbglHGCMDisconnect (handle, &data); + </screen></para> + + <para><screen> +DECLVBGL(int) VbglHGCMCall (VBGLHGCMHANDLE handle, VBoxGuestHGCMCallInfo *pData, uint32_t cbData); + </screen> Calls a function in the service. <screen> +typedef struct _VBoxSFRead +{ + VBoxGuestHGCMCallInfo callInfo; + + /** pointer, in: SHFLROOT + * Root handle of the mapping which name is queried. + */ + HGCMFunctionParameter root; + + /** value64, in: + * SHFLHANDLE of object to read from. + */ + HGCMFunctionParameter handle; + + /** value64, in: + * Offset to read from. + */ + HGCMFunctionParameter offset; + + /** value64, in/out: + * Bytes to read/How many were read. + */ + HGCMFunctionParameter cb; + + /** pointer, out: + * Buffer to place data to. + */ + HGCMFunctionParameter buffer; + +} VBoxSFRead; + +/** Number of parameters */ +#define SHFL_CPARMS_READ (5) + +... + + VBoxSFRead data; + + /* The call information. */ + data.callInfo.result = VINF_SUCCESS; /* Will be returned by HGCM. */ + data.callInfo.u32ClientID = ulClientID; /* Client identifier. */ + data.callInfo.u32Function = SHFL_FN_READ; /* The function code. */ + data.callInfo.cParms = SHFL_CPARMS_READ; /* Number of parameters. */ + + /* Initialize parameters. */ + data.root.type = VMMDevHGCMParmType_32bit; + data.root.u.value32 = pMap->root; + + data.handle.type = VMMDevHGCMParmType_64bit; + data.handle.u.value64 = hFile; + + data.offset.type = VMMDevHGCMParmType_64bit; + data.offset.u.value64 = offset; + + data.cb.type = VMMDevHGCMParmType_32bit; + data.cb.u.value32 = *pcbBuffer; + + data.buffer.type = VMMDevHGCMParmType_LinAddr_Out; + data.buffer.u.Pointer.size = *pcbBuffer; + data.buffer.u.Pointer.u.linearAddr = (uintptr_t)pBuffer; + + rc = VbglHGCMCall (handle, &data.callInfo, sizeof (data)); + + if (RT_SUCCESS (rc)) + { + rc = data.callInfo.result; + *pcbBuffer = data.cb.u.value32; /* This is returned by the HGCM service. */ + } + </screen></para> + </sect2> + + <sect2> + <title>Guest application interface</title> + + <para>Applications call the VirtualBox Guest Additions driver to + utilize the HGCM interface. There are IOCTL's which correspond to the + <computeroutput>Vbgl*</computeroutput> functions: <itemizedlist> + <listitem> + <para><computeroutput>VBOXGUEST_IOCTL_HGCM_CONNECT</computeroutput></para> + </listitem> + + <listitem> + <para><computeroutput>VBOXGUEST_IOCTL_HGCM_DISCONNECT</computeroutput></para> + </listitem> + + <listitem> + <para><computeroutput>VBOXGUEST_IOCTL_HGCM_CALL</computeroutput></para> + </listitem> + </itemizedlist></para> + + <para>These IOCTL's get the same input buffer as + <computeroutput>VbglHGCM*</computeroutput> functions and the output + buffer has the same format as the input buffer. The same address can + be used as the input and output buffers.</para> + + <para>For example see the guest part of shared clipboard, which runs + as an application and uses the HGCM interface.</para> + </sect2> + </sect1> + + <sect1> + <title>HGCM Service Implementation</title> + + <para>The HGCM service is a shared library with a specific set of entry + points. The library must export the + <computeroutput>VBoxHGCMSvcLoad</computeroutput> entry point: <screen> +extern "C" DECLCALLBACK(DECLEXPORT(int)) VBoxHGCMSvcLoad (VBOXHGCMSVCFNTABLE *ptable) + </screen></para> + + <para>The service must check the + <computeroutput>ptable->cbSize</computeroutput> and + <computeroutput>ptable->u32Version</computeroutput> fields of the + input structure and fill the remaining fields with function pointers of + entry points and the size of the required client buffer size.</para> + + <para>The HGCM service gets a dedicated thread, which calls service + entry points synchronously, that is the service will be called again + only when a previous call has returned. However, the guest calls can be + processed asynchronously. The service must call a completion callback + when the operation is actually completed. The callback can be issued + from another thread as well.</para> + + <para>Service entry points are listed in the + <computeroutput>VBox/hgcmsvc.h</computeroutput> in the + <computeroutput>VBOXHGCMSVCFNTABLE</computeroutput> structure. <table> + <title>Service entry points</title> + + <tgroup cols="2"> + <tbody> + <row> + <entry><emphasis role="bold">Entry</emphasis></entry> + + <entry><emphasis role="bold">Description</emphasis></entry> + </row> + + <row> + <entry>pfnUnload</entry> + + <entry>The service is being unloaded.</entry> + </row> + + <row> + <entry>pfnConnect</entry> + + <entry>A client <computeroutput>u32ClientID</computeroutput> + is connected to the service. The + <computeroutput>pvClient</computeroutput> parameter points to + an allocated memory buffer which can be used by the service to + store the client information.</entry> + </row> + + <row> + <entry>pfnDisconnect</entry> + + <entry>A client is being disconnected.</entry> + </row> + + <row> + <entry>pfnCall</entry> + + <entry>A guest client calls a service function. The + <computeroutput>callHandle</computeroutput> must be used in + the VBOXHGCMSVCHELPERS::pfnCallComplete callback when the call + has been processed.</entry> + </row> + + <row> + <entry>pfnHostCall</entry> + + <entry>Called by the VirtualBox host components to perform + functions which should be not accessible by the guest. Usually + this entry point is used by VirtualBox to configure the + service.</entry> + </row> + + <row> + <entry>pfnSaveState</entry> + + <entry>The VM state is being saved and the service must save + relevant information using the SSM API + (<computeroutput>VBox/ssm.h</computeroutput>).</entry> + </row> + + <row> + <entry>pfnLoadState</entry> + + <entry>The VM is being restored from the saved state and the + service must load the saved information and be able to + continue operations from the saved state.</entry> + </row> + </tbody> + </tgroup> + </table></para> + </sect1> + </chapter> + + <chapter id="rdpweb"> + <title>RDP Web Control</title> + + <para>The VirtualBox <emphasis>RDP Web Control</emphasis> (RDPWeb) + provides remote access to a running VM. RDPWeb is a RDP (Remote Desktop + Protocol) client based on Flash technology and can be used from a Web + browser with a Flash plugin.</para> + + <sect1> + <title>RDPWeb features</title> + + <para>RDPWeb is embedded into a Web page and can connect to VRDP server + in order to displays the VM screen and pass keyboard and mouse events to + the VM.</para> + </sect1> + + <sect1> + <title>RDPWeb reference</title> + + <para>RDPWeb consists of two required components:<itemizedlist> + <listitem> + <para>Flash movie + <computeroutput>RDPClientUI.swf</computeroutput></para> + </listitem> + + <listitem> + <para>JavaScript helpers + <computeroutput>webclient.js</computeroutput></para> + </listitem> + </itemizedlist></para> + + <para>The VirtualBox SDK contains sample HTML code + including:<itemizedlist> + <listitem> + <para>JavaScript library for embedding Flash content + <computeroutput>SWFObject.js</computeroutput></para> + </listitem> + + <listitem> + <para>Sample HTML page + <computeroutput>webclient3.html</computeroutput></para> + </listitem> + </itemizedlist></para> + + <sect2> + <title>RDPWeb functions</title> + + <para><computeroutput>RDPClientUI.swf</computeroutput> and + <computeroutput>webclient.js</computeroutput> work with each other. + JavaScript code is responsible for a proper SWF initialization, + delivering mouse events to the SWF and processing resize requests from + the SWF. On the other hand, the SWF contains a few JavaScript callable + methods, which are used both from + <computeroutput>webclient.js</computeroutput> and the user HTML + page.</para> + + <sect3> + <title>JavaScript functions</title> + + <para><computeroutput>webclient.js</computeroutput> contains helper + functions. In the following table ElementId refers to an HTML + element name or attribute, and Element to the HTML element itself. + HTML code<programlisting> + <div id="FlashRDP"> + </div> +</programlisting> would have ElementId equal to FlashRDP and Element equal to + the div element.</para> + + <para><itemizedlist> + <listitem> + <programlisting>RDPWebClient.embedSWF(SWFFileName, ElementId)</programlisting> + + <para>Uses SWFObject library to replace the HTML element with + the Flash movie.</para> + </listitem> + + <listitem> + <programlisting>RDPWebClient.isRDPWebControlById(ElementId)</programlisting> + + <para>Returns true if the given id refers to a RDPWeb Flash + element.</para> + </listitem> + + <listitem> + <programlisting>RDPWebClient.isRDPWebControlByElement(Element)</programlisting> + + <para>Returns true if the given element is a RDPWeb Flash + element.</para> + </listitem> + + <listitem> + <programlisting>RDPWebClient.getFlashById(ElementId)</programlisting> + + <para>Returns an element, which is referenced by the given id. + This function will try to resolve any element, event if it is + not a Flash movie.</para> + </listitem> + </itemizedlist></para> + </sect3> + + <sect3> + <title>Flash methods callable from JavaScript</title> + + <para><computeroutput>RDPWebClienUI.swf</computeroutput> methods can + be called directly from JavaScript code on a HTML page.</para> + + <itemizedlist> + <listitem> + <para>getProperty(Name)</para> + </listitem> + + <listitem> + <para>setProperty(Name)</para> + </listitem> + + <listitem> + <para>connect()</para> + </listitem> + + <listitem> + <para>disconnect()</para> + </listitem> + + <listitem> + <para>keyboardSendCAD()</para> + </listitem> + </itemizedlist> + </sect3> + + <sect3> + <title>Flash JavaScript callbacks</title> + + <para><computeroutput>RDPWebClienUI.swf</computeroutput> calls + JavaScript functions provided by the HTML page.</para> + </sect3> + </sect2> + + <sect2> + <title>Embedding RDPWeb in an HTML page</title> + + <para>It is necessary to include + <computeroutput>webclient.js</computeroutput> helper script. If + SWFObject library is used, the + <computeroutput>swfobject.js</computeroutput> must be also included + and RDPWeb flash content can be embedded to a Web page using dynamic + HTML. The HTML must include a "placeholder", which consists of 2 + <computeroutput>div</computeroutput> elements.</para> + </sect2> + </sect1> + + <sect1> + <title>RDPWeb change log</title> + + <sect2> + <title>Version 1.2.28</title> + + <itemizedlist> + <listitem> + <para><computeroutput>keyboardLayout</computeroutput>, + <computeroutput>keyboardLayouts</computeroutput>, + <computeroutput>UUID</computeroutput> properties.</para> + </listitem> + + <listitem> + <para>Support for German keyboard layout on the client.</para> + </listitem> + + <listitem> + <para>Rebranding to Oracle.</para> + </listitem> + </itemizedlist> + </sect2> + + <sect2> + <title>Version 1.1.26</title> + + <itemizedlist> + <listitem> + <para><computeroutput>webclient.js</computeroutput> is a part of + the distribution package.</para> + </listitem> + + <listitem> + <para><computeroutput>lastError</computeroutput> property.</para> + </listitem> + + <listitem> + <para><computeroutput>keyboardSendScancodes</computeroutput> and + <computeroutput>keyboardSendCAD</computeroutput> methods.</para> + </listitem> + </itemizedlist> + </sect2> + + <sect2> + <title>Version 1.0.24</title> + + <itemizedlist> + <listitem> + <para>Initial release.</para> + </listitem> + </itemizedlist> + </sect2> + </sect1> + </chapter> + + <chapter id="dnd"> + <title>Drag and Drop</title> + + <para>Since VirtualBox 4.2 it's possible to transfer files from host to the + Linux guests by dragging files, directories or text from the host into the + guest's screen. This is called <emphasis>drag and drop + (DnD)</emphasis>.</para> + + <para>In version 5.0 support for Windows guests has been added, as well as + the ability to transfer data the other way around, that is, from the guest + to the host.</para> + + <note><para>Currently only the VirtualBox Manager frontend supports drag and + drop.</para></note> + + <para>This chapter will show how to use the required interfaces provided + by VirtualBox for adding drag and drop functionality to third-party + frontends.</para> + + <sect1> + <title>Basic concepts</title> + + <para>In order to use the interfaces provided by VirtualBox, some basic + concepts needs to be understood first: To successfully initiate a + drag and drop operation at least two sides needs to be involved, a + <emphasis>source</emphasis> and a <emphasis>target</emphasis>:</para> + + <para>The <emphasis>source</emphasis> is the side which provides the + data, e.g. is the origin of data. This data can be stored within the + source directly or can be retrieved on-demand by the source itself. Other + interfaces don't care where the data from this source actually came + from.</para> + + <para>The <emphasis>target</emphasis> on the other hand is the side which + provides the source a visual representation where the user can drop the + data the source offers. This representation can be a window (or just a + certain part of it), for example.</para> + + <para>The source and the target have abstract interfaces called + <link linkend="IDnDSource">IDnDSource</link> and + <link linkend="IDnDTarget">IDnDTarget</link>. VirtualBox also + provides implementations of both interfaces, called + <link linkend="IGuestDnDSource">IGuestDnDSource</link> and + <link linkend="IGuestDnDTarget">IGuestDnDTarget</link>. Both + implementations are also used in the VirtualBox Manager frontend.</para> + </sect1> + + <sect1> + <title>Supported formats</title> + + <para>As the target needs to perform specific actions depending on the + data the source provided, the target first needs to know what type of + data it actually is going to retrieve. It might be that the source offers + data the target cannot (or intentionally does not want to) + support.</para> + + <para>VirtualBox handles those data types by providing so-called + <emphasis>MIME types</emphasis> -- these MIME types were originally + defined in + <ulink url="https://tools.ietf.org/html/rfc2046">RFC 2046</ulink> and + are also called <emphasis>Content-types</emphasis>. + <link linkend="IGuestDnDSource">IGuestDnDSource</link> and + <link linkend="IGuestDnDTarget">IGuestDnDTarget</link> support + the following MIME types by default:<itemizedlist> + <listitem> + <para><emphasis role="bold">text/uri-list</emphasis> - A list of + URIs (Uniform Resource Identifier, see + <ulink url="https://tools.ietf.org/html/rfc3986">RFC 3986</ulink>) + pointing to the file and/or directory paths already transferred + from the source to the target.</para> + </listitem> + <listitem> + <para><emphasis role="bold">text/plain;charset=utf-8</emphasis> and + <emphasis role="bold">UTF8_STRING</emphasis> - text in UTF-8 + format.</para> + </listitem> + <listitem> + <para><emphasis role="bold">text/plain, TEXT</emphasis> + and <emphasis role="bold">STRING</emphasis> - plain ASCII text, + depending on the source's active ANSI page (if any).</para> + </listitem> + </itemizedlist> + </para> + + <para>If, for whatever reason, a certain default format should not be + supported or a new format should be registered, + <link linkend="IDnDSource">IDnDSource</link> and + <link linkend="IDnDTarget">IDnDTarget</link> have methods derived from + <link linkend="IDnDBase">IDnDBase</link> which provide adding, + removing and enumerating specific formats. + <note><para>Registering new or removing default formats on the guest side + currently is not implemented.</para></note></para> + </sect1> + + </chapter> + + <chapter id="vbox-auth"> + <title>VirtualBox external authentication modules</title> + + <para>VirtualBox supports arbitrary external modules to perform + authentication. The module is used when the authentication method is set + to "external" for a particular VM VRDE access and the library was + specified with <computeroutput>VBoxManage setproperty + vrdeauthlibrary</computeroutput>. Web service also use the authentication + module which was specified with <computeroutput>VBoxManage setproperty + websrvauthlibrary</computeroutput>.</para> + + <para>This library will be loaded by the VM or web service process on + demand, i.e. when the first remote desktop connection is made by a client + or when a client that wants to use the web service logs on.</para> + + <para>External authentication is the most flexible as the external handler + can both choose to grant access to everyone (like the "null" + authentication method would) and delegate the request to the guest + authentication component. When delegating the request to the guest + component, the handler will still be called afterwards with the option to + override the result.</para> + + <para>An authentication library is required to implement exactly one entry + point:</para> + + <screen>#include "VBoxAuth.h" + +/** + * Authentication library entry point. + * + * Parameters: + * + * szCaller The name of the component which calls the library (UTF8). + * pUuid Pointer to the UUID of the accessed virtual machine. Can be NULL. + * guestJudgement Result of the guest authentication. + * szUser User name passed in by the client (UTF8). + * szPassword Password passed in by the client (UTF8). + * szDomain Domain passed in by the client (UTF8). + * fLogon Boolean flag. Indicates whether the entry point is called + * for a client logon or the client disconnect. + * clientId Server side unique identifier of the client. + * + * Return code: + * + * AuthResultAccessDenied Client access has been denied. + * AuthResultAccessGranted Client has the right to use the + * virtual machine. + * AuthResultDelegateToGuest Guest operating system must + * authenticate the client and the + * library must be called again with + * the result of the guest + * authentication. + * + * Note: When 'fLogon' is 0, only pszCaller, pUuid and clientId are valid and the return + * code is ignored. + */ +AuthResult AUTHCALL AuthEntry( + const char *szCaller, + PAUTHUUID pUuid, + AuthGuestJudgement guestJudgement, + const char *szUser, + const char *szPassword + const char *szDomain + int fLogon, + unsigned clientId) +{ + /* Process request against your authentication source of choice. */ + // if (authSucceeded(...)) + // return AuthResultAccessGranted; + return AuthResultAccessDenied; +}</screen> + + <para>A note regarding the UUID implementation of the + <computeroutput>pUuid</computeroutput> argument: VirtualBox uses a + consistent binary representation of UUIDs on all platforms. For this + reason the integer fields comprising the UUID are stored as little endian + values. If you want to pass such UUIDs to code which assumes that the + integer fields are big endian (often also called network byte order), you + need to adjust the contents of the UUID to e.g. achieve the same string + representation. The required changes are:<itemizedlist> + <listitem> + <para>reverse the order of byte 0, 1, 2 and 3</para> + </listitem> + + <listitem> + <para>reverse the order of byte 4 and 5</para> + </listitem> + + <listitem> + <para>reverse the order of byte 6 and 7.</para> + </listitem> + </itemizedlist>Using this conversion you will get identical results when + converting the binary UUID to the string representation.</para> + + <para>The <computeroutput>guestJudgement</computeroutput> argument + contains information about the guest authentication status. For the first + call, it is always set to + <computeroutput>AuthGuestNotAsked</computeroutput>. In case the + <computeroutput>AuthEntry</computeroutput> function returns + <computeroutput>AuthResultDelegateToGuest</computeroutput>, a guest + authentication will be attempted and another call to the + <computeroutput>AuthEntry</computeroutput> is made with its result. This + can be either granted / denied or no judgement (the guest component chose + for whatever reason to not make a decision). In case there is a problem + with the guest authentication module (e.g. the Additions are not installed + or not running or the guest did not respond within a timeout), the "not + reacted" status will be returned.</para> + </chapter> + + <chapter id="javaapi"> + <title>Using Java API</title> + + <sect1> + <title>Introduction</title> + + <para>VirtualBox can be controlled by a Java API, both locally + (COM/XPCOM) and from remote (SOAP) clients. As with the Python bindings, + a generic glue layer tries to hide all platform differences, allowing + for source and binary compatibility on different platforms.</para> + </sect1> + + <sect1> + <title>Requirements</title> + + <para>To use the Java bindings, there are certain requirements depending + on the platform. First of all, you need JDK 1.5 (Java 5) or later. Also + please make sure that the version of the VirtualBox API .jar file + exactly matches the version of VirtualBox you use. To avoid confusion, + the VirtualBox API provides versioning in the Java package name, e.g. + the package is named <computeroutput>org.virtualbox_3_2</computeroutput> + for VirtualBox version 3.2. <itemizedlist> + <listitem> + <para><emphasis role="bold">XPCOM</emphasis> - for all platforms, + but Microsoft Windows. A Java bridge based on JavaXPCOM is shipped + with VirtualBox. The classpath must contain + <computeroutput>vboxjxpcom.jar</computeroutput> and the + <computeroutput>vbox.home</computeroutput> property must be set to + location where the VirtualBox binaries are. Please make sure that + the JVM bitness matches bitness of VirtualBox you use as the XPCOM + bridge relies on native libraries.</para> + + <para>Start your application like this: <programlisting> + java -cp vboxjxpcom.jar -Dvbox.home=/opt/virtualbox MyProgram + </programlisting></para> + </listitem> + + <listitem> + <para><emphasis role="bold">COM</emphasis> - for Microsoft + Windows. We rely on <computeroutput>Jacob</computeroutput> - a + generic Java to COM bridge - which has to be installed seperately. + See <ulink + url="http://sourceforge.net/projects/jacob-project/">http://sourceforge.net/projects/jacob-project/</ulink> + for installation instructions. Also, the VirtualBox provided + <computeroutput>vboxjmscom.jar</computeroutput> must be in the + class path.</para> + + <para>Start your application like this: + <programlisting>java -cp vboxjmscom.jar;c:\jacob\jacob.jar -Djava.library.path=c:\jacob MyProgram</programlisting></para> + </listitem> + + <listitem> + <para><emphasis role="bold">SOAP</emphasis> - all platforms. Java + 6 is required, as it comes with builtin support for SOAP via the + JAX-WS library. Also, the VirtualBox provided + <computeroutput>vbojws.jar</computeroutput> must be in the class + path. In the SOAP case it's possible to create several + VirtualBoxManager instances to communicate with multiple + VirtualBox hosts.</para> + + <para>Start your application like this: <programlisting> + java -cp vboxjws.jar MyProgram + </programlisting></para> + </listitem> + </itemizedlist></para> + + <para>Exception handling is also generalized by the generic glue layer, + so that all methods could throw + <computeroutput>VBoxException</computeroutput> containing human-readable + text message (see <computeroutput>getMessage()</computeroutput> method) + along with wrapped original exception (see + <computeroutput>getWrapped()</computeroutput> method).</para> + </sect1> + + <sect1> + <title>Example</title> + + <para>This example shows a simple use case of the Java API. Differences + for SOAP vs. local version are minimal, and limited to the connection + setup phase (see <computeroutput>ws</computeroutput> variable). In the + SOAP case it's possible to create several VirtualBoxManager instances to + communicate with multiple VirtualBox hosts. <programlisting> + import org.virtualbox_4_3.*; + .... + VirtualBoxManager mgr = VirtualBoxManager.createInstance(null); + boolean ws = false; // or true, if we need the SOAP version + if (ws) + { + String url = "http://myhost:18034"; + String user = "test"; + String passwd = "test"; + mgr.connect(url, user, passwd); + } + IVirtualBox vbox = mgr.getVBox(); + System.out.println("VirtualBox version: " + vbox.getVersion() + "\n"); + // get first VM name + String m = vbox.getMachines().get(0).getName(); + System.out.println("\nAttempting to start VM '" + m + "'"); + // start it + mgr.startVm(m, null, 7000); + + if (ws) + mgr.disconnect(); + + mgr.cleanup(); + </programlisting> For more a complete example, see + <computeroutput>TestVBox.java</computeroutput>, shipped with the + SDK. It contains exception handling and error printing code, which + is important for reliable larger scale projects.</para> + + <para>It is good practice in long-running API clients to process the + system events every now and then in the main thread (does not work + in other threads). As a rule of thumb it makes sense to process them + every few 100msec to every few seconds). This is done by + calling<programlisting> + mgr.waitForEvents(0); + </programlisting> + This avoids that a large number of system events accumulate, which can + need a significant amount of memory, and as they also play a role in + object cleanup it helps freeing additional memory in a timely manner + which is used by the API implementation itself. Java's garbage collection + approach already needs more memory due to the delayed freeing of memory + used by no longer accessible objects, and not processing the system + events exacerbates the memory usage. The + <computeroutput>TestVBox.java</computeroutput> example code sprinkles + such lines over the code to achieve the desired effect. In multi-threaded + applications it can be called from the main thread periodically. + Sometimes it's possible to use the non-zero timeout variant of the + method, which then waits the specified number of milliseconds for + events, processing them immediately as they arrive. It achieves better + runtime behavior than separate sleeping/processing.</para> + </sect1> + </chapter> + + <chapter> + <title>License information</title> + + <para>The sample code files shipped with the SDK are generally licensed + liberally to make it easy for anyone to use this code for their own + application code.</para> + + <para>The Java files under + <computeroutput>bindings/webservice/java/jax-ws/</computeroutput> (library + files for the object-oriented web service) are, by contrast, licensed + under the GNU Lesser General Public License (LGPL) V2.1.</para> + + <para>See + <computeroutput>sdk/bindings/webservice/java/jax-ws/src/COPYING.LIB</computeroutput> + for the full text of the LGPL 2.1.</para> + + <para>When in doubt, please refer to the individual source code files + shipped with this SDK.</para> + </chapter> + + <chapter> + <title>Main API change log</title> + + <para>Generally, VirtualBox will maintain API compatibility within a major + release; a major release occurs when the first or the second of the three + version components of VirtualBox change (that is, in the x.y.z scheme, a + major release is one where x or y change, but not when only z + changes).</para> + + <para>In other words, updates like those from 2.0.0 to 2.0.2 will not come + with API breakages.</para> + + <para>Migration between major releases most likely will lead to API + breakage, so please make sure you updated code accordingly. The OOWS Java + wrappers enforce that mechanism by putting VirtualBox classes into + version-specific packages such as + <computeroutput>org.virtualbox_2_2</computeroutput>. This approach allows + for connecting to multiple VirtualBox versions simultaneously from the + same Java application.</para> + + <para>The following sections list incompatible changes that the Main API + underwent since the original release of this SDK Reference with VirtualBox + 2.0. A change is deemed "incompatible" only if it breaks existing client + code (e.g. changes in method parameter lists, renamed or removed + interfaces and similar). In other words, the list does not contain new + interfaces, methods or attributes or other changes that do not affect + existing client code.</para> + + <sect1> + <title>Incompatible API changes with version 6.0</title> + + <itemizedlist> + + <listitem><para>Video recording APIs for were changed as follows: + <itemizedlist> + <listitem><para>All attributes which were living in <link linkend="IMachine">IMachine</link> before + have been moved to an own, dedicated interface named <link linkend="IRecordingSettings">IRecordingSettings</link>. + This new interface can be accessed via the new <link linkend="IMachine__recordingSettings">IMachine::recordingSettings</link> + attribute. This should emphasize that recording is not limited to video capturing as such.</para> + </listitem> + + <listitem><para>For further flexibility all specific per-VM-screen settings have been moved to a new interface + called <link linkend="IRecordingScreenSettings">IRecordingScreenSettings</link>. Such settings now exist per configured + VM display and can be retrieved via the <link linkend="IRecordingSettings__screens">IRecordingSettings::screens</link> + attribute or the <link linkend="IRecordingSettings__getScreenSettings">IRecordingSettings::getScreenSettings</link> + method. + <note><para>For now all screen settings will share the same settings, e.g. different settings on a per-screen basis + is not implemented yet.</para></note> + </para> + </listitem> + + <listitem><para>The event <computeroutput>IVideoCaptureChangedEvent</computeroutput> was renamed into + <link linkend="IRecordingChangedEvent">IRecordingChangedEvent</link>.</para> + </listitem> + + </itemizedlist> + </para></listitem> + + <listitem><para>Guest Control APIs were changed as follows: + <itemizedlist> + <listitem><para><link linkend="IGuest__createSession">IGuest::createSession()</link>, + <link linkend="IGuestSession__processCreate">IGuestSession::processCreate()</link>, + <link linkend="IGuestSession__processCreateEx">IGuestSession::processCreateEx()</link>, + <link linkend="IGuestSession__directoryOpen">IGuestSession::directoryOpen()</link> and + <link linkend="IGuestSession__fileOpen">IGuestSession::fileOpen()</link> now will + return the new error code VBOX_E_MAXIMUM_REACHED if the limit for the according object + group has been reached.</para> + </listitem> + + <listitem><para>The enumerations FileOpenExFlags, FsObjMoveFlags and DirectoryCopyFlags have + been renamed to <link linkend="FileOpenExFlag">FileOpenExFlag</link>, + <link linkend="FsObjMoveFlag">FsObjMoveFlag</link> and <link linkend="DirectoryCopyFlag">DirectoryCopyFlag</link> + accordingly to match the rest of the API.</para> + </listitem> + + <listitem> + <para>The following methods have been implemented: + <computeroutput>IGuestSession::directoryCopyFromGuest()</computeroutput> and + <computeroutput>IGuestSession::directoryCopyToGuest()</computeroutput>. + </para> + + <para>The following attributes have been implemented: + <computeroutput>IGuestFsObjInfo::accessTime</computeroutput>, + <computeroutput>IGuestFsObjInfo::birthTime</computeroutput>, + <computeroutput>IGuestFsObjInfo::changeTime</computeroutput> and + <computeroutput>IGuestFsObjInfo::modificationTime</computeroutput>. + </para> + + </listitem> + </itemizedlist> + </para></listitem> + + </itemizedlist> + + </sect1> + + <sect1> + <title>Incompatible API changes with version 5.x</title> + + <itemizedlist> + <listitem><para>ProcessCreateFlag::NoProfile has been renamed to + <link linkend="ProcessCreateFlag__Profile">ProcessCreateFlag::Profile</link>, + whereas the semantics also has been changed: ProcessCreateFlag::NoProfile + explicitly <emphasis role="bold">did not</emphasis> utilize the guest user's profile data, + which in turn <link linkend="ProcessCreateFlag__Profile">ProcessCreateFlag::Profile</link> + explicitly <emphasis role="bold">does now</emphasis>.</para> + </listitem> + </itemizedlist> + + </sect1> + + <sect1> + <title>Incompatible API changes with version 5.0</title> + + <itemizedlist> + <listitem> + <para>The methods for saving state, adopting a saved state file, + discarding a saved state, taking a snapshot, restoring + a snapshot and deleting a snapshot have been moved from + <computeroutput>IConsole</computeroutput> to + <computeroutput>IMachine</computeroutput>. This straightens out the + logical placement of methods and was necessary to resolve a + long-standing issue, preventing 32-bit API clients from invoking + those operations in the case where no VM is running. + <itemizedlist> + <listitem><para><link linkend="IMachine__saveState">IMachine::saveState()</link> + replaces + <computeroutput>IConsole::saveState()</computeroutput></para> + </listitem> + <listitem> + <para><link linkend="IMachine__adoptSavedState">IMachine::adoptSavedState()</link> + replaces + <computeroutput>IConsole::adoptSavedState()</computeroutput></para> + </listitem> + <listitem> + <para><link linkend="IMachine__discardSavedState">IMachine::discardSavedState()</link> + replaces + <computeroutput>IConsole::discardSavedState()</computeroutput></para> + </listitem> + <listitem> + <para><link linkend="IMachine__takeSnapshot">IMachine::takeSnapshot()</link> + replaces + <computeroutput>IConsole::takeSnapshot()</computeroutput></para> + </listitem> + <listitem> + <para><link linkend="IMachine__deleteSnapshot">IMachine::deleteSnapshot()</link> + replaces + <computeroutput>IConsole::deleteSnapshot()</computeroutput></para> + </listitem> + <listitem> + <para><link linkend="IMachine__deleteSnapshotAndAllChildren">IMachine::deleteSnapshotAndAllChildren()</link> + replaces + <computeroutput>IConsole::deleteSnapshotAndAllChildren()</computeroutput></para> + </listitem> + <listitem> + <para><link linkend="IMachine__deleteSnapshotRange">IMachine::deleteSnapshotRange()</link> + replaces + <computeroutput>IConsole::deleteSnapshotRange()</computeroutput></para> + </listitem> + <listitem> + <para><link linkend="IMachine__restoreSnapshot">IMachine::restoreSnapshot()</link> + replaces + <computeroutput>IConsole::restoreSnapshot()</computeroutput></para> + </listitem> + </itemizedlist> + Small adjustments to the parameter lists have been made to reduce + the number of API calls when taking online snapshots (no longer + needs explicit pausing), and taking a snapshot also returns now + the snapshot id (useful for finding the right snapshot if there + are non-unique snapshot names).</para> + </listitem> + + <listitem> + <para>Two new machine states have been introduced to allow proper + distinction between saving state and taking a snapshot. + <link linkend="MachineState__Saving">MachineState::Saving</link> + now is used exclusively while the VM's state is being saved, without + any overlaps with snapshot functionality. The new state + <link linkend="MachineState__Snapshotting">MachineState::Snapshotting</link> + is used when an offline snapshot is taken and likewise the new state + <link linkend="MachineState__OnlineSnapshotting">MachineState::OnlineSnapshotting</link> + is used when an online snapshot is taken.</para> + </listitem> + + <listitem> + <para>A new event has been introduced, which signals when a snapshot + has been restored: + <link linkend="ISnapshotRestoredEvent">ISnapshotRestoredEvent</link>. + Previously the event + <link linkend="ISnapshotDeletedEvent">ISnapshotDeletedEvent</link> + was signalled, which isn't logical (but could be distinguished from + actual deletion by the fact that the snapshot was still + there).</para> + </listitem> + + <listitem> + <para>The method + <link linkend="IVirtualBox__createMedium">IVirtualBox::createMedium()</link> + replaces + <computeroutput>VirtualBox::createHardDisk()</computeroutput>. + Adjusting existing code needs adding two parameters with + value <computeroutput>AccessMode_ReadWrite</computeroutput> + and <computeroutput>DeviceType_HardDisk</computeroutput> + respectively. The new method supports creating floppy and + DVD images, and (less obviously) further API functionality + such as cloning floppy images.</para> + </listitem> + + <listitem> + <para>The method + <link linkend="IMachine__getStorageControllerByInstance">IMachine::getStorageControllerByInstance()</link> + now has an additional parameter (first parameter), for specifying the + storage bus which the storage controller must be using. The method + was not useful before, as the instance numbers are only unique for a + specfic storage bus.</para> + </listitem> + + <listitem> + <para>The attribute + <computeroutput>IMachine::sessionType</computeroutput> has been + renamed to + <link linkend="IMachine__sessionName">IMachine::sessionName()</link>. + This cleans up the confusing terminology (as the session type is + something different).</para> + </listitem> + + <listitem> + <para>The attribute + <computeroutput>IMachine::guestPropertyNotificationPatterns</computeroutput> + has been removed. In practice it was not usable because it is too + global and didn't distinguish between API clients.</para> + </listitem> + + <listitem><para>Drag and drop APIs were changed as follows:<itemizedlist> + + <listitem> + <para>Methods for providing host to guest drag and drop + functionality, such as + <computeroutput>IGuest::dragHGEnter</computeroutput>, + <computeroutput>IGuest::dragHGMove()</computeroutput>, + <computeroutput>IGuest::dragHGLeave()</computeroutput>, + <computeroutput>IGuest::dragHGDrop()</computeroutput> and + <computeroutput>IGuest::dragHGPutData()</computeroutput>, + have been moved to an abstract base class called + <link linkend="IDnDTarget">IDnDTarget</link>. + VirtualBox implements this base class in the + <link linkend="IGuestDnDTarget">IGuestDnDTarget</link> + interface. The implementation can be used by using the + <link linkend="IGuest__dnDTarget">IGuest::dnDTarget()</link> + method.</para> + <para>Methods for providing guest to host drag and drop + functionality, such as + <computeroutput>IGuest::dragGHPending()</computeroutput>, + <computeroutput>IGuest::dragGHDropped()</computeroutput> and + <computeroutput>IGuest::dragGHGetData()</computeroutput>, + have been moved to an abstract base class called + <link linkend="IDnDSource">IDnDSource</link>. + VirtualBox implements this base class in the + <link linkend="IGuestDnDSource">IGuestDnDSource</link> + interface. The implementation can be used by using the + <link linkend="IGuest__dnDSource">IGuest::dnDSource()</link> + method.</para> + </listitem> + + <listitem> + <para>The <computeroutput>DragAndDropAction</computeroutput> + enumeration has been renamed to + <link linkend="DnDAction">DnDAction</link>.</para> + </listitem> + + <listitem> + <para>The <computeroutput>DragAndDropMode</computeroutput> + enumeration has been renamed to + <link linkend="DnDMode">DnDMode</link>.</para> + </listitem> + + <listitem> + <para>The attribute + <computeroutput>IMachine::dragAndDropMode</computeroutput> + has been renamed to + <link linkend="IMachine__dnDMode">IMachine::dnDMode()</link>.</para> + </listitem> + + <listitem> + <para>The event + <computeroutput>IDragAndDropModeChangedEvent</computeroutput> + has been renamed to + <link linkend="IDnDModeChangedEvent">IDnDModeChangedEvent</link>.</para> + </listitem> + + </itemizedlist></para> + </listitem> + + <listitem><para>IDisplay and IFramebuffer interfaces were changed to + allow IFramebuffer object to reside in a separate frontend + process:<itemizedlist> + + <listitem><para> + IDisplay::ResizeCompleted() has been removed, because the + IFramebuffer object does not provide the screen memory anymore. + </para></listitem> + + <listitem><para> + IDisplay::SetFramebuffer() has been replaced with + IDisplay::AttachFramebuffer() and IDisplay::DetachFramebuffer(). + </para></listitem> + + <listitem><para> + IDisplay::GetFramebuffer() has been replaced with + IDisplay::QueryFramebuffer(). + </para></listitem> + + <listitem><para> + IDisplay::GetScreenResolution() has a new output parameter + <computeroutput>guestMonitorStatus</computeroutput> + which tells whether the monitor is enabled in the guest. + </para></listitem> + + <listitem><para> + IDisplay::TakeScreenShot() and IDisplay::TakeScreenShotToArray() + have a new parameter + <computeroutput>bitmapFormat</computeroutput>. As a consequence of + this, IDisplay::TakeScreenShotPNGToArray() has been removed. + </para></listitem> + + <listitem><para> + IFramebuffer::RequestResize() has been replaced with + IFramebuffer::NotifyChange(). + </para></listitem> + + <listitem><para> + IFramebuffer::NotifyUpdateImage() added to support IFramebuffer + objects in a different process. + </para></listitem> + + <listitem><para> + IFramebuffer::Lock(), IFramebuffer::Unlock(), + IFramebuffer::Address(), IFramebuffer::UsesGuestVRAM() have been + removed because the IFramebuffer object does not provide the screen + memory anymore. + </para></listitem> + + </itemizedlist></para> + </listitem> + + <listitem><para>IGuestSession, IGuestFile and IGuestProcess interfaces + were changed as follows: + <itemizedlist> + <listitem> + <para>Replaced IGuestSession::directoryQueryInfo and + IGuestSession::fileQueryInfo with a new + <link linkend="IGuestSession__fsObjQueryInfo">IGuestSession::fsObjQueryInfo</link> + method that works on any type of file system object.</para> + </listitem> + <listitem> + <para>Replaced IGuestSession::fileRemove, + IGuestSession::symlinkRemoveDirectory and + IGuestSession::symlinkRemoveFile with a new + <link linkend="IGuestSession__fsObjRemove">IGuestSession::fsObjRemove</link> + method that works on any type of file system object except + directories. (fileRemove also worked on any type of object + too, though that was not the intent of the method.)</para> + </listitem> + <listitem> + <para>Replaced IGuestSession::directoryRename and + IGuestSession::directoryRename with a new + <link linkend="IGuestSession__fsObjRename">IGuestSession::fsObjRename</link> + method that works on any type of file system object. + (directoryRename and fileRename may already have worked for + any kind of object, but that was never the intent of the + methods.)</para> + </listitem> + <listitem> + <para>Replaced the unimplemented IGuestSession::directorySetACL + and IGuestSession::fileSetACL with a new + <link linkend="IGuestSession__fsObjSetACL">IGuestSession::fsObjSetACL</link> + method that works on all type of file system object. Also + added a UNIX-style mode parameter as an alternative to the + ACL.</para> + </listitem> + <listitem> + <para>Replaced IGuestSession::fileRemove, + IGuestSession::symlinkRemoveDirectory and + IGuestSession::symlinkRemoveFile with a new + <link linkend="IGuestSession__fsObjRemove">IGuestSession::fsObjRemove</link> + method that works on any type of file system object except + directories (fileRemove also worked on any type of object, + though that was not the intent of the method.)</para> + </listitem> + <listitem> + <para>Renamed IGuestSession::copyTo to + <link linkend="IGuestSession__fileCopyToGuest">IGuestSession::fileCopyToGuest</link>.</para> + </listitem> + <listitem> + <para>Renamed IGuestSession::copyFrom to + <link linkend="IGuestSession__fileCopyFromGuest">IGuestSession::fileCopyFromGuest</link>.</para> + </listitem> + <listitem> + <para>Renamed the CopyFileFlag enum to + <link linkend="FileCopyFlag">FileCopyFlag</link>.</para> + </listitem> + <listitem> + <para>Renamed the IGuestSession::environment attribute to + <link linkend="IGuestSession__environmentChanges">IGuestSession::environmentChanges</link> + to better reflect what it does.</para> + </listitem> + <listitem> + <para>Changed the + <link linkend="IProcess__environment">IGuestProcess::environment</link> + to a stub returning E_NOTIMPL since it wasn't doing what was + advertised (returned changes, not the actual environment).</para> + </listitem> + <listitem> + <para>Renamed IGuestSession::environmentSet to + <link linkend="IGuestSession__environmentScheduleSet">IGuestSession::environmentScheduleSet</link> + to better reflect what it does.</para> + </listitem> + <listitem> + <para>Renamed IGuestSession::environmentUnset to + <link linkend="IGuestSession__environmentScheduleUnset">IGuestSession::environmentScheduleUnset</link> + to better reflect what it does.</para> + </listitem> + <listitem> + <para>Removed IGuestSession::environmentGet it was only getting + changes while giving the impression it was actual environment + variables, and it did not represent scheduled unset + operations.</para> + </listitem> + <listitem> + <para>Removed IGuestSession::environmentClear as it duplicates + assigning an empty array to the + <link linkend="IGuestSession__environmentChanges">IGuestSession::environmentChanges</link> + (formerly known as IGuestSession::environment).</para> + </listitem> + <listitem> + <para>Changed the + <link linkend="IGuestSession__processCreate">IGuestSession::processCreate</link> + and + <link linkend="IGuestSession__processCreateEx">IGuestSession::processCreateEx</link> + methods to accept arguments starting with argument zero (argv[0]) + instead of argument one (argv[1]). (Not yet implemented on the + guest additions side, so argv[0] will probably be ignored for a + short while.)</para> + </listitem> + + <listitem> + <para>Added a followSymlink parameter to the following methods: + <itemizedlist> + <listitem><para><link linkend="IGuestSession__directoryExists">IGuestSession::directoryExists</link></para></listitem> + <listitem><para><link linkend="IGuestSession__fileExists">IGuestSession::fileExists</link></para></listitem> + <listitem><para><link linkend="IGuestSession__fileQuerySize">IGuestSession::fileQuerySize</link></para></listitem> + </itemizedlist></para> + </listitem> + <listitem> + <para>The parameters to the + <link linkend="IGuestSession__fileOpen">IGuestSession::fileOpen</link> + and + <link linkend="IGuestSession__fileOpenEx">IGuestSession::fileOpenEx</link> + methods were altered:<itemizedlist> + <listitem><para>The openMode string parameter was replaced by + the enum + <link linkend="FileAccessMode">FileAccessMode</link> + and renamed to accessMode.</para></listitem> + <listitem><para>The disposition string parameter was replaced + by the enum + <link linkend="FileOpenAction">FileOpenAction</link> + and renamed to openAction.</para></listitem> + <listitem><para>The unimplemented sharingMode string parameter + was replaced by the enum + <link linkend="FileSharingMode">FileSharingMode</link> + (fileOpenEx only).</para></listitem> + <listitem><para>Added a flags parameter taking a list of + <link linkend="FileOpenExFlag">FileOpenExFlag</link> values + (fileOpenEx only).</para></listitem> + <listitem><para>Removed the offset parameter (fileOpenEx + only).</para></listitem> + </itemizedlist></para> + </listitem> + + <listitem> + <para><link linkend="IFile__seek">IGuestFile::seek</link> now + returns the new offset.</para> + </listitem> + <listitem> + <para>Renamed the FileSeekType enum used by + <link linkend="IFile__seek">IGuestFile::seek</link> + to <link linkend="FileSeekOrigin">FileSeekOrigin</link> and + added the missing End value and renaming the Set to + Begin.</para> + </listitem> + <listitem> + <para>Extended the unimplemented + <link linkend="IFile__setACL">IGuestFile::setACL</link> + method with a UNIX-style mode parameter as an alternative to + the ACL.</para> + </listitem> + <listitem> + <para>Renamed the IFile::openMode attribute to + <link linkend="IFile__accessMode">IFile::accessMode</link> + and change the type from string to + <link linkend="FileAccessMode">FileAccessMode</link> to reflect + the changes to the fileOpen methods.</para> + </listitem> + <listitem> + <para>Renamed the IGuestFile::disposition attribute to + <link linkend="IFile__openAction">IFile::openAction</link> and + change the type from string to + <link linkend="FileOpenAction">FileOpenAction</link> to reflect + the changes to the fileOpen methods.</para> + </listitem> + + <!-- Non-incompatible things worth mentioning (stubbed methods/attrs aren't worth it). --> + <listitem> + <para>Added + <link linkend="IGuestSession__pathStyle">IGuestSession::pathStyle</link> + attribute.</para> + </listitem> + <listitem> + <para>Added + <link linkend="IGuestSession__fsObjExists">IGuestSession::fsObjExists</link> + attribute.</para> + </listitem> + + </itemizedlist> + </para> + </listitem> + + <listitem><para> + IConsole::GetDeviceActivity() returns information about multiple + devices. + </para></listitem> + + <listitem><para> + IMachine::ReadSavedThumbnailToArray() has a new parameter + <computeroutput>bitmapFormat</computeroutput>. As a consequence of + this, IMachine::ReadSavedThumbnailPNGToArray() has been removed. + </para></listitem> + + <listitem><para> + IMachine::QuerySavedScreenshotPNGSize() has been renamed to + IMachine::QuerySavedScreenshotInfo() which also returns + an array of available screenshot formats. + </para></listitem> + + <listitem><para> + IMachine::ReadSavedScreenshotPNGToArray() has been renamed to + IMachine::ReadSavedScreenshotToArray() which has a new parameter + <computeroutput>bitmapFormat</computeroutput>. + </para></listitem> + + <listitem><para> + IMachine::QuerySavedThumbnailSize() has been removed. + </para></listitem> + + <listitem> + <para>The method + <link linkend="IWebsessionManager__getSessionObject">IWebsessionManager::getSessionObject()</link> + now returns a new <link linkend="ISession">ISession</link> instance + for every invocation. This puts the behavior in line with other + binding styles, which never forced the equivalent of establishing + another connection and logging in again to get another + instance.</para> + </listitem> + </itemizedlist> + </sect1> + + <sect1> + <title>Incompatible API changes with version 4.3</title> + + <itemizedlist> + <listitem> + <para>The explicit medium locking methods + <link linkend="IMedium__lockRead">IMedium::lockRead()</link> + and <link linkend="IMedium__lockWrite">IMedium::lockWrite()</link> + have been redesigned. They return a lock token object reference + now, and calling the + <link linkend="IToken__abandon">IToken::abandon()</link> method (or + letting the reference count to this object drop to 0) will unlock + it. This eliminates the rather common problem that an API client + crash left behind locks, and also improves the safety (API clients + can't release locks they didn't obtain).</para> + </listitem> + + <listitem> + <para>The parameter list of + <link linkend="IAppliance__write">IAppliance::write()</link> + has been changed slightly, to allow multiple flags to be + passed.</para> + </listitem> + + <listitem> + <para><computeroutput>IMachine::delete</computeroutput> + has been renamed to + <link linkend="IMachine__deleteConfig">IMachine::deleteConfig()</link>, + to improve API client binding compatibility.</para> + </listitem> + + <listitem> + <para><computeroutput>IMachine::export</computeroutput> + has been renamed to + <link linkend="IMachine__exportTo">IMachine::exportTo()</link>, + to improve API client binding compatibility.</para> + </listitem> + + <listitem> + <para>For + <link linkend="IMachine__launchVMProcess">IMachine::launchVMProcess()</link> + the meaning of the <computeroutput>type</computeroutput> parameter + has changed slightly. Empty string now means that the per-VM or + global default frontend is launched. Most callers of this method + should use the empty string now, unless they really want to override + the default and launch a particular frontend.</para> + </listitem> + + <listitem> + <para>Medium management APIs were changed as follows:<itemizedlist> + + <listitem> + <para>The type of attribute + <link linkend="IMedium__variant">IMedium::variant()</link> + changed from <computeroutput>unsigned long</computeroutput> + to <computeroutput>safe-array MediumVariant</computeroutput>. + It is an array of flags instead of a set of flags which were + stored inside one variable. + </para> + </listitem> + + <listitem> + <para>The parameter list for + <link linkend="IMedium__cloneTo">IMedium::cloneTo()</link> + was modified. The type of parameter variant was changed from + unsigned long to safe-array MediumVariant. + </para> + </listitem> + + <listitem> + <para>The parameter list for + <link linkend="IMedium__createBaseStorage">IMedium::createBaseStorage()</link> + was modified. The type of parameter variant was changed from + unsigned long to safe-array MediumVariant. + </para> + </listitem> + + <listitem> + <para>The parameter list for + <link linkend="IMedium__createDiffStorage">IMedium::createDiffStorage()</link> + was modified. The type of parameter variant was changed from + unsigned long to safe-array MediumVariant. + </para> + </listitem> + + <listitem> + <para>The parameter list for + <link linkend="IMedium__cloneToBase">IMedium::cloneToBase()</link> + was modified. The type of parameter variant was changed from + unsigned long to safe-array MediumVariant. + </para> + </listitem> + </itemizedlist></para> + </listitem> + + <listitem> + <para>The type of attribute + <link linkend="IMediumFormat__capabilities">IMediumFormat::capabilities()</link> + changed from <computeroutput>unsigned long</computeroutput> to + <computeroutput>safe-array MediumFormatCapabilities</computeroutput>. + It is an array of flags instead of a set of flags which were stored + inside one variable. + </para> + </listitem> + + <listitem> + <para>The attribute + <link linkend="IMedium__logicalSize">IMedium::logicalSize()</link> + now returns the logical size of exactly this medium object (whether + it is a base or diff image). The old behavior was no longer + acceptable, as each image can have a different capacity.</para> + </listitem> + + <listitem> + <para>Guest control APIs - such as + <link linkend="IGuest">IGuest</link>, + <link linkend="IGuestSession">IGuestSession</link>, + <link linkend="IGuestProcess">IGuestProcess</link> and so on - now + emit own events to provide clients much finer control and the ability + to write own frontends for guest operations. The event + <link linkend="IGuestSessionEvent">IGuestSessionEvent</link> acts as + an abstract base class for all guest control events. Certain guest + events contain a + <link linkend="IVirtualBoxErrorInfo">IVirtualBoxErrorInfo</link> + member to provide more information in case of an error happened on + the guest side.</para> + </listitem> + + <listitem> + <para>Guest control sessions on the guest started by + <link linkend="IGuest__createSession">IGuest::createSession()</link> + now are dedicated guest processes to provide more safety and + performance for certain operations. Also, the + <link linkend="IGuest__createSession">IGuest::createSession()</link> + call does not wait for the guest session being created anymore due + to the dedicated guest session processes just mentioned. This also + will enable webservice clients to handle guest session creation + more gracefully. To wait for a guest session being started, use the + newly added attribute + <link linkend="IGuestSession__status">IGuestSession::status()</link> + to query the current guest session status.</para> + </listitem> + + <listitem> + <para>The <link linkend="IGuestFile">IGuestFile</link> + APIs are now implemented to provide native guest file access from + the host.</para> + </listitem> + + <listitem> + <para>The parameter list for + <link linkend="IGuest__updateGuestAdditions">IMedium::updateGuestAdditions()</link> + was modified. It now supports specifying optional command line + arguments for the Guest Additions installer performing the actual + update on the guest. + </para> + </listitem> + + <listitem> + <para>A new event + <link linkend="IGuestUserStateChangedEvent">IGuestUserStateChangedEvent</link> + was introduced to provide guest user status updates to the host via + event listeners. To use this event there needs to be at least the 4.3 + Guest Additions installed on the guest. At the moment only the states + "Idle" and "InUse" of the + <link linkend="GuestUserState">GuestUserState</link> enumeration arei + supported on Windows guests, starting at Windows 2000 SP2.</para> + </listitem> + + <listitem> + <para> + The attribute + <link linkend="IGuestSession__protocolVersion">IGuestSession::protocolVersion</link> + was added to provide a convenient way to lookup the guest session's + protocol version it uses to communicate with the installed Guest + Additions on the guest. Older Guest Additions will set the protocol + version to 1, whereas Guest Additions 4.3 will set the protocol + version to 2. This might change in the future as new features + arise.</para> + </listitem> + + <listitem> + <para><computeroutput>IDisplay::getScreenResolution</computeroutput> + has been extended to return the display position in the guest.</para> + </listitem> + + <listitem> + <para> + The <link linkend="IUSBController">IUSBController</link> + class is not a singleton of + <link linkend="IMachine">IMachine</link> anymore but + <link linkend="IMachine">IMachine</link> contains a list of USB + controllers present in the VM. The USB device filter handling was + moved to + <link linkend="IUSBDeviceFilters">IUSBDeviceFilters</link>. + </para> + </listitem> + </itemizedlist> + </sect1> + + <sect1> + <title>Incompatible API changes with version 4.2</title> + + <itemizedlist> + <listitem> + <para>Guest control APIs for executing guest processes, working with + guest files or directories have been moved to the newly introduced + <link linkend="IGuestSession">IGuestSession</link> interface which + can be created by calling + <link linkend="IGuest__createSession">IGuest::createSession()</link>.</para> + + <para>A guest session will act as a + guest user's impersonation so that the guest credentials only have to + be provided when creating a new guest session. There can be up to 32 + guest sessions at once per VM, each session serving up to 2048 guest + processes running or files opened.</para> + + <para>Instead of working with process or directory handles before + version 4.2, there now are the dedicated interfaces + <link linkend="IGuestProcess">IGuestProcess</link>, + <link linkend="IGuestDirectory">IGuestDirectory</link> and + <link linkend="IGuestFile">IGuestFile</link>. To retrieve more + information of a file system object the new interface + <link linkend="IGuestFsObjInfo">IGuestFsObjInfo</link> has been + introduced.</para> + + <para>Even though the guest control API was changed it is backwards + compatible so that it can be used with older installed Guest + Additions. However, to use upcoming features like process termination + or waiting for input / output new Guest Additions must be installed + when these features got implemented.</para> + + <para>The following limitations apply: + <itemizedlist> + <listitem><para>The <link linkend="IGuestFile">IGuestFile</link> + interface is not fully implemented yet.</para> + </listitem> + <listitem><para>The symbolic link APIs + <link linkend="IGuestSession__symlinkCreate">IGuestSession::symlinkCreate()</link>, + <link linkend="IGuestSession__symlinkExists">IGuestSession::symlinkExists()</link>, + <link linkend="IGuestSession__symlinkRead">IGuestSession::symlinkRead()</link>, + IGuestSession::symlinkRemoveDirectory() and + IGuestSession::symlinkRemoveFile() are not + implemented yet.</para> + </listitem> + <listitem><para>The directory APIs + <link linkend="IGuestSession__directoryRemove">IGuestSession::directoryRemove()</link>, + <link linkend="IGuestSession__directoryRemoveRecursive">IGuestSession::directoryRemoveRecursive()</link>, + IGuestSession::directoryRename() and + IGuestSession::directorySetACL() are not + implemented yet.</para> + </listitem> + <listitem><para>The temporary file creation API + <link linkend="IGuestSession__fileCreateTemp">IGuestSession::fileCreateTemp()</link> + is not implemented yet.</para> + </listitem> + <listitem><para>Guest process termination via + <link linkend="IProcess__terminate">IProcess::terminate()</link> + is not implemented yet.</para> + </listitem> + <listitem><para>Waiting for guest process output via + <link linkend="ProcessWaitForFlag__StdOut">ProcessWaitForFlag::StdOut</link> + and + <link linkend="ProcessWaitForFlag__StdErr">ProcessWaitForFlag::StdErr</link> + is not implemented yet.</para> + <para>To wait for process output, + <link linkend="IProcess__read">IProcess::read()</link> with + appropriate flags still can be used to periodically check for + new output data to arrive. Note that + <link linkend="ProcessCreateFlag__WaitForStdOut">ProcessCreateFlag::WaitForStdOut</link> + and / or + <link linkend="ProcessCreateFlag__WaitForStdErr">ProcessCreateFlag::WaitForStdErr</link> + need to be specified when creating a guest process via + <link linkend="IGuestSession__processCreate">IGuestSession::processCreate()</link> + or + <link linkend="IGuestSession__processCreateEx">IGuestSession::processCreateEx()</link>.</para> + </listitem> + <listitem> + <para>ACL (Access Control List) handling in general is not + implemented yet.</para> + </listitem> + </itemizedlist> + </para> + </listitem> + + <listitem> + <para>The <link linkend="LockType">LockType</link> + enumeration now has an additional value + <computeroutput>VM</computeroutput> which tells + <link linkend="IMachine__lockMachine">IMachine::lockMachine()</link> + to create a full-blown object structure for running a VM. This was + the previous behavior with <computeroutput>Write</computeroutput>, + which now only creates the minimal object structure to save time and + resources (at the moment the Console object is still created, but all + sub-objects such as Display, Keyboard, Mouse, Guest are not.</para> + </listitem> + + <listitem> + <para>Machines can be put in groups (actually an array of groups). + The primary group affects the default placement of files belonging + to a VM. + <link linkend="IVirtualBox__createMachine">IVirtualBox::createMachine()</link> + and + <link linkend="IVirtualBox__composeMachineFilename">IVirtualBox::composeMachineFilename()</link> + have been adjusted accordingly, the former taking an array of groups + as an additional parameter and the latter taking a group as an + additional parameter. The create option handling has been changed for + those two methods, too.</para> + </listitem> + + <listitem> + <para>The method IVirtualBox::findMedium() has been removed, since + it provides a subset of the functionality of + <link linkend="IVirtualBox__openMedium">IVirtualBox::openMedium()</link>.</para> + </listitem> + + <listitem> + <para>The use of acronyms in API enumeration, interface, attribute + and method names has been made much more consistent, previously they + sometimes were lowercase and sometimes mixed case. They are now + consistently all caps:<table> + <title>Renamed identifiers in VirtualBox 4.2</title> + + <tgroup cols="2" style="verywide"> + <tbody> + <row> + <entry><emphasis role="bold">Old name</emphasis></entry> + + <entry><emphasis role="bold">New name</emphasis></entry> + </row> + <row> + <entry>PointingHidType</entry> + <entry><link linkend="PointingHIDType">PointingHIDType</link></entry> + </row> + <row> + <entry>KeyboardHidType</entry> + <entry><link linkend="KeyboardHIDType">KeyboardHIDType</link></entry> + </row> + <row> + <entry>IPciAddress</entry> + <entry><link linkend="IPCIAddress">IPCIAddress</link></entry> + </row> + <row> + <entry>IPciDeviceAttachment</entry> + <entry><link linkend="IPCIDeviceAttachment">IPCIDeviceAttachment</link></entry> + </row> + <row> + <entry>IMachine::pointingHidType</entry> + <entry><link linkend="IMachine__pointingHIDType">IMachine::pointingHIDType</link></entry> + </row> + <row> + <entry>IMachine::keyboardHidType</entry> + <entry><link linkend="IMachine__keyboardHIDType">IMachine::keyboardHIDType</link></entry> + </row> + <row> + <entry>IMachine::hpetEnabled</entry> + <entry><link linkend="IMachine__HPETEnabled">IMachine::HPETEnabled</link></entry> + </row> + <row> + <entry>IMachine::sessionPid</entry> + <entry><link linkend="IMachine__sessionPID">IMachine::sessionPID</link></entry> + </row> + <row> + <entry>IMachine::ioCacheEnabled</entry> + <entry><link linkend="IMachine__IOCacheEnabled">IMachine::IOCacheEnabled</link></entry> + </row> + <row> + <entry>IMachine::ioCacheSize</entry> + <entry><link linkend="IMachine__IOCacheSize">IMachine::IOCacheSize</link></entry> + </row> + <row> + <entry>IMachine::pciDeviceAssignments</entry> + <entry><link linkend="IMachine__PCIDeviceAssignments">IMachine::PCIDeviceAssignments</link></entry> + </row> + <row> + <entry>IMachine::attachHostPciDevice()</entry> + <entry><link linkend="IMachine__attachHostPCIDevice">IMachine::attachHostPCIDevice</link></entry> + </row> + <row> + <entry>IMachine::detachHostPciDevice()</entry> + <entry><link linkend="IMachine__detachHostPCIDevice">IMachine::detachHostPCIDevice()</link></entry> + </row> + <row> + <entry>IConsole::attachedPciDevices</entry> + <entry><link linkend="IConsole__attachedPCIDevices">IConsole::attachedPCIDevices</link></entry> + </row> + <row> + <entry>IHostNetworkInterface::dhcpEnabled</entry> + <entry><link linkend="IHostNetworkInterface__DHCPEnabled">IHostNetworkInterface::DHCPEnabled</link></entry> + </row> + <row> + <entry>IHostNetworkInterface::enableStaticIpConfig()</entry> + <entry><link linkend="IHostNetworkInterface__enableStaticIPConfig">IHostNetworkInterface::enableStaticIPConfig()</link></entry> + </row> + <row> + <entry>IHostNetworkInterface::enableStaticIpConfigV6()</entry> + <entry><link linkend="IHostNetworkInterface__enableStaticIPConfigV6">IHostNetworkInterface::enableStaticIPConfigV6()</link></entry> + </row> + <row> + <entry>IHostNetworkInterface::enableDynamicIpConfig()</entry> + <entry><link linkend="IHostNetworkInterface__enableDynamicIPConfig">IHostNetworkInterface::enableDynamicIPConfig()</link></entry> + </row> + <row> + <entry>IHostNetworkInterface::dhcpRediscover()</entry> + <entry><link linkend="IHostNetworkInterface__DHCPRediscover">IHostNetworkInterface::DHCPRediscover()</link></entry> + </row> + <row> + <entry>IHost::Acceleration3DAvailable</entry> + <entry><link linkend="IHost__acceleration3DAvailable">IHost::acceleration3DAvailable</link></entry> + </row> + <row> + <entry>IGuestOSType::recommendedPae</entry> + <entry><link linkend="IGuestOSType__recommendedPAE">IGuestOSType::recommendedPAE</link></entry> + </row> + <row> + <entry>IGuestOSType::recommendedDvdStorageController</entry> + <entry><link linkend="IGuestOSType__recommendedDVDStorageController">IGuestOSType::recommendedDVDStorageController</link></entry> + </row> + <row> + <entry>IGuestOSType::recommendedDvdStorageBus</entry> + <entry><link linkend="IGuestOSType__recommendedDVDStorageBus">IGuestOSType::recommendedDVDStorageBus</link></entry> + </row> + <row> + <entry>IGuestOSType::recommendedHdStorageController</entry> + <entry><link linkend="IGuestOSType__recommendedHDStorageController">IGuestOSType::recommendedHDStorageController</link></entry> + </row> + <row> + <entry>IGuestOSType::recommendedHdStorageBus</entry> + <entry><link linkend="IGuestOSType__recommendedHDStorageBus">IGuestOSType::recommendedHDStorageBus</link></entry> + </row> + <row> + <entry>IGuestOSType::recommendedUsbHid</entry> + <entry><link linkend="IGuestOSType__recommendedUSBHID">IGuestOSType::recommendedUSBHID</link></entry> + </row> + <row> + <entry>IGuestOSType::recommendedHpet</entry> + <entry><link linkend="IGuestOSType__recommendedHPET">IGuestOSType::recommendedHPET</link></entry> + </row> + <row> + <entry>IGuestOSType::recommendedUsbTablet</entry> + <entry><link linkend="IGuestOSType__recommendedUSBTablet">IGuestOSType::recommendedUSBTablet</link></entry> + </row> + <row> + <entry>IGuestOSType::recommendedRtcUseUtc</entry> + <entry><link linkend="IGuestOSType__recommendedRTCUseUTC">IGuestOSType::recommendedRTCUseUTC</link></entry> + </row> + <row> + <entry>IGuestOSType::recommendedUsb</entry> + <entry><link linkend="IGuestOSType__recommendedUSB">IGuestOSType::recommendedUSB</link></entry> + </row> + <row> + <entry>INetworkAdapter::natDriver</entry> + <entry><link linkend="INetworkAdapter__NATEngine">INetworkAdapter::NATEngine</link></entry> + </row> + <row> + <entry>IUSBController::enabledEhci</entry> + <entry>IUSBController::enabledEHCI"</entry> + </row> + <row> + <entry>INATEngine::tftpPrefix</entry> + <entry><link linkend="INATEngine__TFTPPrefix">INATEngine::TFTPPrefix</link></entry> + </row> + <row> + <entry>INATEngine::tftpBootFile</entry> + <entry><link linkend="INATEngine__TFTPBootFile">INATEngine::TFTPBootFile</link></entry> + </row> + <row> + <entry>INATEngine::tftpNextServer</entry> + <entry><link linkend="INATEngine__TFTPNextServer">INATEngine::TFTPNextServer</link></entry> + </row> + <row> + <entry>INATEngine::dnsPassDomain</entry> + <entry><link linkend="INATEngine__DNSPassDomain">INATEngine::DNSPassDomain</link></entry> + </row> + <row> + <entry>INATEngine::dnsProxy</entry> + <entry><link linkend="INATEngine__DNSProxy">INATEngine::DNSProxy</link></entry> + </row> + <row> + <entry>INATEngine::dnsUseHostResolver</entry> + <entry><link linkend="INATEngine__DNSUseHostResolver">INATEngine::DNSUseHostResolver</link></entry> + </row> + <row> + <entry>VBoxEventType::OnHostPciDevicePlug</entry> + <entry><link linkend="VBoxEventType__OnHostPCIDevicePlug">VBoxEventType::OnHostPCIDevicePlug</link></entry> + </row> + <row> + <entry>ICPUChangedEvent::cpu</entry> + <entry><link linkend="ICPUChangedEvent__CPU">ICPUChangedEvent::CPU</link></entry> + </row> + <row> + <entry>INATRedirectEvent::hostIp</entry> + <entry><link linkend="INATRedirectEvent__hostIP">INATRedirectEvent::hostIP</link></entry> + </row> + <row> + <entry>INATRedirectEvent::guestIp</entry> + <entry><link linkend="INATRedirectEvent__guestIP">INATRedirectEvent::guestIP</link></entry> + </row> + <row> + <entry>IHostPciDevicePlugEvent</entry> + <entry><link linkend="IHostPCIDevicePlugEvent">IHostPCIDevicePlugEvent</link></entry> + </row> + </tbody> + </tgroup></table></para> + </listitem> + </itemizedlist> + </sect1> + + <sect1> + <title>Incompatible API changes with version 4.1</title> + + <itemizedlist> + <listitem> + <para>The method + <link linkend="IAppliance__importMachines">IAppliance::importMachines()</link> + has one more parameter now, which allows to configure the import + process in more detail. + </para> + </listitem> + + <listitem> + <para>The method + <link linkend="IVirtualBox__openMedium">IVirtualBox::openMedium()</link> + has one more parameter now, which allows resolving duplicate medium + UUIDs without the need for external tools.</para> + </listitem> + + <listitem> + <para>The <link linkend="INetworkAdapter">INetworkAdapter</link> + interface has been cleaned up. The various methods to activate an + attachment type have been replaced by the + <link linkend="INetworkAdapter__attachmentType">INetworkAdapter::attachmentType</link> + setter.</para> + <para>Additionally each attachment mode now has its own attribute, + which means that host only networks no longer share the settings with + bridged interfaces.</para> + <para>To allow introducing new network attachment implementations + without making API changes, the concept of a generic network + attachment driver has been introduced, which is configurable through + key/value properties.</para> + </listitem> + + <listitem> + <para>This version introduces the guest facilities concept. A guest + facility either represents a module or feature the guest is running + or offering, which is defined by + <link linkend="AdditionsFacilityType">AdditionsFacilityType</link>. + Each facility is member of a + <link linkend="AdditionsFacilityClass">AdditionsFacilityClass</link> + and has a current status indicated by + <link linkend="AdditionsFacilityStatus">AdditionsFacilityStatus</link>, + together with a timestamp (in ms) of the last status update.</para> + <para>To address the above concept, the following changes were made: + <itemizedlist> + <listitem> + <para> + In the <link linkend="IGuest">IGuest</link> interface, the + following were removed: + <itemizedlist> + <listitem> + <para>the + <computeroutput>supportsSeamless</computeroutput> + attribute;</para> + </listitem> + <listitem> + <para>the + <computeroutput>supportsGraphics</computeroutput> + attribute;</para> + </listitem> + </itemizedlist> + </para> + </listitem> + <listitem> + <para> + The function + <link linkend="IGuest__getFacilityStatus">IGuest::getFacilityStatus()</link> + was added. It quickly provides a facility's status without + the need to get the facility collection with + <link linkend="IGuest__facilities">IGuest::facilities</link>. + </para> + </listitem> + <listitem> + <para> + The attribute + <link linkend="IGuest__facilities">IGuest::facilities</link> + was added to provide an easy to access collection of all + currently known guest facilities, that is, it contains all + facilies where at least one status update was made since the + guest was started. + </para> + </listitem> + <listitem> + <para> + The interface + <link linkend="IAdditionsFacility">IAdditionsFacility</link> + was added to represent a single facility returned by + <link linkend="IGuest__facilities">IGuest::facilities</link>. + </para> + </listitem> + <listitem> + <para> + <link linkend="AdditionsFacilityStatus">AdditionsFacilityStatus</link> + was added to represent a facility's overall status. + </para> + </listitem> + <listitem> + <para> + <link linkend="AdditionsFacilityType">AdditionsFacilityType</link> and + <link linkend="AdditionsFacilityClass">AdditionsFacilityClass</link> were + added to represent the facility's type and class. + </para> + </listitem> + </itemizedlist> + </para> + </listitem> + </itemizedlist> + </sect1> + + <sect1> + <title>Incompatible API changes with version 4.0</title> + + <itemizedlist> + <listitem> + <para>A new Java glue layer replacing the previous OOWS JAX-WS + bindings was introduced. The new library allows for uniform code + targeting both local (COM/XPCOM) and remote (SOAP) transports. Now, + instead of <computeroutput>IWebsessionManager</computeroutput>, the + new class <computeroutput>VirtualBoxManager</computeroutput> must be + used. See <xref linkend="javaapi"/> for details.</para> + </listitem> + + <listitem> + <para>The confusingly named and impractical session APIs were + changed. In existing client code, the following changes need to be + made:<itemizedlist> + <listitem> + <para>Replace any + <computeroutput>IVirtualBox::openSession(uuidMachine, + ...)</computeroutput> API call with the machine's + <link linkend="IMachine__lockMachine">IMachine::lockMachine()</link> + call and a + <computeroutput>LockType.Write</computeroutput> argument. The + functionality is unchanged, but instead of "opening a direct + session on a machine" all documentation now refers to + "obtaining a write lock on a machine for the client + session".</para> + </listitem> + + <listitem> + <para>Similarly, replace any + <computeroutput>IVirtualBox::openExistingSession(uuidMachine, + ...)</computeroutput> call with the machine's + <link linkend="IMachine__lockMachine">IMachine::lockMachine()</link> + call and a <computeroutput>LockType.Shared</computeroutput> + argument. Whereas it was previously impossible to connect a + client session to a running VM process in a race-free manner, + the new API will atomically either write-lock the machine for + the current session or establish a remote link to an existing + session. Existing client code which tried calling both + <computeroutput>openSession()</computeroutput> and + <computeroutput>openExistingSession()</computeroutput> can now + use this one call instead.</para> + </listitem> + + <listitem> + <para>Third, replace any + <computeroutput>IVirtualBox::openRemoteSession(uuidMachine, + ...)</computeroutput> call with the machine's + <link linkend="IMachine__launchVMProcess">IMachine::launchVMProcess()</link> + call. The functionality is unchanged.</para> + </listitem> + + <listitem> + <para>The <link linkend="SessionState">SessionState</link> enum + was adjusted accordingly: "Open" is now "Locked", "Closed" is + now "Unlocked", "Closing" is now "Unlocking".</para> + </listitem> + </itemizedlist></para> + </listitem> + + <listitem> + <para>Virtual machines created with VirtualBox 4.0 or later no + longer register their media in the global media registry in the + <computeroutput>VirtualBox.xml</computeroutput> file. Instead, such + machines list all their media in their own machine XML files. As a + result, a number of media-related APIs had to be modified again. + <itemizedlist> + <listitem> + <para>Neither + <computeroutput>IVirtualBox::createHardDisk()</computeroutput> + nor + <link linkend="IVirtualBox__openMedium">IVirtualBox::openMedium()</link> + register media automatically any more.</para> + </listitem> + + <listitem> + <para><link linkend="IMachine__attachDevice">IMachine::attachDevice()</link> + and + <link linkend="IMachine__mountMedium">IMachine::mountMedium()</link> + now take an IMedium object instead of a UUID as an argument. It + is these two calls which add media to a registry now (either a + machine registry for machines created with VirtualBox 4.0 or + later or the global registry otherwise). As a consequence, if a + medium is opened but never attached to a machine, it is no + longer added to any registry any more.</para> + </listitem> + + <listitem> + <para>To reduce code duplication, the APIs + IVirtualBox::findHardDisk(), getHardDisk(), findDVDImage(), + getDVDImage(), findFloppyImage() and getFloppyImage() have all + been merged into IVirtualBox::findMedium(), and + IVirtualBox::openHardDisk(), openDVDImage() and + openFloppyImage() have all been merged into + <link linkend="IVirtualBox__openMedium">IVirtualBox::openMedium()</link>.</para> + </listitem> + + <listitem> + <para>The rare use case of changing the UUID and parent UUID + of a medium previously handled by + <computeroutput>openHardDisk()</computeroutput> is now in a + separate IMedium::setIDs method.</para> + </listitem> + + <listitem> + <para><computeroutput>ISystemProperties::get/setDefaultHardDiskFolder()</computeroutput> + have been removed since disk images are now by default placed + in each machine's folder.</para> + </listitem> + + <listitem> + <para>The + <link linkend="ISystemProperties__infoVDSize">ISystemProperties::infoVDSize</link> + attribute replaces the + <computeroutput>getMaxVDISize()</computeroutput> + API call; this now uses bytes instead of megabytes.</para> + </listitem> + </itemizedlist></para> + </listitem> + + <listitem> + <para>Machine management APIs were enhanced as follows:<itemizedlist> + <listitem> + <para><link linkend="IVirtualBox__createMachine">IVirtualBox::createMachine()</link> + is no longer restricted to creating machines in the default + "Machines" folder, but can now create machines at arbitrary + locations. For this to work, the parameter list had to be + changed.</para> + </listitem> + + <listitem> + <para>The long-deprecated + <computeroutput>IVirtualBox::createLegacyMachine()</computeroutput> + API has been removed.</para> + </listitem> + + <listitem> + <para>To reduce code duplication and for consistency with the + aforementioned media APIs, + <computeroutput>IVirtualBox::getMachine()</computeroutput> has + been merged with + <link linkend="IVirtualBox__findMachine">IVirtualBox::findMachine()</link>, + and + <computeroutput>IMachine::getSnapshot()</computeroutput> has + been merged with + <link linkend="IMachine__findSnapshot">IMachine::findSnapshot()</link>.</para> + </listitem> + + <listitem> + <para><computeroutput>IVirtualBox::unregisterMachine()</computeroutput> + was replaced with + <link linkend="IMachine__unregister">IMachine::unregister()</link> + with additional functionality for cleaning up machine + files.</para> + </listitem> + + <listitem> + <para><computeroutput>IMachine::deleteSettings</computeroutput> + has been replaced by IMachine::delete, which allows specifying + which disk images are to be deleted as part of the deletion, + and because it can take a while it also returns a + <computeroutput>IProgress</computeroutput> object reference, + so that the completion of the asynchronous activities can be + monitored.</para> + </listitem> + + <listitem> + <para><computeroutput>IConsole::forgetSavedState</computeroutput> + has been renamed to + <computeroutput>IConsole::discardSavedState()</computeroutput>.</para> + </listitem> + </itemizedlist></para> + </listitem> + + <listitem> + <para>All event callbacks APIs were replaced with a new, generic + event mechanism that can be used both locally (COM, XPCOM) and + remotely (web services). Also, the new mechanism is usable from + scripting languages and a local Java. See + <link linkend="IEvent">events</link> for details. The new concept + will require changes to all clients that used event callbacks.</para> + </listitem> + + <listitem> + <para><computeroutput>additionsActive()</computeroutput> was replaced + with + <link linkend="IGuest__additionsRunLevel">additionsRunLevel()</link> + and + <link linkend="IGuest__getAdditionsStatus">getAdditionsStatus()</link> + in order to support a more detailed status of the current Guest + Additions loading/readiness state. + <link linkend="IGuest__additionsVersion">IGuest::additionsVersion()</link> + no longer returns the Guest Additions interface version but the + installed Guest Additions version and revision in form of + <computeroutput>3.3.0r12345</computeroutput>.</para> + </listitem> + + <listitem> + <para>To address shared folders auto-mounting support, the following + APIs were extended to require an additional + <computeroutput>automount</computeroutput> parameter: <itemizedlist> + <listitem> + <para><link linkend="IVirtualBox__createSharedFolder">IVirtualBox::createSharedFolder()</link></para> + </listitem> + + <listitem> + <para><link linkend="IMachine__createSharedFolder">IMachine::createSharedFolder()</link></para> + </listitem> + + <listitem> + <para><link linkend="IConsole__createSharedFolder">IConsole::createSharedFolder()</link></para> + </listitem> + </itemizedlist> Also, a new property named + <computeroutput>autoMount</computeroutput> was added to the + <link linkend="ISharedFolder">ISharedFolder</link> + interface.</para> + </listitem> + + <listitem> + <para>The appliance (OVF) APIs were enhanced as + follows:<itemizedlist> + <listitem> + <para><computeroutput>IMachine::export</computeroutput> + received an extra parameter + <computeroutput>location</computeroutput>, which is used to + decide for the disk naming.</para> + </listitem> + + <listitem> + <para><link linkend="IAppliance__write">IAppliance::write()</link> + received an extra parameter + <computeroutput>manifest</computeroutput>, which can suppress + creating the manifest file on export.</para> + </listitem> + + <listitem> + <para><link linkend="IVFSExplorer__entryList">IVFSExplorer::entryList()</link> + received two extra parameters + <computeroutput>sizes</computeroutput> and + <computeroutput>modes</computeroutput>, which contains the + sizes (in bytes) and the file access modes (in octal form) of + the returned files.</para> + </listitem> + </itemizedlist></para> + </listitem> + + <listitem> + <para>Support for remote desktop access to virtual machines has been + cleaned up to allow third party implementations of the remote + desktop server. This is called the VirtualBox Remote Desktop + Extension (VRDE) and can be added to VirtualBox by installing the + corresponding extension package; see the VirtualBox User Manual for + details.</para> + + <para>The following API changes were made to support the VRDE + interface: <itemizedlist> + <listitem> + <para><computeroutput>IVRDPServer</computeroutput> has been + renamed to + <link linkend="IVRDEServer">IVRDEServer</link>.</para> + </listitem> + + <listitem> + <para><computeroutput>IRemoteDisplayInfo</computeroutput> has + been renamed to + <link linkend="IVRDEServerInfo">IVRDEServerInfo</link>.</para> + </listitem> + + <listitem> + <para><link linkend="IMachine__VRDEServer">IMachine::VRDEServer</link> + replaces + <computeroutput>VRDPServer.</computeroutput></para> + </listitem> + + <listitem> + <para><link linkend="IConsole__VRDEServerInfo">IConsole::VRDEServerInfo</link> + replaces + <computeroutput>RemoteDisplayInfo</computeroutput>.</para> + </listitem> + + <listitem> + <para><link linkend="ISystemProperties__VRDEAuthLibrary">ISystemProperties::VRDEAuthLibrary</link> + replaces + <computeroutput>RemoteDisplayAuthLibrary</computeroutput>.</para> + </listitem> + + <listitem> + <para>The following methods have been implemented in + <computeroutput>IVRDEServer</computeroutput> to support + generic VRDE properties: <itemizedlist> + <listitem> + <para><link linkend="IVRDEServer__setVRDEProperty">IVRDEServer::setVRDEProperty</link></para> + </listitem> + + <listitem> + <para><link linkend="IVRDEServer__getVRDEProperty">IVRDEServer::getVRDEProperty</link></para> + </listitem> + + <listitem> + <para><link linkend="IVRDEServer__VRDEProperties">IVRDEServer::VRDEProperties</link></para> + </listitem> + </itemizedlist></para> + + <para>A few implementation-specific attributes of the old + <computeroutput>IVRDPServer</computeroutput> interface have + been removed and replaced with properties: <itemizedlist> + <listitem> + <para><computeroutput>IVRDPServer::Ports</computeroutput> + has been replaced with the + <computeroutput>"TCP/Ports"</computeroutput> property. + The property value is a string, which contains a + comma-separated list of ports or ranges of ports. Use a + dash between two port numbers to specify a range. + Example: + <computeroutput>"5000,5010-5012"</computeroutput></para> + </listitem> + + <listitem> + <para><computeroutput>IVRDPServer::NetAddress</computeroutput> + has been replaced with the + <computeroutput>"TCP/Address"</computeroutput> property. + The property value is an IP address string. Example: + <computeroutput>"127.0.0.1"</computeroutput></para> + </listitem> + + <listitem> + <para><computeroutput>IVRDPServer::VideoChannel</computeroutput> + has been replaced with the + <computeroutput>"VideoChannel/Enabled"</computeroutput> + property. The property value is either + <computeroutput>"true"</computeroutput> or + <computeroutput>"false"</computeroutput></para> + </listitem> + + <listitem> + <para><computeroutput>IVRDPServer::VideoChannelQuality</computeroutput> + has been replaced with the + <computeroutput>"VideoChannel/Quality"</computeroutput> + property. The property value is a string which contain a + decimal number in range 10..100. Invalid values are + ignored and the quality is set to the default value 75. + Example: <computeroutput>"50"</computeroutput></para> + </listitem> + </itemizedlist></para> + </listitem> + </itemizedlist></para> + </listitem> + + <listitem> + <para>The VirtualBox external authentication module interface has + been updated and made more generic. Because of that, + <computeroutput>VRDPAuthType</computeroutput> enumeration has been + renamed to <link linkend="AuthType">AuthType</link>.</para> + </listitem> + </itemizedlist> + </sect1> + + <sect1> + <title>Incompatible API changes with version 3.2</title> + + <itemizedlist> + <listitem> + <para>The following interfaces were renamed for consistency: + <itemizedlist> + <listitem> + <para>IMachine::getCpuProperty() is now + <link linkend="IMachine__getCPUProperty">IMachine::getCPUProperty()</link>;</para> + </listitem> + + <listitem> + <para>IMachine::setCpuProperty() is now + <link linkend="IMachine__setCPUProperty">IMachine::setCPUProperty()</link>;</para> + </listitem> + + <listitem> + <para>IMachine::getCpuIdLeaf() is now + <link linkend="IMachine__getCPUIDLeaf">IMachine::getCPUIDLeaf()</link>;</para> + </listitem> + + <listitem> + <para>IMachine::setCpuIdLeaf() is now + <link linkend="IMachine__setCPUIDLeaf">IMachine::setCPUIDLeaf()</link>;</para> + </listitem> + + <listitem> + <para>IMachine::removeCpuIdLeaf() is now + <link linkend="IMachine__removeCPUIDLeaf">IMachine::removeCPUIDLeaf()</link>;</para> + </listitem> + + <listitem> + <para>IMachine::removeAllCpuIdLeafs() is now + <link linkend="IMachine__removeAllCPUIDLeaves">IMachine::removeAllCPUIDLeaves()</link>;</para> + </listitem> + + <listitem> + <para>the CpuPropertyType enum is now + <link linkend="CPUPropertyType">CPUPropertyType</link>.</para> + </listitem> + + <listitem> + <para>IVirtualBoxCallback::onSnapshotDiscarded() is now + IVirtualBoxCallback::onSnapshotDeleted.</para> + </listitem> + </itemizedlist></para> + </listitem> + + <listitem> + <para>When creating a VM configuration with + <link linkend="IVirtualBox__createMachine">IVirtualBox::createMachine()</link> + it is now possible to ignore existing configuration files which would + previously have caused a failure. For this the + <computeroutput>override</computeroutput> parameter was added.</para> + </listitem> + + <listitem> + <para>Deleting snapshots via + <computeroutput>IConsole::deleteSnapshot()</computeroutput> is now + possible while the associated VM is running in almost all cases. + The API is unchanged, but client code that verifies machine states + to determine whether snapshots can be deleted may need to be + adjusted.</para> + </listitem> + + <listitem> + <para>The IoBackendType enumeration was replaced with a boolean flag + (see + <link linkend="IStorageController__useHostIOCache">IStorageController::useHostIOCache</link>).</para> + </listitem> + + <listitem> + <para>To address multi-monitor support, the following APIs were + extended to require an additional + <computeroutput>screenId</computeroutput> parameter: <itemizedlist> + <listitem> + <para>IMachine::querySavedThumbnailSize()</para> + </listitem> + + <listitem> + <para><link linkend="IMachine__readSavedThumbnailToArray">IMachine::readSavedThumbnailToArray()</link></para> + </listitem> + + <listitem> + <para><link linkend="IMachine__querySavedScreenshotInfo">IMachine::querySavedScreenshotPNGSize()</link></para> + </listitem> + + <listitem> + <para><link linkend="IMachine__readSavedScreenshotToArray">IMachine::readSavedScreenshotPNGToArray()</link></para> + </listitem> + </itemizedlist></para> + </listitem> + + <listitem> + <para>The <computeroutput>shape</computeroutput> parameter of + IConsoleCallback::onMousePointerShapeChange was changed from a + implementation-specific pointer to a safearray, enabling scripting + languages to process pointer shapes.</para> + </listitem> + </itemizedlist> + </sect1> + + <sect1> + <title>Incompatible API changes with version 3.1</title> + + <itemizedlist> + <listitem> + <para>Due to the new flexibility in medium attachments that was + introduced with version 3.1 (in particular, full flexibility with + attaching CD/DVD drives to arbitrary controllers), we seized the + opportunity to rework all interfaces dealing with storage media to + make the API more flexible as well as logical. The + <link linkend="IStorageController">IStorageController</link>, + <link linkend="IMedium">IMedium</link>, + <link linkend="IMediumAttachment">IMediumAttachment</link> and + <link linkend="IMachine">IMachine</link> interfaces were + affected the most. Existing code using them to configure storage and + media needs to be carefully checked.</para> + + <para>All media (hard disks, floppies and CDs/DVDs) are now + uniformly handled through the <link linkend="IMedium">IMedium</link> + interface. The device-specific interfaces + (<code>IHardDisk</code>, <code>IDVDImage</code>, + <code>IHostDVDDrive</code>, <code>IFloppyImage</code> and + <code>IHostFloppyDrive</code>) have been merged into IMedium; CD/DVD + and floppy media no longer need special treatment. The device type + of a medium determines in which context it can be used. Some + functionality was moved to the other storage-related + interfaces.</para> + + <para><code>IMachine::attachHardDisk</code> and similar methods have + been renamed and generalized to deal with any type of drive and + medium. + <link linkend="IMachine__attachDevice">IMachine::attachDevice()</link> + is the API method for adding any drive to a storage controller. The + floppy and DVD/CD drives are no longer handled specially, and that + means you can have more than one of them. As before, drives can only + be changed while the VM is powered off. Mounting (or unmounting) + removable media at runtime is possible with + <link linkend="IMachine__mountMedium">IMachine::mountMedium()</link>.</para> + + <para>Newly created virtual machines have no storage controllers + associated with them. Even the IDE Controller needs to be created + explicitly. The floppy controller is now visible as a separate + controller, with a new storage bus type. For each storage bus type + you can query the device types which can be attached, so that it is + not necessary to hardcode any attachment rules.</para> + + <para>This required matching changes e.g. in the callback interfaces + (the medium specific change notification was replaced by a generic + medium change notification) and removing associated enums (e.g. + <code>DriveState</code>). In many places the incorrect use of the + plural form "media" was replaced by "medium", to improve + consistency.</para> + </listitem> + + <listitem> + <para>Reading the + <link linkend="IMedium__state">IMedium::state</link> attribute no + longer automatically performs an accessibility check; a new method + <link linkend="IMedium__refreshState">IMedium::refreshState()</link> + does this. The attribute only returns the state now.</para> + </listitem> + + <listitem> + <para>There were substantial changes related to snapshots, triggered + by the "branched snapshots" functionality introduced with version + 3.1. IConsole::discardSnapshot was renamed to + <computeroutput>IConsole::deleteSnapshot()</computeroutput>. + IConsole::discardCurrentState and + IConsole::discardCurrentSnapshotAndState were removed; corresponding + new functionality is in + <computeroutput>IConsole::restoreSnapshot()</computeroutput>. + Also, when <computeroutput>IConsole::takeSnapshot()</computeroutput> + is called on a running virtual machine, a live snapshot will be + created. The old behavior was to temporarily pause the virtual + machine while creating an online snapshot.</para> + </listitem> + + <listitem> + <para>The <computeroutput>IVRDPServer</computeroutput>, + <computeroutput>IRemoteDisplayInfo"</computeroutput> and + <computeroutput>IConsoleCallback</computeroutput> interfaces were + changed to reflect VRDP server ability to bind to one of available + ports from a list of ports.</para> + + <para>The <computeroutput>IVRDPServer::port</computeroutput> + attribute has been replaced with + <computeroutput>IVRDPServer::ports</computeroutput>, which is a + comma-separated list of ports or ranges of ports.</para> + + <para>An <computeroutput>IRemoteDisplayInfo::port"</computeroutput> + attribute has been added for querying the actual port VRDP server + listens on.</para> + + <para>An IConsoleCallback::onRemoteDisplayInfoChange() notification + callback has been added.</para> + </listitem> + + <listitem> + <para>The parameter lists for the following functions were + modified:<itemizedlist> + <listitem> + <para><link linkend="IHost__removeHostOnlyNetworkInterface">IHost::removeHostOnlyNetworkInterface()</link></para> + </listitem> + + <listitem> + <para><link linkend="IHost__removeUSBDeviceFilter">IHost::removeUSBDeviceFilter()</link></para> + </listitem> + </itemizedlist></para> + </listitem> + + <listitem> + <para>In the OOWS bindings for JAX-WS, the behavior of structures + changed: for one, we implemented natural structures field access so + you can just call a "get" method to obtain a field. Secondly, + setters in structures were disabled as they have no expected effect + and were at best misleading.</para> + </listitem> + </itemizedlist> + </sect1> + + <sect1> + <title>Incompatible API changes with version 3.0</title> + + <itemizedlist> + <listitem> + <para>In the object-oriented web service bindings for JAX-WS, proper + inheritance has been introduced for some classes, so explicit + casting is no longer needed to call methods from a parent class. In + particular, IHardDisk and other classes now properly derive from + <link linkend="IMedium">IMedium</link>.</para> + </listitem> + + <listitem> + <para>All object identifiers (machines, snapshots, disks, etc) + switched from GUIDs to strings (now still having string + representation of GUIDs inside). As a result, no particular internal + structure can be assumed for object identifiers; instead, they + should be treated as opaque unique handles. This change mostly + affects Java and C++ programs; for other languages, GUIDs are + transparently converted to strings.</para> + </listitem> + + <listitem> + <para>The uses of NULL strings have been changed greatly. All out + parameters now use empty strings to signal a null value. For in + parameters both the old NULL and empty string is allowed. This + change was necessary to support more client bindings, especially + using the web service API. Many of them either have no special NULL + value or have trouble dealing with it correctly in the respective + library code.</para> + </listitem> + + <listitem> + <para>Accidentally, the <code>TSBool</code> interface still appeared + in 3.0.0, and was removed in 3.0.2. This is an SDK bug, do not use + the SDK for VirtualBox 3.0.0 for developing clients.</para> + </listitem> + + <listitem> + <para>The type of + <link linkend="IVirtualBoxErrorInfo__resultCode">IVirtualBoxErrorInfo::resultCode</link> + changed from + <computeroutput>result</computeroutput> to + <computeroutput>long</computeroutput>.</para> + </listitem> + + <listitem> + <para>The parameter list of IVirtualBox::openHardDisk was + changed.</para> + </listitem> + + <listitem> + <para>The method IConsole::discardSavedState was renamed to + IConsole::forgetSavedState, and a parameter was added.</para> + </listitem> + + <listitem> + <para>The method IConsole::powerDownAsync was renamed to + <link linkend="IConsole__powerDown">IConsole::powerDown</link>, + and the previous method with that name was deleted. So effectively a + parameter was added.</para> + </listitem> + + <listitem> + <para>In the + <link linkend="IFramebuffer">IFramebuffer</link> interface, the + following were removed:<itemizedlist> + <listitem> + <para>the <computeroutput>operationSupported</computeroutput> + attribute;</para> + + <para>(as a result, the + <computeroutput>FramebufferAccelerationOperation</computeroutput> + enum was no longer needed and removed as well);</para> + </listitem> + + <listitem> + <para>the <computeroutput>solidFill()</computeroutput> + method;</para> + </listitem> + + <listitem> + <para>the <computeroutput>copyScreenBits()</computeroutput> + method.</para> + </listitem> + </itemizedlist></para> + </listitem> + + <listitem> + <para>In the <link linkend="IDisplay">IDisplay</link> + interface, the following were removed:<itemizedlist> + <listitem> + <para>the + <computeroutput>setupInternalFramebuffer()</computeroutput> + method;</para> + </listitem> + + <listitem> + <para>the <computeroutput>lockFramebuffer()</computeroutput> + method;</para> + </listitem> + + <listitem> + <para>the <computeroutput>unlockFramebuffer()</computeroutput> + method;</para> + </listitem> + + <listitem> + <para>the + <computeroutput>registerExternalFramebuffer()</computeroutput> + method.</para> + </listitem> + </itemizedlist></para> + </listitem> + </itemizedlist> + </sect1> + + <sect1> + <title>Incompatible API changes with version 2.2</title> + + <itemizedlist> + <listitem> + <para>Added explicit version number into JAX-WS Java package names, + such as <computeroutput>org.virtualbox_2_2</computeroutput>, + allowing connect to multiple VirtualBox clients from single Java + application.</para> + </listitem> + + <listitem> + <para>The interfaces having a "2" suffix attached to them with + version 2.1 were renamed again to have that suffix removed. This + time around, this change involves only the name, there are no + functional differences.</para> + + <para>As a result, IDVDImage2 is now IDVDImage; IHardDisk2 is now + IHardDisk; IHardDisk2Attachment is now IHardDiskAttachment.</para> + + <para>Consequentially, all related methods and attributes that had a + "2" suffix have been renamed; for example, IMachine::attachHardDisk2 + now becomes IMachine::attachHardDisk().</para> + </listitem> + + <listitem> + <para>IVirtualBox::openHardDisk has an extra parameter for opening a + disk read/write or read-only.</para> + </listitem> + + <listitem> + <para>The remaining collections were replaced by more performant + safe-arrays. This affects the following collections:</para> + + <itemizedlist> + <listitem> + <para>IGuestOSTypeCollection</para> + </listitem> + + <listitem> + <para>IHostDVDDriveCollection</para> + </listitem> + + <listitem> + <para>IHostFloppyDriveCollection</para> + </listitem> + + <listitem> + <para>IHostUSBDeviceCollection</para> + </listitem> + + <listitem> + <para>IHostUSBDeviceFilterCollection</para> + </listitem> + + <listitem> + <para>IProgressCollection</para> + </listitem> + + <listitem> + <para>ISharedFolderCollection</para> + </listitem> + + <listitem> + <para>ISnapshotCollection</para> + </listitem> + + <listitem> + <para>IUSBDeviceCollection</para> + </listitem> + + <listitem> + <para>IUSBDeviceFilterCollection</para> + </listitem> + </itemizedlist> + </listitem> + + <listitem> + <para>Since "Host Interface Networking" was renamed to "bridged + networking" and host-only networking was introduced, all associated + interfaces needed renaming as well. In detail:</para> + + <itemizedlist> + <listitem> + <para>The HostNetworkInterfaceType enum has been renamed to + <link linkend="HostNetworkInterfaceMediumType">HostNetworkInterfaceMediumType</link></para> + </listitem> + + <listitem> + <para>The IHostNetworkInterface::type attribute has been renamed + to + <link linkend="IHostNetworkInterface__mediumType">IHostNetworkInterface::mediumType</link></para> + </listitem> + + <listitem> + <para>INetworkAdapter::attachToHostInterface() has been renamed + to INetworkAdapter::attachToBridgedInterface</para> + </listitem> + + <listitem> + <para>In the IHost interface, createHostNetworkInterface() has + been renamed to + <link linkend="IHost__createHostOnlyNetworkInterface">createHostOnlyNetworkInterface()</link></para> + </listitem> + + <listitem> + <para>Similarly, removeHostNetworkInterface() has been renamed + to + <link linkend="IHost__removeHostOnlyNetworkInterface">removeHostOnlyNetworkInterface()</link></para> + </listitem> + </itemizedlist> + </listitem> + </itemizedlist> + </sect1> + + <sect1> + <title>Incompatible API changes with version 2.1</title> + + <itemizedlist> + <listitem> + <para>With VirtualBox 2.1, error codes were added to many error + infos that give the caller a machine-readable (numeric) feedback in + addition to the error string that has always been available. This is + an ongoing process, and future versions of this SDK reference will + document the error codes for each method call.</para> + </listitem> + + <listitem> + <para>The hard disk and other media interfaces were completely + redesigned. This was necessary to account for the support of VMDK, + VHD and other image types; since backwards compatibility had to be + broken anyway, we seized the moment to redesign the interfaces in a + more logical way.</para> + + <itemizedlist> + <listitem> + <para>Previously, the old IHardDisk interface had several + derivatives called IVirtualDiskImage, IVMDKImage, IVHDImage, + IISCSIHardDisk and ICustomHardDisk for the various disk formats + supported by VirtualBox. The new IHardDisk2 interface that comes + with version 2.1 now supports all hard disk image formats + itself.</para> + </listitem> + + <listitem> + <para>IHardDiskFormat is a new interface to describe the + available back-ends for hard disk images (e.g. VDI, VMDK, VHD or + iSCSI). The IHardDisk2::format attribute can be used to find out + the back-end that is in use for a particular hard disk image. + ISystemProperties::hardDiskFormats[] contains a list of all + back-ends supported by the system. + <link linkend="ISystemProperties__defaultHardDiskFormat">ISystemProperties::defaultHardDiskFormat</link> + contains the default system format.</para> + </listitem> + + <listitem> + <para>In addition, the new + <link linkend="IMedium">IMedium</link> interface is a generic + interface for hard disk, DVD and floppy images that contains the + attributes and methods shared between them. It can be considered + a parent class of the more specific interfaces for those images, + which are now IHardDisk2, IDVDImage2 and IFloppyImage2.</para> + + <para>In each case, the "2" versions of these interfaces replace + the earlier versions that did not have the "2" suffix. + Previously, the IDVDImage and IFloppyImage interfaces were + entirely unrelated to IHardDisk.</para> + </listitem> + + <listitem> + <para>As a result, all parts of the API that previously + referenced IHardDisk, IDVDImage or IFloppyImage or any of the + old subclasses are gone and will have replacements that use + IHardDisk2, IDVDImage2 and IFloppyImage2; see, for example, + IMachine::attachHardDisk2.</para> + </listitem> + + <listitem> + <para>In particular, the IVirtualBox::hardDisks2 array replaces + the earlier IVirtualBox::hardDisks collection.</para> + </listitem> + </itemizedlist> + </listitem> + + <listitem> + <para><link linkend="IGuestOSType">IGuestOSType</link> was + extended to group operating systems into families and for 64-bit + support.</para> + </listitem> + + <listitem> + <para>The + <link linkend="IHostNetworkInterface">IHostNetworkInterface</link> + interface was completely rewritten to account for the changes in how + Host Interface Networking is now implemented in VirtualBox + 2.1.</para> + </listitem> + + <listitem> + <para>The IVirtualBox::machines2[] array replaces the former + IVirtualBox::machines collection.</para> + </listitem> + + <listitem> + <para>Added + <link linkend="IHost__getProcessorFeature">IHost::getProcessorFeature()</link> + and <link linkend="ProcessorFeature">ProcessorFeature</link> + enumeration.</para> + </listitem> + + <listitem> + <para>The parameter list for + <link linkend="IVirtualBox__createMachine">IVirtualBox::createMachine()</link> + was modified.</para> + </listitem> + + <listitem> + <para>Added IMachine::pushGuestProperty.</para> + </listitem> + + <listitem> + <para>New attributes in IMachine: + <link linkend="IMachine__accelerate3DEnabled">accelerate3DEnabled</link>, + HWVirtExVPIDEnabled, + <computeroutput>IMachine::guestPropertyNotificationPatterns</computeroutput>, + <link linkend="IMachine__CPUCount">CPUCount</link>.</para> + </listitem> + + <listitem> + <para>Added + <link linkend="IConsole__powerUpPaused">IConsole::powerUpPaused()</link> + and + <link linkend="IConsole__getGuestEnteredACPIMode">IConsole::getGuestEnteredACPIMode()</link>.</para> + </listitem> + + <listitem> + <para>Removed ResourceUsage enumeration.</para> + </listitem> + </itemizedlist> + </sect1> + </chapter> +</book> +<!-- vim: set shiftwidth=2 tabstop=2 expandtab: --> diff --git a/doc/manual/en_US/UserManual.xml b/doc/manual/en_US/UserManual.xml new file mode 100644 index 00000000..4618b98a --- /dev/null +++ b/doc/manual/en_US/UserManual.xml @@ -0,0 +1,90 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" + "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"[ +<!ENTITY % all.entities SYSTEM "all-entities.ent"> +%all.entities; +]> +<book id="VBOXU" lang="en"> + +<!-- VBox bookinfo section --> + +<bookinfo> + + <title>&VBOX_PRODUCT;</title> + + <subtitle>User Manual</subtitle> + + <edition>Version &VBOX_VERSION_STRING;</edition> + + <corpauthor>&VBOX_VENDOR;</corpauthor> + + <address>http://www.virtualbox.org</address> + + <copyright> + + <year>2004-&VBOX_C_YEAR;</year> + + <holder>&VBOX_VENDOR;</holder> + + </copyright> + + </bookinfo> + + <xi:include href="user_Preface.xml" + xmlns:xi="http://www.w3.org/2001/XInclude" /> + + <xi:include href="user_Introduction.xml" + xmlns:xi="http://www.w3.org/2001/XInclude" /> + + <xi:include href="user_Installation.xml" + xmlns:xi="http://www.w3.org/2001/XInclude" /> + + <xi:include href="user_BasicConcepts.xml" + xmlns:xi="http://www.w3.org/2001/XInclude" /> + + <xi:include href="user_GuestAdditions.xml" + xmlns:xi="http://www.w3.org/2001/XInclude" /> + + <xi:include href="user_Storage.xml" + xmlns:xi="http://www.w3.org/2001/XInclude" /> + + <xi:include href="user_Networking.xml" + xmlns:xi="http://www.w3.org/2001/XInclude" /> + + <xi:include href="user_Frontends.xml" + xmlns:xi="http://www.w3.org/2001/XInclude" /> + + <xi:include href="user_VBoxManage.xml" + xmlns:xi="http://www.w3.org/2001/XInclude" /> + + <xi:include href="user_AdvancedTopics.xml" + xmlns:xi="http://www.w3.org/2001/XInclude" /> + + <xi:include href="user_Technical.xml" + xmlns:xi="http://www.w3.org/2001/XInclude" /> + + <xi:include href="user_VirtualBoxAPI.xml" + xmlns:xi="http://www.w3.org/2001/XInclude" /> + + <xi:include href="user_Troubleshooting.xml" + xmlns:xi="http://www.w3.org/2001/XInclude" /> + + <xi:include href="user_Security.xml" + xmlns:xi="http://www.w3.org/2001/XInclude" /> + + <xi:include href="user_KnownIssues.xml" + xmlns:xi="http://www.w3.org/2001/XInclude" /> + + <xi:include href="user_ChangeLog.xml" + xmlns:xi="http://www.w3.org/2001/XInclude" /> + + <xi:include href="user_ThirdParty.xml" + xmlns:xi="http://www.w3.org/2001/XInclude" /> + + <xi:include href="user_PrivacyPolicy.xml" + xmlns:xi="http://www.w3.org/2001/XInclude" /> + + <xi:include href="user_Glossary.xml" + xmlns:xi="http://www.w3.org/2001/XInclude" /> + +</book> diff --git a/doc/manual/en_US/images/clone-vm.png b/doc/manual/en_US/images/clone-vm.png Binary files differnew file mode 100644 index 00000000..35af34c6 --- /dev/null +++ b/doc/manual/en_US/images/clone-vm.png diff --git a/doc/manual/en_US/images/cloud-profile-manager.png b/doc/manual/en_US/images/cloud-profile-manager.png Binary files differnew file mode 100644 index 00000000..d88070e9 --- /dev/null +++ b/doc/manual/en_US/images/cloud-profile-manager.png diff --git a/doc/manual/en_US/images/create-vdi-1.png b/doc/manual/en_US/images/create-vdi-1.png Binary files differnew file mode 100644 index 00000000..9bf79988 --- /dev/null +++ b/doc/manual/en_US/images/create-vdi-1.png diff --git a/doc/manual/en_US/images/create-vm-1.png b/doc/manual/en_US/images/create-vm-1.png Binary files differnew file mode 100644 index 00000000..f42fc398 --- /dev/null +++ b/doc/manual/en_US/images/create-vm-1.png diff --git a/doc/manual/en_US/images/create-vm-2.png b/doc/manual/en_US/images/create-vm-2.png Binary files differnew file mode 100644 index 00000000..f643acaa --- /dev/null +++ b/doc/manual/en_US/images/create-vm-2.png diff --git a/doc/manual/en_US/images/dnd-modes.png b/doc/manual/en_US/images/dnd-modes.png Binary files differnew file mode 100644 index 00000000..f88f02c6 --- /dev/null +++ b/doc/manual/en_US/images/dnd-modes.png diff --git a/doc/manual/en_US/images/export-appliance-oci.png b/doc/manual/en_US/images/export-appliance-oci.png Binary files differnew file mode 100644 index 00000000..9ee78137 --- /dev/null +++ b/doc/manual/en_US/images/export-appliance-oci.png diff --git a/doc/manual/en_US/images/guest-fm.png b/doc/manual/en_US/images/guest-fm.png Binary files differnew file mode 100644 index 00000000..bfe24233 --- /dev/null +++ b/doc/manual/en_US/images/guest-fm.png diff --git a/doc/manual/en_US/images/ovf-import.png b/doc/manual/en_US/images/ovf-import.png Binary files differnew file mode 100644 index 00000000..e484fffa --- /dev/null +++ b/doc/manual/en_US/images/ovf-import.png diff --git a/doc/manual/en_US/images/seamless.png b/doc/manual/en_US/images/seamless.png Binary files differnew file mode 100644 index 00000000..7239300d --- /dev/null +++ b/doc/manual/en_US/images/seamless.png diff --git a/doc/manual/en_US/images/snapshots-1.png b/doc/manual/en_US/images/snapshots-1.png Binary files differnew file mode 100644 index 00000000..aafb6e8e --- /dev/null +++ b/doc/manual/en_US/images/snapshots-1.png diff --git a/doc/manual/en_US/images/vbox-components.png b/doc/manual/en_US/images/vbox-components.png Binary files differnew file mode 100644 index 00000000..ed1326dc --- /dev/null +++ b/doc/manual/en_US/images/vbox-components.png diff --git a/doc/manual/en_US/images/vbox-sdl.png b/doc/manual/en_US/images/vbox-sdl.png Binary files differnew file mode 100644 index 00000000..2c5b9fb3 --- /dev/null +++ b/doc/manual/en_US/images/vbox-sdl.png diff --git a/doc/manual/en_US/images/vboxlogo.png b/doc/manual/en_US/images/vboxlogo.png Binary files differnew file mode 100644 index 00000000..1394b447 --- /dev/null +++ b/doc/manual/en_US/images/vboxlogo.png diff --git a/doc/manual/en_US/images/virtual-disk-manager.png b/doc/manual/en_US/images/virtual-disk-manager.png Binary files differnew file mode 100644 index 00000000..16e53fde --- /dev/null +++ b/doc/manual/en_US/images/virtual-disk-manager.png diff --git a/doc/manual/en_US/images/virtual-disk-manager2.png b/doc/manual/en_US/images/virtual-disk-manager2.png Binary files differnew file mode 100644 index 00000000..030043ba --- /dev/null +++ b/doc/manual/en_US/images/virtual-disk-manager2.png diff --git a/doc/manual/en_US/images/virtualbox-main-empty.png b/doc/manual/en_US/images/virtualbox-main-empty.png Binary files differnew file mode 100644 index 00000000..7871d3cd --- /dev/null +++ b/doc/manual/en_US/images/virtualbox-main-empty.png diff --git a/doc/manual/en_US/images/virtualbox-main.png b/doc/manual/en_US/images/virtualbox-main.png Binary files differnew file mode 100644 index 00000000..fade285c --- /dev/null +++ b/doc/manual/en_US/images/virtualbox-main.png diff --git a/doc/manual/en_US/images/vm-close.png b/doc/manual/en_US/images/vm-close.png Binary files differnew file mode 100644 index 00000000..b23cfa25 --- /dev/null +++ b/doc/manual/en_US/images/vm-close.png diff --git a/doc/manual/en_US/images/vm-groups.png b/doc/manual/en_US/images/vm-groups.png Binary files differnew file mode 100644 index 00000000..02752eef --- /dev/null +++ b/doc/manual/en_US/images/vm-groups.png diff --git a/doc/manual/en_US/images/vm-hostkey.png b/doc/manual/en_US/images/vm-hostkey.png Binary files differnew file mode 100644 index 00000000..7c36c0ca --- /dev/null +++ b/doc/manual/en_US/images/vm-hostkey.png diff --git a/doc/manual/en_US/images/vm-settings-harddisk.png b/doc/manual/en_US/images/vm-settings-harddisk.png Binary files differnew file mode 100644 index 00000000..1ae354ef --- /dev/null +++ b/doc/manual/en_US/images/vm-settings-harddisk.png diff --git a/doc/manual/en_US/images/vm-vista-running.png b/doc/manual/en_US/images/vm-vista-running.png Binary files differnew file mode 100644 index 00000000..79f04b09 --- /dev/null +++ b/doc/manual/en_US/images/vm-vista-running.png diff --git a/doc/manual/en_US/man_VBoxManage-debugvm.xml b/doc/manual/en_US/man_VBoxManage-debugvm.xml new file mode 100644 index 00000000..b1d360ad --- /dev/null +++ b/doc/manual/en_US/man_VBoxManage-debugvm.xml @@ -0,0 +1,615 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + manpage, user manual, usage: VBoxManage debugvm + + Copyright (C) 2006-2015 Oracle Corporation + + This file is part of VirtualBox Open Source Edition (OSE), as + available from http://www.virtualbox.org. This file is free software; + you can redistribute it and/or modify it under the terms of the GNU + General Public License (GPL) as published by the Free Software + Foundation, in version 2 as it comes in the "COPYING" file of the + VirtualBox OSE distribution. VirtualBox OSE is distributed in the + hope that it will be useful, but WITHOUT ANY WARRANTY of any kind. + --> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"> +<refentry id="vboxmanage-debugvm" lang="en"> + + <refentryinfo> + <pubdate>$Date: 2018-07-20 19:42:10 +0200 (Fri, 20 Jul 2018) $</pubdate> + <title>VBoxManage debugvm</title> + </refentryinfo> + + <refmeta> + <refentrytitle>VBoxManage-debugvm</refentrytitle> + <manvolnum>1</manvolnum> + </refmeta> + + <refnamediv> + <refname>VBoxManage-debugvm</refname> + <refpurpose>introspection and guest debugging</refpurpose> + <refclass>Oracle VM VirtualBox</refclass> + </refnamediv> + + <refsynopsisdiv> + <cmdsynopsis id="synopsis-vboxmanage-debugvm-dumpvmcore"> + <command>VBoxManage debugvm</command> + <arg choice="req"><replaceable>uuid|vmname</replaceable></arg> + <arg choice="plain">dumpvmcore</arg> + <arg>--filename=<replaceable>name</replaceable></arg> + </cmdsynopsis> + <cmdsynopsis id="synopsis-vboxmanage-debugvm-info"> + <command>VBoxManage debugvm</command> + <arg choice="req"><replaceable>uuid|vmname</replaceable></arg> + <arg choice="plain">info</arg> + <arg choice="req"><replaceable>item</replaceable></arg> + <arg rep="repeat"><replaceable>args</replaceable></arg> + </cmdsynopsis> + <cmdsynopsis id="synopsis-vboxmanage-debugvm-injectnmi"> + <command>VBoxManage debugvm</command> + <arg choice="req"><replaceable>uuid|vmname</replaceable></arg> + <arg choice="plain">injectnmi</arg> + </cmdsynopsis> + <cmdsynopsis id="synopsis-vboxmanage-debugvm-log"> + <command>VBoxManage debugvm</command> + <arg choice="req"><replaceable>uuid|vmname</replaceable></arg> + <arg choice="plain">log</arg> + <group><arg>--release</arg><arg>--debug</arg></group> + <arg rep="repeat"><replaceable>group-settings</replaceable></arg> + </cmdsynopsis> + <cmdsynopsis id="synopsis-vboxmanage-debugvm-logdest"> + <command>VBoxManage debugvm</command> + <arg choice="req"><replaceable>uuid|vmname</replaceable></arg> + <arg choice="plain">logdest</arg> + <group><arg>--release</arg><arg>--debug</arg></group> + <arg rep="repeat"><replaceable>destinations</replaceable></arg> + </cmdsynopsis> + <cmdsynopsis id="synopsis-vboxmanage-debugvm-logflags"> + <command>VBoxManage debugvm</command> + <arg choice="req"><replaceable>uuid|vmname</replaceable></arg> + <arg choice="plain">logflags</arg> + <group><arg>--release</arg><arg>--debug</arg></group> + <arg rep="repeat"><replaceable>flags</replaceable></arg> + </cmdsynopsis> + <cmdsynopsis id="synopsis-vboxmanage-debugvm-osdetect"> + <command>VBoxManage debugvm</command> + <arg choice="req"><replaceable>uuid|vmname</replaceable></arg> + <arg choice="plain">osdetect</arg> + </cmdsynopsis> + <cmdsynopsis id="synopsis-vboxmanage-debugvm-osinfo"> + <command>VBoxManage debugvm</command> + <arg choice="req"><replaceable>uuid|vmname</replaceable></arg> + <arg choice="plain">osinfo</arg> + </cmdsynopsis> + <cmdsynopsis id="synopsis-vboxmanage-debugvm-osdmesg"> + <command>VBoxManage debugvm</command> + <arg choice="req"><replaceable>uuid|vmname</replaceable></arg> + <arg choice="plain">osdmesg</arg> + <arg>--lines=<replaceable>lines</replaceable></arg> + </cmdsynopsis> + <cmdsynopsis id="synopsis-vboxmanage-debugvm-getregisters"> + <command>VBoxManage debugvm</command> + <arg choice="req"><replaceable>uuid|vmname</replaceable></arg> + <arg choice="plain">getregisters</arg> + <arg>--cpu=<replaceable>id</replaceable></arg> + <arg rep="repeat"><replaceable>reg-set.reg-name</replaceable></arg> + </cmdsynopsis> + <cmdsynopsis id="synopsis-vboxmanage-debugvm-setregisters"> + <command>VBoxManage debugvm</command> + <arg choice="req"><replaceable>uuid|vmname</replaceable></arg> + <arg choice="plain">setregisters</arg> + <arg>--cpu=<replaceable>id</replaceable></arg> + <arg rep="repeat"><replaceable>reg-set.reg-name=value</replaceable></arg> + </cmdsynopsis> + <cmdsynopsis id="synopsis-vboxmanage-debugvm-show"> + <command>VBoxManage debugvm</command> + <arg choice="req"><replaceable>uuid|vmname</replaceable></arg> + <arg choice="plain">show</arg> + <group><arg>--human-readable</arg><arg>--sh-export</arg><arg>--sh-eval</arg><arg>--cmd-set</arg></group> + <arg rep="repeat"><replaceable>settings-item</replaceable></arg> + </cmdsynopsis> + <cmdsynopsis id="synopsis-vboxmanage-debugvm-stack"> + <command>VBoxManage debugvm</command> + <arg choice="req"><replaceable>uuid|vmname</replaceable></arg> + <arg choice="plain">stack</arg> + <arg>--cpu=<replaceable>id</replaceable></arg> + </cmdsynopsis> + <cmdsynopsis id="synopsis-vboxmanage-debugvm-statistics"> + <command>VBoxManage debugvm</command> + <arg choice="req"><replaceable>uuid|vmname</replaceable></arg> + <arg choice="plain">statistics</arg> + <arg>--reset</arg> + <arg>--descriptions</arg> + <arg>--pattern=<replaceable>pattern</replaceable></arg> + </cmdsynopsis> + </refsynopsisdiv> + <refsect1> + <title>Description</title> + + <para>The "debugvm" commands are for experts who want to tinker with the + exact details of virtual machine execution. Like the VM debugger<remark role="help-manual"> + described in <xref linkend="ts_debugger" /></remark>, these commands are only useful if you are + very familiar with the details of the PC architecture and how to debug + software.</para> + + <refsect2 id="vboxmanage-debugvm-common-options"> + <title>Common options</title> + <remark role="help-scope" condition="GLOBAL"/> + <para>The subcommands of <command>debugvm</command> all operate on a running virtual + machine:</para> + <variablelist> + <varlistentry> + <term><replaceable>uuid|vmname</replaceable></term> + <listitem><para>Either the UUID or the name (case sensitive) of a VM.</para></listitem> + </varlistentry> + </variablelist> + </refsect2> + + <refsect2 id="vboxmanage-debugvm-dumpvmcore"> + <title>debugvm dumpvmcore</title> + <remark role="help-copy-synopsis"/> + <para> + Creates a system dump file of the specified VM. This file will have + the standard ELF core format (with custom sections)<remark role="help-manual">; see + <xref linkend="ts_guest-core-format" /></remark>. + </para> + <para> + This corresponds to the <command>writecore</command> command in the debugger. + </para> + <variablelist> + <varlistentry> + <term><option>--filename=<replaceable>filename</replaceable></option></term> + <listitem><para>The name of the output file.</para></listitem> + </varlistentry> + </variablelist> + </refsect2> + + <refsect2 id="vboxmanage-debugvm-info"> + <title>debugvm info</title> + <remark role="help-copy-synopsis"/> + <para> + Displays info items relating to the VMM, device emulations and + associated drivers. + </para> + <para> + This corresponds to the <command>info</command> command in the debugger. + </para> + <variablelist> + <varlistentry> + <term><replaceable>info</replaceable></term> + <listitem> + <para>Name of the info item to display. The special name + <option>help</option> will list all the available info items and + hints about optional arguments.</para> + </listitem> + </varlistentry> + <varlistentry> + <term><replaceable>args</replaceable></term> + <listitem> + <para>Optional argument string for the info item handler. Most info items + does not take any extra arguments. Arguments not recognized are generally + ignored.</para> + </listitem> + </varlistentry> + </variablelist> + </refsect2> + + <refsect2 id="vboxmanage-debugvm-injectnmi"> + <title>debugvm injectnmi</title> + <remark role="help-copy-synopsis"/> + <para> + Causes a non-maskable interrupt (NMI) to be injected into the guest. This + might be useful for certain debugging scenarios. What happens exactly is + dependent on the guest operating system, but an NMI can crash the whole + guest operating system. Do not use unless you know what you're doing. + </para> + </refsect2> + + <refsect2 id="vboxmanage-debugvm-log"> + <title>debugvm log</title> + <remark role="help-copy-synopsis"/> + <para> + Changes the group settings for either debug (<option>--debug</option>) + or release (<option>--release</option>) logger of the VM process. + </para> + <para> + The <replaceable>group-settings</replaceable> are typically strings on the form + <computeroutput>em.e.f.l</computeroutput>, <computeroutput>hm=~0</computeroutput> + and <computeroutput>-em.f</computeroutput>. Basic wildcards are supported for + group matching. The <computeroutput>all</computeroutput> group is an alias for + all the groups. + </para> + <para> + Please do keep in mind that the group settings are applied as modifications + to the current ones. + </para> + <para> + This corresponds to the <command>log</command> command in the debugger. + </para> + </refsect2> + + <refsect2 id="vboxmanage-debugvm-logdest"> + <title>debugvm logdest</title> + <remark role="help-copy-synopsis"/> + <para> + Changes the destination settings for either debug (<option>--debug</option>) + or release (<option>--release</option>) logger of the VM process. For details + on the destination format, the best source is src/VBox/Runtime/common/log/log.cpp. + </para> + <para> + The <replaceable>destinations</replaceable> is one or more mnemonics, optionally + prefixed by "no" to disable them. Some of them take values after a ":" or "=" + separator. Multiple mnemonics can be separated by space or given as separate + arguments on the command line. + </para> + <para> + List of available destination: + </para> + <variablelist> + <varlistentry> + <term><option>file[=<replaceable>file</replaceable>], nofile</option></term> + <listitem><para>Specifies a log file. It no filname is given, one will be + generated based on the current UTC time and VM process name and placed in + the current directory of the VM process. Note that this will currently not + have any effect if the log file has already been opened. + </para></listitem> + </varlistentry> + <varlistentry> + <term><option>dir=<replaceable>directory</replaceable>, nodir</option></term> + <listitem><para>Specifies the output directory for log files. Note that this + will currently not have any effect if the log file has already been opened. + </para></listitem> + </varlistentry> + <varlistentry> + <term><option>history=<replaceable>count</replaceable>, nohistory</option></term> + <listitem><para>A non-zero value enables log historization, with the value + specifying how many old log files to keep. + </para></listitem> + </varlistentry> + <varlistentry> + <term><option>histsize=<replaceable>bytes</replaceable></option></term> + <listitem><para>The max size of a log file before it is historized. Default is infinite.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>histtime=<replaceable>seconds</replaceable></option></term> + <listitem><para>The max age (in seconds) of a log file before it is historized. Default is infinite.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>ringbuffer, noringbuffer</option></term> + <listitem><para>Only log to the log buffer until an explicit flush (e.g. via an assertion) + occurs. This is fast and saves diskspace.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>stdout, nostdout</option></term> + <listitem><para>Write the log content to standard output.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>stdout, nostdout</option></term> + <listitem><para>Write the log content to standard error.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>debugger, nodebugger</option></term> + <listitem><para>Write the log content to the debugger, if supported by the host OS.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>com, nocom</option></term> + <listitem><para>Writes logging to the COM port. This is only applicable for raw-mode and ring-0 logging.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>user, nouser</option></term> + <listitem><para>Custom destination which has no meaning to VM processes..</para></listitem> + </varlistentry> + </variablelist> + <para> + This corresponds to the <command>logdest</command> command in the debugger. + </para> + </refsect2> + + <refsect2 id="vboxmanage-debugvm-logflags"> + <title>debugvm logflags</title> + <remark role="help-copy-synopsis"/> + <para> + Changes the flags on either debug (<option>--debug</option>) or release + (<option>--release</option>) logger of the VM process. Please note that the + modifications are applied onto the existing changes, they are not replacing them. + </para> + <para> + The <replaceable>flags</replaceable> are a list of flag mnemonics, optionally + prefixed by a "no", "!", "~" or "-" to negate their meaning. The "+" prefix + can be used to undo previous negation or use as a separator, though better use + whitespace or separate arguments for that. + </para> + <para> + List of log flag mnemonics, with their counter form where applicable + (asterisk indicates defaults): + </para> + <variablelist> + <varlistentry> + <term><option>enabled*, disabled</option></term> + <listitem><para>Enables or disables logging.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>buffered, unbuffered*</option></term> + <listitem><para>Enabling buffering of log output before it hits the destinations.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>writethrough(/writethru)</option></term> + <listitem><para>Whether to open the destination file with writethru buffering settings or not.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>flush</option></term> + <listitem><para>Enables flushing of the output file (to disk) after each log statement.</para></listitem> + </varlistentry> + <!-- Prefixes --> + <varlistentry> + <term><option>lockcnts</option></term> + <listitem><para>Prefix each log line with lock counts for the current thread.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>cpuid</option></term> + <listitem><para>Prefix each log line with the ID of the current CPU.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>pid</option></term> + <listitem><para>Prefix each log line with the current process ID.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>flagno</option></term> + <listitem><para>Prefix each log line with the numberic flags corresponding to the log statement.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>flag</option></term> + <listitem><para>Prefix each log line with the flag mnemonics corresponding to the log statement.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>groupno</option></term> + <listitem><para>Prefix each log line with the log group number for the log statement producing it.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>group</option></term> + <listitem><para>Prefix each log line with the log group name for the log statement producing it.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>tid</option></term> + <listitem><para>Prefix each log line with the current thread identifier.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>thread</option></term> + <listitem><para>Prefix each log line with the current thread name.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>time</option></term> + <listitem><para>Prefix each log line with the current UTC wall time.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>timeprog</option></term> + <listitem><para>Prefix each log line with the current monotonic time since the start of the program.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>msprog</option></term> + <listitem><para>Prefix each log line with the current monotonic timestamp value in milliseconds since the start of the program.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>ts</option></term> + <listitem><para>Prefix each log line with the current monotonic timestamp value in nanoseconds.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>tsc</option></term> + <listitem><para>Prefix each log line with the current CPU timestamp counter (TSC) value.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>rel, abs*</option></term> + <listitem><para>Selects the whether <computeroutput>ts</computeroutput> and + <computeroutput>tsc</computeroutput> prefixes should be displayed as relative to the + previous log line or as absolute time.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>hex*, dec</option></term> + <listitem><para>Selects the whether the <computeroutput>ts</computeroutput> and + <computeroutput>tsc</computeroutput> prefixes should be formatted as hexadecimal + or decimal.</para></listitem> + </varlistentry> + + <!-- Suffixes and weird stuff. --> + <varlistentry> + <term><option>custom</option></term> + <listitem><para>Custom log prefix, has by default no meaning for VM processes.</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>usecrlf, uself*</option></term> + <listitem><para>Output with DOS style (CRLF) or just UNIX style (LF) line endings.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>overwrite*, append</option></term> + <listitem><para>Overwrite the destination file or append to it.</para></listitem> + </varlistentry> + </variablelist> + + <para> + This corresponds to the <command>logflags</command> command in the debugger. + </para> + </refsect2> + + <refsect2 id="vboxmanage-debugvm-osdetect"> + <title>debugvm osdetect</title> + <remark role="help-copy-synopsis"/> + <para> + Make the VMM's debugger facility (re)-detect the guest operating system (OS). + This will first load all debugger plug-ins. + </para> + <para> + This corresponds to the <command>detect</command> command in the debugger. + </para> + </refsect2> + + <refsect2 id="vboxmanage-debugvm-osinfo"> + <title>debugvm osinfo</title> + <remark role="help-copy-synopsis"/> + <para> + Displays information about the guest operating system (OS) previously + detected by the VMM's debugger facility. + </para> + </refsect2> + + <refsect2 id="vboxmanage-debugvm-osdmesg"> + <title>debugvm osdmesg</title> + <remark role="help-copy-synopsis"/> + <para> + Displays the guest OS kernel log, if detected and supported. + </para> + <variablelist> + <varlistentry> + <term><option>--lines=<replaceable>lines</replaceable></option></term> + <listitem><para>Number of lines of the log to display, counting from + the end. The default is infinite.</para></listitem> + </varlistentry> + </variablelist> + </refsect2> + + <refsect2 id="vboxmanage-debugvm-getregisters"> + <title>debugvm getregisters</title> + <remark role="help-copy-synopsis"/> + <para> + Retrieves register values for guest CPUs and emulated devices. + </para> + <variablelist> + <varlistentry> + <term><replaceable>reg-set.reg-name</replaceable></term> + <listitem> + <para>One of more registers, each having one of the following forms:</para> + <orderedlist> + <listitem><para>register-set.register-name.sub-field</para></listitem> + <listitem><para>register-set.register-name</para></listitem> + <listitem><para>cpu-register-name.sub-field</para></listitem> + <listitem><para>cpu-register-name</para></listitem> + <listitem><para>all</para></listitem> + </orderedlist> + <para>The <replaceable>all</replaceable> form will cause all registers + to be shown (no sub-fields). The registers names are case-insensitive. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term><option>--cpu=<replaceable>id</replaceable></option></term> + <listitem><para>Selects the CPU register set when specifying just a + CPU register (3rd and 4th form). The default is 0.</para> + </listitem> + </varlistentry> + </variablelist> + </refsect2> + + <refsect2 id="vboxmanage-debugvm-setregisters"> + <title>debugvm setregisters</title> + <remark role="help-copy-synopsis"/> + <para> + Changes register values for guest CPUs and emulated devices. + </para> + <variablelist> + <varlistentry> + <term><replaceable>reg-set.reg-name=value</replaceable></term> + <listitem> + <para>One of more register assignment, each having one of the following forms:</para> + <orderedlist> + <listitem><para>register-set.register-name.sub-field=value</para></listitem> + <listitem><para>register-set.register-name=value</para></listitem> + <listitem><para>cpu-register-name.sub-field=value</para></listitem> + <listitem><para>cpu-register-name=value</para></listitem> + </orderedlist> + <para>The value format should be in the same style as what + <command>getregisters</command> displays, with the exception that + both octal and decimal can be used instead of hexadecimal.</para> + </listitem> + </varlistentry> + <varlistentry> + <term><option>--cpu=<replaceable>id</replaceable></option></term> + <listitem><para>Selects the CPU register set when specifying just a + CPU register (3rd and 4th form). The default is 0.</para> + </listitem> + </varlistentry> + </variablelist> + </refsect2> + + <refsect2 id="vboxmanage-debugvm-show"> + <title>debugvm show</title> + <remark role="help-copy-synopsis"/> + <para> + Shows logging settings for the VM. + </para> + <variablelist> + <varlistentry> + <term><option>--human-readable</option></term> + <listitem><para>Selects human readable output.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>--sh-export</option></term> + <listitem><para>Selects output format as bourne shell style <command>export</command> commands.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>--sh-eval</option></term> + <listitem><para>Selects output format as bourne shell style <command>eval</command> command input.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>--cmd-set</option></term> + <listitem><para>Selects output format as DOS style <command>SET</command> commands.</para></listitem> + </varlistentry> + <varlistentry> + <term><replaceable>settings-item</replaceable></term> + <listitem> + <para>What to display. One or more of the following:</para> + <itemizedlist> + <listitem><para>logdbg-settings - debug log settings.</para></listitem> + <listitem><para>logrel-settings - release log settings.</para></listitem> + <listitem><para>log-settings - alias for both debug and release log settings.</para></listitem> + </itemizedlist> + </listitem> + </varlistentry> + </variablelist> + + </refsect2> + + <refsect2 id="vboxmanage-debugvm-stack"> + <title>debugvm stack</title> + <remark role="help-copy-synopsis"/> + <para> + Unwinds the guest CPU stacks to the best of our ability. It is + recommended to first run the <command>osdetect</command> command, as this + gives both symbols and perhaps unwind information. + </para> + <variablelist> + <varlistentry> + <term><option>--cpu=<replaceable>id</replaceable></option></term> + <listitem><para>Selects a single guest CPU to display the stack for. The default is all CPUs.</para> </listitem> + </varlistentry> + </variablelist> + + </refsect2> + + <refsect2 id="vboxmanage-debugvm-statistics"> + <title>debugvm statistics</title> + <remark role="help-copy-synopsis"/> + <para> + Displays or resets VMM statistics. + </para> + <para> + Retrieves register values for guest CPUs and emulated devices. + </para> + <variablelist> + <varlistentry> + <term><option>--pattern=<replaceable>pattern</replaceable></option></term> + <listitem><para>DOS/NT-style wildcards patterns for selecting statistics. Multiple + patterns can be specified by using the '|' (pipe) character as separator.</para> + </listitem> + </varlistentry> + <varlistentry> + <term><option>--reset</option></term> + <listitem><para>Select reset instead of display mode.</para></listitem> + </varlistentry> + </variablelist> + + </refsect2> + + </refsect1> + +</refentry> + diff --git a/doc/manual/en_US/man_VBoxManage-extpack.xml b/doc/manual/en_US/man_VBoxManage-extpack.xml new file mode 100644 index 00000000..443734b1 --- /dev/null +++ b/doc/manual/en_US/man_VBoxManage-extpack.xml @@ -0,0 +1,134 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + manpage, user manual, usage: VBoxManage extpack + + Copyright (C) 2006-2015 Oracle Corporation + + This file is part of VirtualBox Open Source Edition (OSE), as + available from http://www.virtualbox.org. This file is free software; + you can redistribute it and/or modify it under the terms of the GNU + General Public License (GPL) as published by the Free Software + Foundation, in version 2 as it comes in the "COPYING" file of the + VirtualBox OSE distribution. VirtualBox OSE is distributed in the + hope that it will be useful, but WITHOUT ANY WARRANTY of any kind. + --> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"> +<refentry id="vboxmanage-extpack" lang="en"> + + <refentryinfo> + <pubdate>$Date: 2018-07-20 19:42:10 +0200 (Fri, 20 Jul 2018) $</pubdate> + <title>VBoxManage extpack</title> + </refentryinfo> + + <refmeta> + <refentrytitle>VBoxManage-extpack</refentrytitle> + <manvolnum>1</manvolnum> + </refmeta> + + <refnamediv> + <refname>VBoxManage-extpack</refname> + <refpurpose>extension package management</refpurpose> + <refclass>Oracle VM VirtualBox</refclass> + </refnamediv> + + <refsynopsisdiv> + <cmdsynopsis id="synopsis-vboxmanage-extpack-install"> <!-- The 'id' is mandatory and must start with 'synopsis-'. --> + <command>VBoxManage extpack install</command> + <arg>--replace</arg> + <arg choice="req"><replaceable>tarball</replaceable></arg> + </cmdsynopsis> + <cmdsynopsis id="synopsis-vboxmanage-extpack-uninstall"> + <command>VBoxManage extpack uninstall</command> + <arg>--force</arg> + <arg choice="req"><replaceable>name</replaceable></arg> + </cmdsynopsis> + <cmdsynopsis id="synopsis-vboxmanage-extpack-cleanup"> + <command>VBoxManage extpack cleanup</command> + </cmdsynopsis> + </refsynopsisdiv> + + <refsect1> + <title>Description</title> + + <refsect2 id="vboxmanage-extpack-install"> + <title>extpack install</title> + <remark role="help-copy-synopsis"/> + <para> + Installs a new extension pack on the system. This command will fail if an older + version of the same extension pack is already installed. The + <option>--replace</option> option can be used to uninstall any + old package before the new one is installed. + </para> + <variablelist> + <varlistentry> + <term><option>--replace</option></term><listitem><para>Uninstall existing extension pack version.</para></listitem> + </varlistentry> + <varlistentry> + <term><replaceable>tarball</replaceable></term> + <listitem> + <para>The file containing the extension pack to be installed.</para> + </listitem> + </varlistentry> + </variablelist> + </refsect2> + + <refsect2 id="vboxmanage-extpack-uninstall"> + <title>extpack uninstall</title> + <remark role="help-copy-synopsis"/> + <para> + Uninstalls an extension pack from the system. The subcommand will also succeed + in the case where the specified extension pack is not present on the system. + You can use <computeroutput>VBoxManage list extpacks</computeroutput> to show + the names of the extension packs which are currently installed. + </para> + <variablelist> + <varlistentry> + <term><option>--force</option></term> + <listitem> + <para>Overrides most refusals to uninstall an extension pack</para> + </listitem> + </varlistentry> + <varlistentry> + <term><replaceable>name</replaceable></term> + <listitem> + <para>The name of the extension pack to be uninstalled.</para> + </listitem> + </varlistentry> + </variablelist> + </refsect2> + + <refsect2 id="vboxmanage-extpack-cleanup"> + <title>extpack cleanup</title> + <remark role="help-copy-synopsis"/> + <para> + Used to remove temporary files and directories that may have been left behind + if a previous install or uninstall command failed. + </para> + </refsect2> + + </refsect1> + + <refsect1> + <title>Examples</title> + <remark role="help-scope" condition="EXTPACK_UNINSTALL,EXTPACK"/> + <para> + How to list extension packs: +<screen>$ VBoxManage list extpacks +Extension Packs: 1 +Pack no. 0: Oracle VM VirtualBox Extension Pack +Version: 4.1.12 +Revision: 77218 +Edition: +Description: USB 2.0 Host Controller, VirtualBox RDP, PXE ROM with E1000 support. +VRDE Module: VBoxVRDP +Usable: true +Why unusable:</screen></para> + + <para>How to remove an extension pack: +<screen>$ VBoxManage extpack uninstall "Oracle VM VirtualBox Extension Pack" +0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100% +Successfully uninstalled "Oracle VM VirtualBox Extension Pack".</screen></para> + </refsect1> + +</refentry> + diff --git a/doc/manual/en_US/man_VBoxManage-mediumio.xml b/doc/manual/en_US/man_VBoxManage-mediumio.xml new file mode 100644 index 00000000..e551c4f4 --- /dev/null +++ b/doc/manual/en_US/man_VBoxManage-mediumio.xml @@ -0,0 +1,164 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + manpage, user manual, usage: VBoxManage mediumio + + Copyright (C) 2018 Oracle Corporation + + This file is part of VirtualBox Open Source Edition (OSE), as + available from http://www.virtualbox.org. This file is free software; + you can redistribute it and/or modify it under the terms of the GNU + General Public License (GPL) as published by the Free Software + Foundation, in version 2 as it comes in the "COPYING" file of the + VirtualBox OSE distribution. VirtualBox OSE is distributed in the + hope that it will be useful, but WITHOUT ANY WARRANTY of any kind. + --> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"> +<refentry id="vboxmanage-mediumio" lang="en"> + + <refentryinfo> + <pubdate>$Date: 2018-10-12 20:40:09 +0200 (Fri, 12 Oct 2018) $</pubdate> + <title>VBoxManage mediumio</title> + </refentryinfo> + + <refmeta> + <refentrytitle>VBoxManage-mediumio</refentrytitle> + <manvolnum>1</manvolnum> + </refmeta> + + <refnamediv> + <refname>VBoxManage-mediumio</refname> + <refpurpose>medium content access</refpurpose> + <refclass>Oracle VM VirtualBox</refclass> + </refnamediv> + + <refsynopsisdiv> + <cmdsynopsis id="synopsis-vboxmanage-mediumio-formatfat"> <!-- The 'id' is mandatory and must start with 'synopsis-'. --> + <command>VBoxManage mediumio</command> + <group choice="req"> + <arg>--disk=<replaceable>uuid|filename</replaceable></arg> + <arg>--dvd=<replaceable>uuid|filename</replaceable></arg> + <arg>--floppy=<replaceable>uuid|filename</replaceable></arg> + </group> + <arg>--password-file<replaceable>-|filename</replaceable></arg> + <arg choice="plain">formatfat</arg> + <arg>--quick</arg> + </cmdsynopsis> + <cmdsynopsis id="synopsis-vboxmanage-mediumio-cat"> + <command>VBoxManage mediumio</command> + <group choice="req"> + <arg>--disk=<replaceable>uuid|filename</replaceable></arg> + <arg>--dvd=<replaceable>uuid|filename</replaceable></arg> + <arg>--floppy=<replaceable>uuid|filename</replaceable></arg> + </group> + <arg>--password-file<replaceable>-|filename</replaceable></arg> + <arg choice="plain">cat</arg> + <arg>--hex</arg> + <arg>--offset=<replaceable>byte-offset</replaceable></arg> + <arg>--size=<replaceable>bytes</replaceable></arg> + <arg>--output=<replaceable>-|filename</replaceable></arg> + </cmdsynopsis> + <cmdsynopsis id="synopsis-vboxmanage-mediumio-stream"> + <command>VBoxManage mediumio</command> + <group choice="req"> + <arg>--disk=<replaceable>uuid|filename</replaceable></arg> + <arg>--dvd=<replaceable>uuid|filename</replaceable></arg> + <arg>--floppy=<replaceable>uuid|filename</replaceable></arg> + </group> + <arg>--password-file<replaceable>-|filename</replaceable></arg> + <arg choice="plain">stream</arg> + <arg>--format=<replaceable>image-format</replaceable></arg> + <arg>--variant=<replaceable>image-variant</replaceable></arg> + <arg>--output=<replaceable>-|filename</replaceable></arg> + </cmdsynopsis> + </refsynopsisdiv> + + <refsect1> + <title>Description</title> + + <refsect2 id="vboxmanage-mediumio-common-options"> + <title>Common options</title> + <remark role="help-scope" condition="GLOBAL"/> + <para>The subcommands of <command>mediumio</command> all operate on a medium which need to be specified, optionally + with an encryption password. The following common options can be placed before or after the sub-command:</para> + <variablelist> + <varlistentry> + <term>--disk=<replaceable>uuid|filename</replaceable></term> + <listitem><para>Either the UUID or filename of a harddisk image, e.g. VDI, VMDK, VHD, ++.</para></listitem> + </varlistentry> + <varlistentry> + <term>--dvd=<replaceable>uuid|filename</replaceable></term> + <listitem><para>Either the UUID or filename of a DVD image, e.g. ISO, DMG, CUE.</para></listitem> + </varlistentry> + <varlistentry> + <term>--floppy=<replaceable>uuid|filename</replaceable></term> + <listitem><para>Either the UUID or filename of a floppy image, e.g. IMG.</para></listitem> + </varlistentry> + <varlistentry> + <term>--password-file=<replaceable>-|filename</replaceable></term> + <listitem><para>The name of a file containing the medium encryption password. If <option>-</option> + is specified, the password will be read from stdin. </para></listitem> + </varlistentry> + </variablelist> + </refsect2> + + <refsect2 id="vboxmanage-mediumio-formatfat"> + <title>mediumio formatfat</title> + <remark role="help-copy-synopsis"/> + <para> + Formats a floppy medium with the FAT file system. This will erase the + content of the medium. + </para> + <variablelist> + <varlistentry> + <term><option>--quick</option></term><listitem><para>Quickformat the medium.</para></listitem> + </varlistentry> + </variablelist> + </refsect2> + + <refsect2 id="vboxmanage-mediumio-cat"> + <title>mediumio cat</title> + <remark role="help-copy-synopsis"/> + <para> + Dumps the medium content to stdout or the specified file. + </para> + <variablelist> + <varlistentry> + <term><option>--hex</option></term><listitem><para>Dump as hex bytes.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>--offset</option></term><listitem><para>The byte offset in the medium to start.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>--size</option></term><listitem><para>The number of bytes to dump.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>--output</option></term> + <listitem><para>The output filename. As usual <option>-</option> is take to mean stdout.</para></listitem> + </varlistentry> + </variablelist> + </refsect2> + + <refsect2 id="vboxmanage-mediumio-stream"> + <title>mediumio stream</title> + <remark role="help-copy-synopsis"/> + <para> + Converts the medium to a streamable format and dumps it to the given output. + </para> + <variablelist> + <varlistentry> + <term><option>--format</option></term><listitem><para>The format of the destination image.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>--variant</option></term><listitem><para>The medium variant for the destination.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>--output</option></term> + <listitem><para>The output filename. As usual <option>-</option> is take to mean stdout.</para></listitem> + </varlistentry> + </variablelist> + </refsect2> + + </refsect1> + +</refentry> + diff --git a/doc/manual/en_US/man_VBoxManage-unattended.xml b/doc/manual/en_US/man_VBoxManage-unattended.xml new file mode 100644 index 00000000..41b16807 --- /dev/null +++ b/doc/manual/en_US/man_VBoxManage-unattended.xml @@ -0,0 +1,242 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + manpage, user manual, usage: VBoxManage unattended + + Copyright (C) 2006-2017 Oracle Corporation + + This file is part of VirtualBox Open Source Edition (OSE), as + available from http://www.virtualbox.org. This file is free software; + you can redistribute it and/or modify it under the terms of the GNU + General Public License (GPL) as published by the Free Software + Foundation, in version 2 as it comes in the "COPYING" file of the + VirtualBox OSE distribution. VirtualBox OSE is distributed in the + hope that it will be useful, but WITHOUT ANY WARRANTY of any kind. + --> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"> +<refentry id="vboxmanage-unattended" lang="en"> + + <refentryinfo> + <pubdate>$Date: 2018-07-20 19:42:10 +0200 (Fri, 20 Jul 2018) $</pubdate> + <title>VBoxManage unattended</title> + </refentryinfo> + + <refmeta> + <refentrytitle>VBoxManage-unattended</refentrytitle> + <manvolnum>1</manvolnum> + </refmeta> + + <refnamediv> + <refname>VBoxManage-unattended</refname> + <refpurpose>unattended guest OS installation</refpurpose> + <refclass>Oracle VM VirtualBox</refclass> + </refnamediv> + + <refsynopsisdiv> + <cmdsynopsis id="synopsis-vboxmanage-unattended-detect"> <!-- The 'id' is mandatory and must start with 'synopsis-'. --> + <command>VBoxManage unattended detect</command> + <arg choice="req">--iso=<replaceable>install-iso</replaceable></arg> + <arg>--machine-readable</arg> + </cmdsynopsis> + <cmdsynopsis id="synopsis-vboxmanage-unattended-install"> <!-- The 'id' is mandatory and must start with 'synopsis-'. --> + <command>VBoxManage unattended install</command> + <arg choice="req"><replaceable>uuid|vmname</replaceable></arg> + <arg choice="req">--iso=<replaceable>install-iso</replaceable></arg> + <arg>--user=<replaceable>login</replaceable></arg> + <arg>--password=<replaceable>password</replaceable></arg> + <arg>--password-file=<replaceable>file</replaceable></arg> + <arg>--full-user-name=<replaceable>name</replaceable></arg> + <arg>--key=<replaceable>product-key</replaceable></arg> + <arg>--install-additions</arg> + <arg>--no-install-additions</arg> + <arg>--additions-iso=<replaceable>add-iso</replaceable></arg> + <arg>--install-txs</arg> + <arg>--no-install-txs</arg> + <arg>--validation-kit-iso=<replaceable>testing-iso</replaceable></arg> + <arg>--locale=<replaceable>ll_CC</replaceable></arg> + <arg>--country=<replaceable>CC</replaceable></arg> + <arg>--time-zone=<replaceable>tz</replaceable></arg> + <arg>--hostname=<replaceable>fqdn</replaceable></arg> + <arg>--package-selection-adjustment=<replaceable>keyword</replaceable></arg> + <arg>--dry-run</arg> + <arg>--auxiliary-base-path=<replaceable>path</replaceable></arg> + <arg>--image-index=<replaceable>number</replaceable></arg> + <arg>--script-template=<replaceable>file</replaceable></arg> + <arg>--post-install-template=<replaceable>file</replaceable></arg> + <arg>--post-install-command=<replaceable>command</replaceable></arg> + <arg>--extra-install-kernel-parameters=<replaceable>params</replaceable></arg> + <arg>--language=<replaceable>lang</replaceable></arg> + <arg>--start-vm=<replaceable>session-type</replaceable></arg> + </cmdsynopsis> + </refsynopsisdiv> + + <refsect1> + <title>Description</title> + + <refsect2 id="vboxmanage-unattended-detect"> + <title>unattended detect</title> + <remark role="help-copy-synopsis"/> + <para> + Detects the guest operating system (OS) on the specified installation ISO + and displays the result. This can be used as input when creating a VM for + the ISO to be installed in. + </para> + <variablelist> + <varlistentry> + <term><option>--iso=<replaceable>install-iso</replaceable></option></term> + <listitem><para>The installation ISO to run the detection on.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>--machine-readable</option></term> + <listitem><para>Produce output that is simpler to parse from a script.</para></listitem> + </varlistentry> + </variablelist> + </refsect2> + + <refsect2 id="vboxmanage-unattended-install"> + <title>unattended install</title> + <remark role="help-copy-synopsis"/> + <para> + Reconfigures the specified VM for installation and optionally starts it up. + </para> + <variablelist> + <varlistentry> + <term><replaceable>uuid|vmname</replaceable></term> + <listitem><para>Either the UUID or the name (case sensitive) of a VM.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>--iso=<replaceable>install-iso</replaceable></option></term> + <listitem><para>The installation ISO to run the detection on.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>--user=<replaceable>login</replaceable></option></term> + <listitem><para>The login name. (default: vboxuser)</para></listitem> + </varlistentry> + <varlistentry> + <term><option>--password=<replaceable>password</replaceable></option></term> + <listitem> + <para>The login password. This is used for the user given by <option>--user</option> as well as the + root/administrator user. (default: changeme)</para></listitem> + </varlistentry> + <varlistentry> + <term><option>--password-file=<replaceable>file</replaceable></option></term> + <listitem> + <para>Alternative to <option>--password</option> for providing the password. Special filename + <computeroutput>stdin</computeroutput> can be used to read the password from standard input.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>--full-user-name=<replaceable>name</replaceable></option></term> + <listitem><para>The full user name. (default: --user)</para></listitem> + </varlistentry> + <varlistentry> + <term><option>--key=<replaceable>product-key</replaceable></option></term> + <listitem><para>The guest OS product key. Not all guest OSes requires this.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>--install-additions</option>, <option>--no-install-additions</option></term> + <listitem><para>Whether to install the VirtualBox guest additions. (default: --no-install-addations)</para></listitem> + </varlistentry> + <varlistentry> + <term><option>--additions-iso=<replaceable>add-iso</replaceable></option></term> + <listitem> + <para>Path to the VirtualBox guest additions ISO. (default: installed/downloaded GAs)</para></listitem> + </varlistentry> + <varlistentry> + <term><option>--install-txs</option>, <option>--no-install-txs</option></term> + <listitem> + <para>Whether to install the test execution service (TXS) from the VirtualBox ValidationKit. + This is useful when preparing VMs for testing or similar. (default: --no-install-txs)</para></listitem> + </varlistentry> + <varlistentry> + <term><option>--validation-kit-iso=<replaceable>testing-iso</replaceable></option></term> + <listitem> + <para>Path to the VirtualBox ValidationKit ISO. This is required if <option>--install-txs</option> + is specified. </para></listitem> + </varlistentry> + <varlistentry> + <term><option>--locale=<replaceable>ll_CC</replaceable></option></term> + <listitem> + <para>The base locale specification for the guest, like en_US, de_CH, or nn_NO. (default: host or en_US)</para></listitem> + </varlistentry> + <varlistentry> + <term><option>--country=<replaceable>CC</replaceable></option></term> + <listitem><para>The two letter country code if it differs from the specified by <option>--location</option>.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>--time-zone=<replaceable>tz</replaceable></option></term> + <listitem><para>The time zone to set up the guest OS with. (default: host time zone or UTC)</para></listitem> + </varlistentry> + <varlistentry> + <term><option>--hostname=<replaceable>fqdn</replaceable></option></term> + <listitem> + <para>The fully qualified domain name of the guest machine. + (default: <replaceable>vmname</replaceable>.myguest.virtualbox.org)</para></listitem> + </varlistentry> + <varlistentry> + <term><option>--package-selection-adjustment=<replaceable>keyword</replaceable></option></term> + <listitem> + <para>Adjustments to the guest OS packages/components selection. This can be specfied more than once. Currently + the only recognized keyword is <computeroutput>minimal</computeroutput> which triggers a minimal installation for + some of the guest OSes.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>--dry-run</option></term> + <listitem><para>Do not create any files or make any changes to the VM configuration.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>--start-vm=<replaceable>session-type</replaceable></option></term> + <listitem> + <para>Start the VM using the front end given by <replaceable>session-type</replaceable>. This is the same as + the <option>--type</option> option for the <computeroutput>startvm</computeroutput> command, but we have add + <computeroutput>none</computeroutput> for indicating that the VM should not be started. + (default: <computeroutput>none</computeroutput>)</para></listitem> + </varlistentry> + </variablelist> + + <para>Advanced options:</para> + <variablelist> + <varlistentry> + <term><option>--auxiliary-base-path=<replaceable>path</replaceable></option></term> + <listitem> + <para>The path prefix to the media related files generated for the installation. + (default: <replaceable>vm-config-dir</replaceable>/Unattended-<replaceable>vm-uuid</replaceable>-)</para></listitem> + </varlistentry> + <varlistentry> + <term><option>--image-index=<replaceable>number</replaceable></option></term> + <listitem><para>Windows installation image index. (default: 1)</para></listitem> + </varlistentry> + <varlistentry> + <term><option>--script-template=<replaceable>file</replaceable></option></term> + <listitem><para>The unattended installation script template. (default: IMachine::OSTypeId dependent)</para></listitem> + </varlistentry> + <varlistentry> + <term><option>--post-install-template=<replaceable>file</replaceable></option></term> + <listitem><para>The post installation script template. (default: IMachine::OSTypeId dependent)</para></listitem> + </varlistentry> + <varlistentry> + <term><option>--post-install-command=<replaceable>command</replaceable></option></term> + <listitem> + <para>A single command to run after the installation is completed. The exact format and exactly + when this is run is guest OS installer dependent.</para></listitem> + </varlistentry> + <varlistentry> + <term><option>--extra-install-kernel-parameters=<replaceable>params</replaceable></option></term> + <listitem> + <para> + List of extra linux kernel parameters to use during the installation. (default: IMachine::OSTypeId dependent) + </para></listitem> + </varlistentry> + <varlistentry> + <term><option>--language=<replaceable>lang</replaceable></option></term> + <listitem> + <para> + Specifies the UI language for a Windows installation. The <replaceable>lang</replaceable> is + generally on the form {ll}-{CC}. See detectedOSLanguages results from <command>VBoxManage unattended detect</command>. + (default: detectedOSLanguages[0])</para></listitem> + </varlistentry> + + </variablelist> + </refsect2> + + </refsect1> +</refentry> + diff --git a/doc/manual/en_US/oracle-accessibility-en.xml b/doc/manual/en_US/oracle-accessibility-en.xml new file mode 100644 index 00000000..8fe09b4d --- /dev/null +++ b/doc/manual/en_US/oracle-accessibility-en.xml @@ -0,0 +1,27 @@ +<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE simplesect PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" +"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" +[ +<!ENTITY % all.entities SYSTEM "all-entities.ent"> +%all.entities; +]> +<simplesect> + +<!-- + Include this statement in the document Preface ONLY if your product + and/or documentation has been tested for accessibility, is determined + to be accessible, and has a VPAT. + --> + + <title>Documentation Accessibility</title> + + <para> + For information about Oracle's commitment to accessibility, visit + the Oracle Accessibility Program website at + +<?fo-linebreak?> + + <ulink url="http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc">http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc</ulink>. + </para> + +</simplesect> diff --git a/doc/manual/en_US/oracle-support-en.xml b/doc/manual/en_US/oracle-support-en.xml new file mode 100644 index 00000000..09b64007 --- /dev/null +++ b/doc/manual/en_US/oracle-support-en.xml @@ -0,0 +1,27 @@ +<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE simplesect PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" +"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" +[ +<!ENTITY % all.entities SYSTEM "all-entities.ent"> +%all.entities; +]> +<simplesect> + + <!-- Include this statement in the document Preface --> + + <title>Access to Oracle Support</title> + + <para> + Oracle customers that have purchased support have access to + electronic support through My Oracle Support. For information, visit + +<?fo-linebreak?> + + <ulink url="http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info">http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info</ulink> + or visit + <ulink + url="http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs">http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs</ulink> + if you are hearing impaired. + </para> + +</simplesect> diff --git a/doc/manual/en_US/user_AdvancedTopics.xml b/doc/manual/en_US/user_AdvancedTopics.xml new file mode 100644 index 00000000..f421a93d --- /dev/null +++ b/doc/manual/en_US/user_AdvancedTopics.xml @@ -0,0 +1,6999 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" +"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"[ +<!ENTITY % all.entities SYSTEM "all-entities.ent"> +%all.entities; +]> +<chapter id="AdvancedTopics"> + + <title>Advanced Topics</title> + + <sect1 id="autologon"> + + <title>Automated Guest Logins</title> + + <para> + &product-name; provides Guest Addition modules for Windows, Linux, + and Oracle Solaris to enable automated logins on the guest. + </para> + + <para> + When a guest operating system is running in a virtual machine, it + might be desirable to perform coordinated and automated logins + using credentials from a master login system. Credentials are user + name, password, and domain name, where each value might be empty. + </para> + + <sect2 id="autologon_win"> + + <title>Automated Windows Guest Logins</title> + + <para> + Since Windows NT, Windows has provided a modular system login + subsystem, called Winlogon, which can be customized and extended + by means of so-called GINA (Graphical Identification and + Authentication) modules. With Windows Vista and Windows 7, the + GINA modules were replaced with a new mechanism called + credential providers. The &product-name; Guest Additions for + Windows come with both, a GINA and a credential provider module, + and therefore enable any Windows guest to perform automated + logins. + </para> + + <para> + To activate the &product-name; GINA or credential provider + module, install the Guest Additions using the command line + switch <computeroutput>/with_autologon</computeroutput>. All the + following manual steps required for installing these modules + will be then done by the installer. + </para> + + <para> + To manually install the &product-name; GINA module, extract the + Guest Additions as shown in + <xref linkend="windows-guest-file-extraction" /> and copy the + file <computeroutput>VBoxGINA.dll</computeroutput> to the + Windows <computeroutput>SYSTEM32</computeroutput> directory. + Then, in the registry, create the following key with a value of + <computeroutput>VBoxGINA.dll</computeroutput>: + </para> + +<screen>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL</screen> + + <note> + <para> + The &product-name; GINA module is implemented as a wrapper + around the standard Windows GINA module, + <computeroutput>MSGINA.DLL</computeroutput>. As a result, it + may not work correctly with third party GINA modules. + </para> + </note> + + <para> + To manually install the &product-name; credential provider + module, extract the Guest Additions as shown in + <xref + linkend="windows-guest-file-extraction" /> and copy + the file <computeroutput>VBoxCredProv.dll</computeroutput> to + the Windows <computeroutput>SYSTEM32</computeroutput> directory. + In the registry, create the following keys: + </para> + +<screen>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ +Authentication\Credential Providers\{275D3BCC-22BB-4948-A7F6-3A3054EBA92B} + +HKEY_CLASSES_ROOT\CLSID\{275D3BCC-22BB-4948-A7F6-3A3054EBA92B} + +HKEY_CLASSES_ROOT\CLSID\{275D3BCC-22BB-4948-A7F6-3A3054EBA92B}\InprocServer32</screen> + + <para> + All default values, the key named + <computeroutput>Default</computeroutput>, must be set to + <computeroutput>VBoxCredProv</computeroutput>. + </para> + + <para> + Create a new string named as follows, with a value of + <computeroutput>Apartment</computeroutput>. + </para> + +<screen>HKEY_CLASSES_ROOT\CLSID\{275D3BCC-22BB-4948-A7F6-3A3054EBA92B}\InprocServer32\ThreadingModel</screen> + + <para> + To set credentials, use the following command on a + <emphasis>running</emphasis> VM: + </para> + +<screen>VBoxManage controlvm "Windows XP" setcredentials "John Doe" "secretpassword" "DOMTEST"</screen> + + <para> + While the VM is running, the credentials can be queried by the + &product-name; login modules, GINA or credential provider, using + the &product-name; Guest Additions device driver. When Windows + is in <emphasis>logged out</emphasis> mode, the login modules + will constantly poll for credentials and if they are present, a + login will be attempted. After retrieving the credentials, the + login modules will erase them so that the above command will + have to be repeated for subsequent logins. + </para> + + <para> + For security reasons, credentials are not stored in any + persistent manner and will be lost when the VM is reset. Also, + the credentials are write-only. There is no way to retrieve the + credentials from the host side. Credentials can be reset from + the host side by setting empty values. + </para> + + <para> + Depending on the particular variant of the Windows guest, the + following restrictions apply: + </para> + + <itemizedlist> + + <listitem> + <para> + For <emphasis role="bold">Windows XP guests.</emphasis> The + login subsystem needs to be configured to use the classic + login dialog, as the &product-name; GINA module does not + support the XP-style welcome dialog. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Windows Vista, Windows 7, Windows 8, + and Windows 10 guests.</emphasis> The login subsystem does + not support the so-called Secure Attention Sequence, + <computeroutput>Ctrl+Alt+Del</computeroutput>. As a result, + the guest's group policy settings need to be changed to not + use the Secure Attention Sequence. Also, the user name given + is only compared to the true user name, not the user + friendly name. This means that when you rename a user, you + still have to supply the original user name as Windows never + renames user accounts internally. + </para> + </listitem> + + <listitem> + <para> + Automatic login handling of the built-in + <emphasis role="bold">Windows Remote Desktop + Service</emphasis>, formerly known as Terminal Services, is + disabled by default. To enable it, create the following + registry key with a <computeroutput>DWORD</computeroutput> + value of <computeroutput>1</computeroutput>. + </para> + +<screen>HKEY_LOCAL_MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions\AutoLogon</screen> + </listitem> + + </itemizedlist> + + <para> + The following command forces &product-name; to keep the + credentials after they were read by the guest and on VM reset: + </para> + +<screen>VBoxManage setextradata "Windows XP" VBoxInternal/Devices/VMMDev/0/Config/KeepCredentials 1</screen> + + <para> + Note that this is a potential security risk, as a malicious + application running on the guest could request this information + using the proper interface. + </para> + + </sect2> + + <sect2 id="autologon_unix"> + + <title>Automated Linux and UNIX Guest Logins</title> + + <para> + &product-name; provides a custom PAM module (Pluggable + Authentication Module) which can be used to perform automated + guest logins on platforms which support this framework. + Virtually all modern Linux and UNIX distributions rely on PAM. + </para> + + <para> + For automated logins on Ubuntu, or Ubuntu-derived, distributions + using LightDM as the display manager. See + <xref linkend="autologon_unix_lightdm" />. + </para> + + <para> + The <computeroutput>pam_vbox.so</computeroutput> module itself + <emphasis>does not</emphasis> do an actual verification of the + credentials passed to the guest OS. Instead it relies on other + modules such as <computeroutput>pam_unix.so</computeroutput> or + <computeroutput>pam_unix2.so</computeroutput> down in the PAM + stack to do the actual validation using the credentials + retrieved by <computeroutput>pam_vbox.so</computeroutput>. + Therefore <computeroutput>pam_vbox.so</computeroutput> has to be + on top of the authentication PAM service list. + </para> + + <note> + <para> + The <computeroutput>pam_vbox.so</computeroutput> module only + supports the <computeroutput>auth</computeroutput> primitive. + Other primitives such as + <computeroutput>account</computeroutput>, + <computeroutput>session</computeroutput>, or + <computeroutput>password</computeroutput> are not supported. + </para> + </note> + + <para> + The <computeroutput>pam_vbox.so</computeroutput> module is + shipped as part of the Guest Additions but it is not installed + and/or activated on the guest OS by default. In order to install + it, it has to be copied from + <computeroutput>/opt/VBoxGuestAdditions-<version>/other/</computeroutput> + to the security modules directory. This is usually + <computeroutput>/lib/security/</computeroutput> on 32-bit Linux + guests or <computeroutput>/lib64/security/</computeroutput> on + 64-bit Linux guests. Please refer to your guest OS documentation + for the correct PAM module directory. + </para> + + <para> + For example, to use <computeroutput>pam_vbox.so</computeroutput> + with a Ubuntu Linux guest OS and the GNOME Desktop Manager (GDM) + to log in users automatically with the credentials passed by the + host, configure the guest OS as follows: + </para> + + <orderedlist> + + <listitem> + <para> + Copy the <computeroutput>pam_vbox.so</computeroutput> module + to the security modules directory. In this case, + <computeroutput>/lib/security</computeroutput>. + </para> + </listitem> + + <listitem> + <para> + Edit the PAM configuration file for GDM, found at + <computeroutput>/etc/pam.d/gdm</computeroutput>. Add the + line <computeroutput>auth requisite + pam_vbox.so</computeroutput> at the top. Additionally, in + most Linux distributions there is a file called + <computeroutput>/etc/pam.d/common-auth</computeroutput>. + This file is included in many other services, like the GDM + file mentioned above. There you also have to add the line + <computeroutput>auth requisite pam_vbox.so</computeroutput>. + </para> + </listitem> + + <listitem> + <para> + If authentication against the shadow database using + <computeroutput>pam_unix.so</computeroutput> or + <computeroutput>pam_unix2.so</computeroutput> is desired, + the argument <computeroutput>try_first_pass</computeroutput> + for <computeroutput>pam_unix.so</computeroutput> or + <computeroutput>use_first_pass</computeroutput> for + <computeroutput>pam_unix2.so</computeroutput> is needed in + order to pass the credentials from the &product-name; module + to the shadow database authentication module. For Ubuntu, + this needs to be added to + <computeroutput>/etc/pam.d/common-auth</computeroutput>, to + the end of the line referencing + <computeroutput>pam_unix.so</computeroutput>. This argument + tells the PAM module to use credentials already present in + the stack, such as the ones provided by the &product-name; + PAM module. + </para> + </listitem> + + </orderedlist> + + <warning> + <para> + An incorrectly configured PAM stack can effectively prevent + you from logging into your guest system. + </para> + </warning> + + <para> + To make deployment easier, you can pass the argument + <computeroutput>debug</computeroutput> right after the + <computeroutput>pam_vbox.so</computeroutput> statement. Debug + log output will then be recorded using syslog. + </para> + + <note> + <para> + By default, <computeroutput>pam_vbox</computeroutput> will not + wait for credentials to arrive from the host. When a login + prompt is shown, for example by GDM/KDM or the text console, + and pam_vbox does not yet have credentials it does not wait + until they arrive. Instead the next module in the PAM stack, + depending on the PAM configuration, will have the chance for + authentication. + </para> + </note> + + <para> + <computeroutput>pam_vbox</computeroutput> supports various guest + property parameters that are located in + <computeroutput>/VirtualBox/GuestAdd/PAM/</computeroutput>. + These parameters allow pam_vbox to wait for credentials to be + provided by the host and optionally can show a message while + waiting for those. The following guest properties can be set: + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>CredsWait</computeroutput>: Set to 1 if + pam_vbox should start waiting until credentials arrive from + the host. Until then no other authentication methods such as + manually logging in will be available. If this property is + empty or gets deleted no waiting for credentials will be + performed and pam_vbox will act like before. This property + must be set read-only for the guest + (<computeroutput>RDONLYGUEST</computeroutput>). + </para> + </listitem> + + <listitem> + <para> + <computeroutput>CredsWaitAbort</computeroutput>: Aborts + waiting for credentials when set to any value. Can be set + from host and the guest. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>CredsWaitTimeout</computeroutput>: Timeout, + in seconds, to let pam_vbox wait for credentials to arrive. + When no credentials arrive within this timeout, + authentication of pam_vbox will be set to failed and the + next PAM module in chain will be asked. If this property is + not specified, set to 0 or an invalid value, an infinite + timeout will be used. This property must be set read-only + for the guest + (<computeroutput>RDONLYGUEST</computeroutput>). + </para> + </listitem> + + </itemizedlist> + + <para> + To customize pam_vbox further there are the following guest + properties: + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>CredsMsgWaiting</computeroutput>: Custom + message showed while pam_vbox is waiting for credentials + from the host. This property must be set read-only for the + guest (<computeroutput>RDONLYGUEST</computeroutput>). + </para> + </listitem> + + <listitem> + <para> + <computeroutput>CredsMsgWaitTimeout</computeroutput>: Custom + message showed when waiting for credentials by pam_vbox has + timed out. For example, they did not arrive within time. + This property must be set read-only for the guest + (<computeroutput>RDONLYGUEST</computeroutput>). + </para> + </listitem> + + </itemizedlist> + + <note> + <para> + If a pam_vbox guest property does not have the correct flag + set (<computeroutput>RDONLYGUEST</computeroutput>) the + property is ignored and, depending on the property, a default + value will be used. This can result in pam_vbox not waiting + for credentials. Consult the appropriate syslog file for more + information and use the <computeroutput>debug</computeroutput> + option. + </para> + </note> + + <sect3 id="autologon_unix_lightdm"> + + <title>&product-name; Greeter for Ubuntu/LightDM</title> + + <para> + &product-name; comes with an own greeter module, named + vbox-greeter. The module can be used with LightDM 1.0.1 or + later. LightDM is the default display manager since Ubuntu + 10.11 and therefore also can be used for automated guest + logins. + </para> + + <para> + vbox-greeter does not need the + <computeroutput>pam_vbox</computeroutput> module described + above in order to function. It comes with its own + authentication mechanism provided by LightDM. However, to + provide maximum of flexibility both modules can be used + together on the same guest. + </para> + + <para> + As with the <computeroutput>pam_vbox</computeroutput> module, + vbox-greeter is shipped as part of the Guest Additions but it + is not installed or activated on the guest OS by default. To + install vbox-greeter automatically upon Guest Additions + installation, use the + <computeroutput>--with-autologon</computeroutput> switch when + starting the VBoxLinuxAdditions.run file: + </para> + +<screen># ./VBoxLinuxAdditions.run -- --with-autologon</screen> + + <para> + For manual or postponed installation, the + <computeroutput>vbox-greeter.desktop</computeroutput> file has + to be copied from + <computeroutput>/opt/VBoxGuestAdditions-<version>/other/</computeroutput> + to the <computeroutput>xgreeters</computeroutput> directory + This is usually + <computeroutput>/usr/share/xgreeters/</computeroutput>. Please + refer to your guest OS documentation for the correct LightDM + greeter directory. + </para> + + <para> + The vbox-greeter module itself already was installed by the + &product-name; Guest Additions installer and resides in + <computeroutput>/usr/sbin/</computeroutput>. To enable + vbox-greeter as the standard greeter module, the file + <computeroutput>/etc/lightdm/lightdm.conf</computeroutput> + needs to be edited: + </para> + +<screen>[SeatDefaults] +greeter-session=vbox-greeter</screen> + + <note> + <itemizedlist> + + <listitem> + <para> + The LightDM server needs to be fully restarted in order + for vbox-greeter to be used as the default greeter. As + root, run <computeroutput>service lightdm + --full-restart</computeroutput> on Ubuntu, or simply + restart the guest. + </para> + </listitem> + + <listitem> + <para> + vbox-greeter is independent of the graphical session + chosen by the user, such as Gnome, KDE, or Unity. + However, it requires FLTK 1.3 for representing its own + user interface. + </para> + </listitem> + + </itemizedlist> + </note> + + <para> + There are numerous guest properties which can be used to + further customize the login experience. For automatically + logging in users, the same guest properties apply as for + pam_vbox. See <xref linkend="autologon_unix" />. + </para> + + <para> + In addition to the above mentioned guest properties, + vbox-greeter allows further customization of its user + interface. These special guest properties all reside in + <computeroutput>/VirtualBox/GuestAdd/Greeter/</computeroutput>: + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>HideRestart</computeroutput>: Set to 1 if + vbox-greeter should hide the button to restart the guest. + This property must be set read-only for the guest + (<computeroutput>RDONLYGUEST</computeroutput>). + </para> + </listitem> + + <listitem> + <para> + <computeroutput>HideShutdown</computeroutput>: Set to 1 if + vbox-greeter should hide the button to shutdown the guest. + This property must be set read-only for the guest + (<computeroutput>RDONLYGUEST</computeroutput>). + </para> + </listitem> + + <listitem> + <para> + <computeroutput>BannerPath</computeroutput>: Path to a + .PNG file for using it as a banner on the top. The image + size must be 460 x 90 pixels, any bit depth. This property + must be set read-only for the guest + (<computeroutput>RDONLYGUEST</computeroutput>). + </para> + </listitem> + + <listitem> + <para> + <computeroutput>UseTheming</computeroutput>: Set to 1 for + turning on the following theming options. This property + must be set read-only for the guest + (<computeroutput>RDONLYGUEST</computeroutput>). + </para> + </listitem> + + <listitem> + <para> + <computeroutput>Theme/BackgroundColor</computeroutput>: + Hexadecimal RRGGBB color for the background. This property + must be set read-only for the guest + (<computeroutput>RDONLYGUEST</computeroutput>). + </para> + </listitem> + + <listitem> + <para> + <computeroutput>Theme/LogonDialog/HeaderColor</computeroutput>: + Hexadecimal RRGGBB foreground color for the header text. + This property must be set read-only for the guest + (<computeroutput>RDONLYGUEST</computeroutput>). + </para> + </listitem> + + <listitem> + <para> + <computeroutput>Theme/LogonDialog/BackgroundColor</computeroutput>: + Hexadecimal RRGGBB color for the login dialog background. + This property must be set read-only for the guest + (<computeroutput>RDONLYGUEST</computeroutput>). + </para> + </listitem> + + <listitem> + <para> + <computeroutput>Theme/LogonDialog/ButtonColor</computeroutput>: + Hexadecimal RRGGBB background color for the login dialog + button. This property must be set read-only for the guest + (<computeroutput>RDONLYGUEST</computeroutput>). + </para> + </listitem> + + </itemizedlist> + + <note> + <para> + The same restrictions for the guest properties above apply + as for the ones specified in the pam_vbox section. + </para> + </note> + + </sect3> + + </sect2> + + </sect1> + + <sect1 id="adv-config-win-guest"> + + <title>Advanced Configuration for Windows Guests</title> + + <sect2 id="sysprep"> + + <title>Automated Windows System Preparation</title> + + <para> + Beginning with Windows NT 4.0, Microsoft offers a system + preparation tool called Sysprep, to prepare a Windows system for + deployment or redistribution. Whereas Windows 2000 and XP ship + with Sysprep on the installation medium, the tool also is + available for download on the Microsoft web site. In a standard + installation of Windows Vista and 7, Sysprep is already + included. Sysprep mainly consists of an executable called + <computeroutput>sysprep.exe</computeroutput> which is invoked by + the user to put the Windows installation into preparation mode. + </para> + + <para> + The Guest Additions offer a way to launch a system preparation + on the guest operating system in an automated way, controlled + from the host system. See + <xref linkend="guestadd-guestcontrol" /> for details of how to + use this feature with the special identifier + <computeroutput>sysprep</computeroutput> as the program to + execute, along with the user name + <computeroutput>sysprep</computeroutput> and password + <computeroutput>sysprep</computeroutput> for the credentials. + Sysprep then gets launched with the required system rights. + </para> + + <note> + <para> + Specifying the location of "sysprep.exe" is + <emphasis + role="bold">not possible</emphasis>. Instead + the following paths are used, based on the operating system: + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>C:\sysprep\sysprep.exe</computeroutput> + for Windows NT 4.0, 2000 and XP + </para> + </listitem> + + <listitem> + <para> + <computeroutput>%WINDIR%\System32\Sysprep\sysprep.exe</computeroutput> + for Windows Vista, 2008 Server and 7 + </para> + </listitem> + + </itemizedlist> + + <para> + The Guest Additions will automatically use the appropriate + path to execute the system preparation tool. + </para> + </note> + + </sect2> + + </sect1> + + <sect1 id="adv-config-linux-guest"> + + <title>Advanced Configuration for Linux and Oracle Solaris Guests</title> + + <sect2 id="linux-guest-manual-setup"> + + <title>Manual Setup of Selected Guest Services on Linux</title> + + <para> + The &product-name; Guest Additions contain several different + drivers. If for any reason you do not wish to set them all up, + you can install the Guest Additions using the following command: + </para> + +<screen> sh ./VBoxLinuxAdditions.run no_setup</screen> + + <para> + After this, you will need to at least compile the kernel modules + by running the command as root: + </para> + +<screen> rcvboxadd setup</screen> + + <para> + You will need to replace <emphasis>lib</emphasis> by + <emphasis>lib64</emphasis> on some 64bit guests, and on older + guests without the udev service you will need to add the + <emphasis>vboxadd</emphasis> service to the default runlevel to + ensure that the modules get loaded. + </para> + + <para> + To setup the time synchronization service, add the service + vboxadd-service to the default runlevel. To set up the X11 and + OpenGL part of the Guest Additions, run the following command: + </para> + +<screen> rcvboxadd-x11 setup</screen> + + <para> + You do not need to enable any services for this. + </para> + + <para> + To recompile the guest kernel modules, use this command: + </para> + +<screen> rcvboxadd setup</screen> + + <para> + After compilation you should reboot your guest to ensure that + the new modules are actually used. + </para> + + </sect2> + + <sect2 id="guestxorgsetup"> + + <title>Guest Graphics and Mouse Driver Setup in Depth</title> + + <para> + This section assumes that you are familiar with configuring the + X.Org server using xorg.conf and optionally the newer mechanisms + using hal or udev and xorg.conf.d. If not you can learn about + them by studying the documentation which comes with X.Org. + </para> + + <para> + The &product-name; Guest Additions include the following drivers + for X.Org versions: + </para> + + <itemizedlist> + + <listitem> + <para> + X11R6.8/X11R6.9 and XFree86 version 4.3 (vboxvideo_drv_68.o + and vboxmouse_drv_68.o) + </para> + </listitem> + + <listitem> + <para> + X11R7.0 (vboxvideo_drv_70.so and vboxmouse_drv_70.so) + </para> + </listitem> + + <listitem> + <para> + X11R7.1 (vboxvideo_drv_71.so and vboxmouse_drv_71.so) + </para> + </listitem> + + <listitem> + <para> + X.Org Server versions 1.3 and later (vboxvideo_drv_13.so + vboxmouse_drv_13.so, and later versions). + </para> + </listitem> + + </itemizedlist> + + <para> + By default these drivers can be found in the folowing directory: + </para> + + <para> + <computeroutput>/opt/VBoxGuestAdditions-<version>/other/</computeroutput> + </para> + + <para> + The correct versions for the X server are symbolically linked + into the X.Org driver directories. + </para> + + <para> + For graphics integration to work correctly, the X server must + load the vboxvideo driver. Many recent X server versions look + for it automatically if they see that they are running in + &product-name;. For an optimal user experience the guest kernel + drivers must be loaded and the Guest Additions tool VBoxClient + must be running as a client in the X session. For mouse + integration to work correctly, the guest kernel drivers must be + loaded and in addition, in X servers from X.Org X11R6.8 to + X11R7.1 and in XFree86 version 4.3 the right vboxmouse driver + must be loaded and associated with /dev/mouse or /dev/psaux. In + X.Org server 1.3 or later a driver for a PS/2 mouse must be + loaded and the right vboxmouse driver must be associated with + /dev/vboxguest. + </para> + + <para> + The &product-name; guest graphics driver can use any graphics + configuration for which the virtual resolution fits into the + virtual video memory allocated to the virtual machine, minus a + small amount used by the guest driver, as described in + <xref + linkend="settings-display" />. The driver will offer + a range of standard modes at least up to the default guest + resolution for all active guest monitors. In X.Org Server 1.3 + and later the default mode can be changed by setting the output + property VBOX_MODE to "<width>x<height>" for any + guest monitor. When VBoxClient and the kernel drivers are active + this is done automatically when the host requests a mode change. + The driver for older versions can only receive new modes by + querying the host for requests at regular intervals. + </para> + + <para> + With X Servers before version 1.3, you can also add your own + modes to the X server configuration file. You simply need to add + them to the "Modes" list in the "Display" subsection of the + "Screen" section. For example, the following section has a + custom 2048x800 resolution mode added: + </para> + +<screen>Section "Screen" + Identifier "Default Screen" + Device "VirtualBox graphics card" + Monitor "Generic Monitor" + DefaultDepth 24 + SubSection "Display" + Depth 24 + Modes "2048x800" "800x600" "640x480" + EndSubSection +EndSection</screen> + + </sect2> + + </sect1> + + <sect1 id="cpuhotplug"> + + <title>CPU Hot-Plugging</title> + + <para> + With virtual machines running modern server operating systems, + &product-name; supports CPU hot-plugging. + </para> + + <para> + On a physical computer CPU hot-plugging would mean that a CPU can + be added or removed while the machine is running. &product-name; + supports adding and removing of virtual CPUs while a virtual + machine is running. + </para> + + <para> + CPU hot-plugging works only with guest operating systems that + support the feature. So far this applies only to Linux and Windows + Server. Windows supports only hot-add, while Linux supports + hot-add and hot-remove. To use this feature with more than 8 CPUs, + a 64-bit Linux guest is required. + </para> + + <para> + CPU hot-plugging is done using the <command>VBoxManage</command> + command-line interface. First, hot-plugging needs to be enabled + for a virtual machine: + </para> + +<screen>VBoxManage modifyvm "VM name" --cpuhotplug on</screen> + + <para> + The <computeroutput>--cpus</computeroutput> option is used to + specify the maximum number of CPUs that the virtual machine can + have: + </para> + +<screen>VBoxManage modifyvm "VM name" --cpus 8</screen> + + <para> + When the VM is off, you can then add and remove virtual CPUs with + the <computeroutput>modifyvm --plugcpu</computeroutput> and + <computeroutput>--unplugcpu</computeroutput> subcommands, which + take the number of the virtual CPU as a parameter, as follows: + </para> + +<screen>VBoxManage modifyvm "VM name" --plugcpu 3 +VBoxManage modifyvm "VM name" --unplugcpu 3</screen> + + <para> + Note that CPU 0 can never be removed. + </para> + + <para> + While the VM is running, CPUs can be added and removed with the + <computeroutput>controlvm plugcpu</computeroutput> and + <computeroutput>unplugcpu</computeroutput> commands instead, as + follows: + </para> + +<screen>VBoxManage controlvm "VM name" plugcpu 3 +VBoxManage controlvm "VM name" unplugcpu 3</screen> + + <para> + See <xref linkend="vboxmanage-modifyvm" /> and + <xref + linkend="vboxmanage-controlvm" /> for details. + </para> + + <para> + With Linux guests, the following applies: + </para> + + <para> + To prevent ejection while the CPU is still used it has to be + ejected from within the guest before. The Linux Guest Additions + contain a service which receives hot-remove events and ejects the + CPU. Also, after a CPU is added to the VM it is not automatically + used by Linux. The Linux Guest Additions service will take care of + that if installed. If not a CPU can be started with the following + command: + </para> + +<screen>echo 1 > /sys/devices/system/cpu/cpu<id>/online</screen> + + </sect1> + + <sect1 id="pcipassthrough"> + + <title>PCI Passthrough</title> + + <para> + When running on Linux hosts with a kernel version later than + <computeroutput>2.6.31</computeroutput>, experimental host PCI + devices passthrough is available. + </para> + + <note> + <para> + The PCI passthrough module is shipped as a &product-name; + extension package, which must be installed separately. See + <xref + linkend="intro-installing" />. + </para> + </note> + + <para> + This feature enables a guest to directly use physical PCI devices + on the host, even if host does not have drivers for this + particular device. Both, regular PCI and some PCI Express cards, + are supported. AGP and certain PCI Express cards are not supported + at the moment if they rely on Graphics Address Remapping Table + (GART) unit programming for texture management as it does rather + non-trivial operations with pages remapping interfering with + IOMMU. This limitation may be lifted in future releases. + </para> + + <para> + To be fully functional, PCI passthrough support in &product-name; + depends upon an IOMMU hardware unit which is not yet too widely + available. If the device uses bus mastering, for example it + performs DMA to the OS memory on its own, then an IOMMU is + required. Otherwise such DMA transactions may write to the wrong + physical memory address as the device DMA engine is programmed + using a device-specific protocol to perform memory transactions. + The IOMMU functions as translation unit mapping physical memory + access requests from the device using knowledge of the guest + physical address to host physical addresses translation rules. + </para> + + <para> + Intel's solution for IOMMU is called Intel Virtualization + Technology for Directed I/O (VT-d), and AMD's solution is called + AMD-Vi. Check your motherboard datasheet for the appropriate + technology. Even if your hardware does not have a IOMMU, certain + PCI cards may work, such as serial PCI adapters, but the guest + will show a warning on boot and the VM execution will terminate if + the guest driver will attempt to enable card bus mastering. + </para> + + <para> + It is very common that the BIOS or the host OS disables the IOMMU + by default. So before any attempt to use it please make sure that + the following apply: + </para> + + <itemizedlist> + + <listitem> + <para> + Your motherboard has an IOMMU unit. + </para> + </listitem> + + <listitem> + <para> + Your CPU supports the IOMMU. + </para> + </listitem> + + <listitem> + <para> + The IOMMU is enabled in the BIOS. + </para> + </listitem> + + <listitem> + <para> + The VM must run with VT-x/AMD-V and nested paging enabled. + </para> + </listitem> + + <listitem> + <para> + Your Linux kernel was compiled with IOMMU support, including + DMA remapping. See the + <computeroutput>CONFIG_DMAR</computeroutput> kernel + compilation option. The PCI stub driver + (<computeroutput>CONFIG_PCI_STUB</computeroutput>) is required + as well. + </para> + </listitem> + + <listitem> + <para> + Your Linux kernel recognizes and uses the IOMMU unit. The + <computeroutput>intel_iommu=on</computeroutput> boot option + could be needed. Search for DMAR and PCI-DMA in kernel boot + log. + </para> + </listitem> + + </itemizedlist> + + <para> + Once you made sure that the host kernel supports the IOMMU, the + next step is to select the PCI card and attach it to the guest. To + figure out the list of available PCI devices, use the + <command>lspci</command> command. The output will look as follows: + </para> + +<screen>01:00.0 VGA compatible controller: ATI Technologies Inc Cedar PRO [Radeon HD 5450] +01:00.1 Audio device: ATI Technologies Inc Manhattan HDMI Audio [Mobility Radeon HD 5000 Series] +02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit + Ethernet controller (rev 03) +03:00.0 SATA controller: JMicron Technology Corp. JMB362/JMB363 Serial ATA Controller (rev 03) +03:00.1 IDE interface: JMicron Technology Corp. JMB362/JMB363 Serial ATA Controller (rev 03) +06:00.0 VGA compatible controller: nVidia Corporation G86 [GeForce 8500 GT] (rev a1)</screen> + + <para> + The first column is a PCI address, in the format + <computeroutput>bus:device.function</computeroutput>. This address + could be used to identify the device for further operations. For + example, to attach a PCI network controller on the system listed + above to the second PCI bus in the guest, as device 5, function 0, + use the following command: + </para> + +<screen>VBoxManage modifyvm "VM name" --pciattach 02:00.0@01:05.0</screen> + + <para> + To detach the same device, use: + </para> + +<screen>VBoxManage modifyvm "VM name" --pcidetach 02:00.0</screen> + + <para> + Please note that both host and guest could freely assign a + different PCI address to the card attached during runtime, so + those addresses only apply to the address of the card at the + moment of attachment on the host, and during BIOS PCI init on the + guest. + </para> + + <para> + If the virtual machine has a PCI device attached, certain + limitations apply: + </para> + + <itemizedlist> + + <listitem> + <para> + Only PCI cards with non-shared interrupts, such as those using + MSI on the host, are supported at the moment. + </para> + </listitem> + + <listitem> + <para> + No guest state can be reliably saved or restored. The internal + state of the PCI card cannot be retrieved. + </para> + </listitem> + + <listitem> + <para> + Teleportation, also called live migration, does not work. The + internal state of the PCI card cannot be retrieved. + </para> + </listitem> + + <listitem> + <para> + No lazy physical memory allocation. The host will preallocate + the whole RAM required for the VM on startup, as we cannot + catch physical hardware accesses to the physical memory. + </para> + </listitem> + + </itemizedlist> + + </sect1> + + <sect1 id="webcam-passthrough"> + + <title>Webcam Passthrough</title> + + <sect2 id="webcam-using-guest"> + + <title>Using a Host Webcam in the Guest</title> + + <para> + &product-name; 4.3 includes an experimental feature which + enables a guest to use a host webcam. This complements the + general USB passthrough support which was the typical way of + using host webcams in earlier versions. The webcam passthrough + support can handle non-USB video sources in theory, but this is + completely untested. + </para> + + <note> + <para> + The webcam passthrough module is shipped as part of the + &product-name; extension pack, which must be installed + separately. See <xref + linkend="intro-installing" />. + </para> + </note> + + <para> + The host webcam can be attached to the VM using the + <emphasis role="bold">Devices</emphasis> menu in the VM menu + bar. The <emphasis role="bold">Webcams</emphasis> menu contains + a list of available video input devices on the host. Clicking on + a webcam name attaches or detaches the corresponding host + device. + </para> + + <para> + The <command>VBoxManage</command> command line tool can be used + to enable webcam passthrough. Please see the host-specific + sections below for additional details. The following commands + are available: + </para> + + <itemizedlist> + + <listitem> + <para> + Get a list of host webcams, or other video input devices: + </para> + +<screen>VBoxManage list webcams</screen> + + <para> + The output format is as follows: + </para> + +<screen>alias "user friendly name" +host path or identifier</screen> + + <para> + The alias can be used as a shortcut in other commands. Alias + '.0' means the default video input device on the host. Alias + '.1', '.2'means first, second video input device, and so on. + The device order is host-specific. + </para> + </listitem> + + <listitem> + <para> + Attach a webcam to a running VM, as follows: + </para> + +<screen>VBoxManage controlvm "VM name" webcam attach [host_path|alias [settings]]</screen> + + <para> + This attaches a USB webcam device to the guest. + </para> + + <para> + The <computeroutput>settings</computeroutput> parameter is a + string + <computeroutput>Setting1=Value1;Setting2=Value2</computeroutput>, + which enables you to configure the emulated webcam device. + The following settings are supported: + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>MaxFramerate</computeroutput>: The + highest rate at which video frames are sent to the + guest. A higher frame rate requires more CPU power. + Therefore sometimes it is useful to set a lower limit. + Default is no limit and allow the guest to use all frame + rates supported by the host webcam. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>MaxPayloadTransferSize</computeroutput>: + How many bytes the emulated webcam can send to the guest + at a time. Default value is 3060 bytes, which is used by + some webcams. Higher values can slightly reduce CPU + load, if the guest is able to use larger buffers. + However, a high + <computeroutput>MaxPayloadTransferSize</computeroutput> + might be not supported by some guests. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + Detach a webcam from a running VM, as follows: + </para> + +<screen>VBoxManage controlvm "VM name" webcam detach [host_path|alias]</screen> + </listitem> + + <listitem> + <para> + List the webcams attached to a running VM, as follows: + </para> + +<screen>VBoxManage controlvm "VM name" webcam list</screen> + + <para> + The output contains the path or alias which was used in the + <command>webcam attach</command> command for each attached + webcam. + </para> + </listitem> + + </itemizedlist> + + </sect2> + + <sect2 id="webcam-win-hosts"> + + <title>Windows Hosts</title> + + <para> + When the webcam device is detached from the host, the emulated + webcam device is automatically detached from the guest. + </para> + + </sect2> + + <sect2 id="webcam-mac-hosts"> + + <title>Mac OS X Hosts</title> + + <para> + OS X version 10.9 or later is required. + </para> + + <para> + When the webcam device is detached from the host, the emulated + webcam device remains attached to the guest and must be manually + detached using the <computeroutput>VBoxManage controlvm "VM + name" webcam detach</computeroutput> command. + </para> + + </sect2> + + <sect2 id="webcam-linux-hosts"> + + <title>Linux and Oracle Solaris Hosts</title> + + <para> + When the webcam is detached from the host the emulated webcam + device is automatically detached from the guest only if the + webcam is streaming video. If the emulated webcam is inactive it + should be manually detached using the <computeroutput>VBoxManage + controlvm "VM name" webcam detach</computeroutput> command. + </para> + + <para> + Aliases <computeroutput>.0</computeroutput> and + <computeroutput>.1</computeroutput> are mapped to + <computeroutput>/dev/video0</computeroutput>, alias + <computeroutput>.2</computeroutput> is mapped to + <computeroutput>/dev/video1</computeroutput> and so forth. + </para> + + </sect2> + + </sect1> + + <sect1 id="adv-display-config"> + + <title>Advanced Display Configuration</title> + + <sect2 id="customvesa"> + + <title>Custom VESA Resolutions</title> + + <para> + Apart from the standard VESA resolutions, the &product-name; + VESA BIOS enables you to add up to 16 custom video modes which + will be reported to the guest operating system. When using + Windows guests with the &product-name; Guest Additions, a custom + graphics driver will be used instead of the fallback VESA + solution so this information does not apply. + </para> + + <para> + Additional video modes can be configured for each VM using the + extra data facility. The extra data key is called + <computeroutput>CustomVideoMode<x></computeroutput> with + <computeroutput>x</computeroutput> being a number from 1 to 16. + Please note that modes will be read from 1 until either the + following number is not defined or 16 is reached. The following + example adds a video mode that corresponds to the native display + resolution of many notebook computers: + </para> + +<screen>VBoxManage setextradata "VM name" "CustomVideoMode1" "1400x1050x16"</screen> + + <para> + The VESA mode IDs for custom video modes start at + <computeroutput>0x160</computeroutput>. In order to use the + above defined custom video mode, the following command line has + to be supplied to Linux: + </para> + +<screen>vga = 0x200 | 0x160 +vga = 864</screen> + + <para> + For guest operating systems with &product-name; Guest Additions, + a custom video mode can be set using the video mode hint + feature. + </para> + + </sect2> + + <sect2 id="max-resolution-guests"> + + <title>Configuring the Maximum Resolution of Guests When Using the Graphical + Frontend</title> + + <para> + When guest systems with the Guest Additions installed are + started using the graphical frontend, the normal &product-name; + application, they will not be allowed to use screen resolutions + greater than the host's screen size unless the user manually + resizes them by dragging the window, switching to full screen or + seamless mode or sending a video mode hint using + <command>VBoxManage</command>. This behavior is what most users + will want, but if you have different needs, it is possible to + change it by issuing one of the following commands from the + command line: + </para> + +<screen>VBoxManage setextradata global GUI/MaxGuestResolution any</screen> + + <para> + will remove all limits on guest resolutions. + </para> + +<screen>VBoxManage setextradata global GUI/MaxGuestResolution >width,height<</screen> + + <para> + manually specifies a maximum resolution. + </para> + +<screen>VBoxManage setextradata global GUI/MaxGuestResolution auto</screen> + + <para> + restores the default settings. Note that these settings apply + globally to all guest systems, not just to a single machine. + </para> + + </sect2> + + </sect1> + + <sect1 id="adv-storage-config"> + + <title>Advanced Storage Configuration</title> + + <sect2 id="rawdisk"> + + <title>Using a Raw Host Hard Disk From a Guest</title> + + <para> + As an alternative to using virtual disk images as described in + <xref linkend="storage" />, &product-name; can also present + either entire physical hard disks or selected partitions as + virtual disks to virtual machines. + </para> + + <para> + With &product-name;, this type of access is called <emphasis>raw + hard disk access</emphasis>. It enables a guest operating system + to access its virtual hard disk without going through the host + OS file system. The actual performance difference for image + files vs. raw disk varies greatly depending on the overhead of + the host file system, whether dynamically growing images are + used, and on host OS caching strategies. The caching indirectly + also affects other aspects such as failure behavior. For + example, whether the virtual disk contains all data written + before a host OS crash. Consult your host OS documentation for + details on this. + </para> + + <warning> + <para> + Raw hard disk access is for expert users only. Incorrect use + or use of an outdated configuration can lead to + <emphasis role="bold">total loss of data</emphasis> on the + physical disk. Most importantly, <emphasis>do not</emphasis> + attempt to boot the partition with the currently running host + operating system in a guest. This will lead to severe data + corruption. + </para> + </warning> + + <para> + Raw hard disk access, both for entire disks and individual + partitions, is implemented as part of the VMDK image format + support. As a result, you will need to create a special VMDK + image file which defines where the data will be stored. After + creating such a special VMDK image, you can use it like a + regular virtual disk image. For example, you can use the + VirtualBox Manager, see <xref linkend="vdis" />, or + <command>VBoxManage</command> to assign the image to a virtual + machine. + </para> + + <sect3 id="rawdisk-access-entire-physical-disk"> + + <title>Access to Entire Physical Hard Disk</title> + + <para> + While this variant is the simplest to set up, you must be + aware that this will give a guest operating system direct and + full access to an <emphasis>entire physical disk</emphasis>. + If your <emphasis>host</emphasis> operating system is also + booted from this disk, please take special care to not access + the partition from the guest at all. On the positive side, the + physical disk can be repartitioned in arbitrary ways without + having to recreate the image file that gives access to the raw + disk. + </para> + + <para> + On a Linux host, to create an image that represents an entire + physical hard disk which will not contain any actual data, as + this will all be stored on the physical disk, use the + following command: + </para> + +<screen>VBoxManage internalcommands createrawvmdk -filename /path/to/file.vmdk + -rawdisk /dev/sda</screen> + + <para> + This creates the image + <computeroutput>/path/to/file.vmdk</computeroutput>, which + must be an absolute path. All data will be read and written + from <computeroutput>/dev/sda</computeroutput>. + </para> + + <para> + On a Windows host, instead of the above device specification, + for example use + <computeroutput>\\.\PhysicalDrive0</computeroutput>. On a Mac + OS X host, instead of the above device specification use for + example <computeroutput>/dev/disk1</computeroutput>. Note that + on OS X you can only get access to an entire disk if no volume + is mounted from it. + </para> + + <para> + Creating the image requires read/write access for the given + device. Read/write access is also later needed when using the + image from a virtual machine. On some host platforms, such as + Windows Vista and later, raw disk access may be restricted and + not permitted by the host OS in some situations. + </para> + + <para> + Just like with regular disk images, this does not + automatically attach the newly created image to a virtual + machine. This can be done as follows: + </para> + +<screen>VBoxManage storageattach WindowsXP --storagectl "IDE Controller" + --port 0 --device 0 --type hdd --medium /path/to/file.vmdk</screen> + + <para> + When this is done the selected virtual machine will boot from + the specified physical disk. + </para> + + </sect3> + + <sect3 id="rawdisk-access-disk-partitions"> + + <title>Access to Individual Physical Hard Disk Partitions</title> + + <para> + This <emphasis>raw partition support</emphasis> is quite + similar to the full hard disk access described above. However, + in this case, any partitioning information will be stored + inside the VMDK image. This means that you can install a + different boot loader in the virtual hard disk without + affecting the host's partitioning information. While the guest + will be able to <emphasis>see</emphasis> all partitions that + exist on the physical disk, access will be filtered in that + reading from partitions for which no access is allowed the + partitions will only yield zeroes, and all writes to them are + ignored. + </para> + + <para> + To create a special image for raw partition support, which + will contain a small amount of data, on a Linux host, use the + command: + </para> + +<screen>VBoxManage internalcommands createrawvmdk -filename /path/to/file.vmdk + -rawdisk /dev/sda -partitions 1,5</screen> + + <para> + The command is identical to the one for full hard disk access, + except for the additional + <computeroutput>-partitions</computeroutput> parameter. This + example would create the image + <computeroutput>/path/to/file.vmdk</computeroutput>, which + must be absolute, and partitions 1 and 5 of + <computeroutput>/dev/sda</computeroutput> would be made + accessible to the guest. + </para> + + <para> + &product-name; uses the same partition numbering as your Linux + host. As a result, the numbers given in the above example + would refer to the first primary partition and the first + logical drive in the extended partition, respectively. + </para> + + <para> + On a Windows host, instead of the above device specification, + use for example + <computeroutput>\\.\PhysicalDrive0</computeroutput>. On a Mac + OS X host, instead of the above device specification use + <computeroutput>/dev/disk1</computeroutput>, for example. Note + that on OS X you can only use partitions which are not + mounted. Eject the respective volume first. Partition numbers + are the same on Linux, Windows, and Mac OS X hosts. + </para> + + <para> + The numbers for the list of partitions can be taken from the + output of the following command: + </para> + +<screen>VBoxManage internalcommands listpartitions -rawdisk /dev/sda</screen> + + <para> + The output lists the partition types and sizes to give the + user enough information to identify the partitions necessary + for the guest. + </para> + + <para> + Images which give access to individual partitions are specific + to a particular host disk setup. You cannot transfer these + images to another host. Also, whenever the host partitioning + changes, the image <emphasis>must be recreated</emphasis>. + </para> + + <para> + Creating the image requires read/write access for the given + device. Read/write access is also later needed when using the + image from a virtual machine. If this is not feasible, there + is a special variant for raw partition access, currently only + available on Linux hosts, that avoids having to give the + current user access to the entire disk. To set up such an + image, use: + </para> + +<screen>VBoxManage internalcommands createrawvmdk -filename /path/to/file.vmdk + -rawdisk /dev/sda -partitions 1,5 -relative</screen> + + <para> + When used from a virtual machine, the image will then refer + not to the entire disk, but only to the individual partitions. + In this example, <computeroutput>/dev/sda1</computeroutput> + and <computeroutput>/dev/sda5</computeroutput>. As a + consequence, read/write access is only required for the + affected partitions, not for the entire disk. During creation + however, read-only access to the entire disk is required to + obtain the partitioning information. + </para> + + <para> + In some configurations it may be necessary to change the MBR + code of the created image. For example, to replace the Linux + boot loader that is used on the host by another boot loader. + This enables for example the guest to boot directly to + Windows, while the host boots Linux from the "same" disk. For + this purpose the <computeroutput>-mbr</computeroutput> + parameter is provided. It specifies a file name from which to + take the MBR code. The partition table is not modified at all, + so a MBR file from a system with totally different + partitioning can be used. An example of this is: + </para> + +<screen>VBoxManage internalcommands createrawvmdk -filename /path/to/file.vmdk + -rawdisk /dev/sda -partitions 1,5 -mbr winxp.mbr</screen> + + <para> + The modified MBR will be stored inside the image, not on the + host disk. + </para> + + <para> + The created image can be attached to a storage controller in a + VM configuration as usual. + </para> + + </sect3> + + </sect2> + + <sect2 id="changevpd"> + + <title>Configuring the Hard Disk Vendor Product Data (VPD)</title> + + <para> + &product-name; reports vendor product data for its virtual hard + disks which consist of hard disk serial number, firmware + revision and model number. These can be changed using the + following commands: + </para> + +<screen>VBoxManage setextradata "VM name" + "VBoxInternal/Devices/ahci/0/Config/Port0/SerialNumber" "serial" +VBoxManage setextradata "VM name" + "VBoxInternal/Devices/ahci/0/Config/Port0/FirmwareRevision" "firmware" +VBoxManage setextradata "VM name" + "VBoxInternal/Devices/ahci/0/Config/Port0/ModelNumber" "model"</screen> + + <para> + The serial number is a 20 byte alphanumeric string, the firmware + revision an 8 byte alphanumeric string and the model number a 40 + byte alphanumeric string. Instead of Port0, referring to the + first port, specify the desired SATA hard disk port. + </para> + + <para> + The above commands apply to virtual machines with an AHCI (SATA) + controller. The commands for virtual machines with an IDE + controller are: + </para> + +<screen>VBoxManage setextradata "VM name" + "VBoxInternal/Devices/piix3ide/0/Config/PrimaryMaster/SerialNumber" "serial" +VBoxManage setextradata "VM name" + "VBoxInternal/Devices/piix3ide/0/Config/PrimaryMaster/FirmwareRevision" "firmware" +VBoxManage setextradata "VM name" + "VBoxInternal/Devices/piix3ide/0/Config/PrimaryMaster/ModelNumber" "model"</screen> + + <para> + For hard disks it is also possible to mark the drive as having a + non-rotational medium with: + </para> + +<screen>VBoxManage setextradata "VM name" + "VBoxInternal/Devices/ahci/0/Config/Port0/NonRotational" "1"</screen> + + <para> + Additional three parameters are needed for CD/DVD drives to + report the vendor product data: + </para> + +<screen>VBoxManage setextradata "VM name" + "VBoxInternal/Devices/ahci/0/Config/Port0/ATAPIVendorId" "vendor" +VBoxManage setextradata "VM name" + "VBoxInternal/Devices/ahci/0/Config/Port0/ATAPIProductId" "product" +VBoxManage setextradata "VM name" + "VBoxInternal/Devices/ahci/0/Config/Port0/ATAPIRevision" "revision"</screen> + + <para> + The vendor id is an 8 byte alphanumeric string, the product id + an 16 byte alphanumeric string and the revision a 4 byte + alphanumeric string. Instead of Port0, referring to the first + port, specify the desired SATA hard disk port. + </para> + + </sect2> + + <sect2 id="iscsi-intnet"> + + <title>Access iSCSI Targets Using Internal Networking</title> + + <para> + As an experimental feature, &product-name; enables access to an + iSCSI target running in a virtual machine which is configured to + use Internal Networking mode. See + <xref linkend="storage-iscsi" />, + <xref linkend="network_internal" />, and + <xref + linkend="vboxmanage-storageattach" />. + </para> + + <para> + The IP stack accessing Internal Networking must be configured in + the virtual machine which accesses the iSCSI target. A free + static IP and a MAC address not used by other virtual machines + must be chosen. In the example below, adapt the name of the + virtual machine, the MAC address, the IP configuration, and the + Internal Networking name (MyIntNet) according to your needs. The + following eight commands must first be issued: + </para> + +<screen>VBoxManage setextradata "VM name" VBoxInternal/Devices/IntNetIP/0/Trusted 1 +VBoxManage setextradata "VM name" VBoxInternal/Devices/IntNetIP/0/Config/MAC 08:00:27:01:02:0f +VBoxManage setextradata "VM name" VBoxInternal/Devices/IntNetIP/0/Config/IP 10.0.9.1 +VBoxManage setextradata "VM name" VBoxInternal/Devices/IntNetIP/0/Config/Netmask 255.255.255.0 +VBoxManage setextradata "VM name" VBoxInternal/Devices/IntNetIP/0/LUN#0/Driver IntNet +VBoxManage setextradata "VM name" VBoxInternal/Devices/IntNetIP/0/LUN#0/Config/Network MyIntNet +VBoxManage setextradata "VM name" VBoxInternal/Devices/IntNetIP/0/LUN#0/Config/TrunkType 2 +VBoxManage setextradata "VM name" VBoxInternal/Devices/IntNetIP/0/LUN#0/Config/IsService 1</screen> + + <para> + Finally the iSCSI disk must be attached with the + <computeroutput>--intnet</computeroutput> option to tell the + iSCSI initiator to use internal networking, as follows: + </para> + +<screen>VBoxManage storageattach ... --medium iscsi +--server 10.0.9.30 --target iqn.2008-12.com.sun:sampletarget --intnet</screen> + + <para> + Compared to a regular iSCSI setup, the IP address of the target + <emphasis>must</emphasis> be specified as a numeric IP address, + as there is no DNS resolver for internal networking. + </para> + + <para> + The virtual machine with the iSCSI target should be started + before the VM using it is powered on. If a virtual machine using + an iSCSI disk is started without having the iSCSI target powered + up, it can take up to 200 seconds to detect this situation. The + VM will fail to power up. + </para> + + </sect2> + + </sect1> + + <sect1 id="serialports-legacy-cmds"> + + <title>Legacy Commands for Using Serial Ports</title> + + <para> + In legacy releases, &product-name; provided support for virtual + serial ports. This was rather complicated to set up, requiring a + sequence of <command>VBoxManage setextradata</command> statements. + That method of setting up serial ports is no longer necessary and + <emphasis>deprecated.</emphasis> To set up virtual serial ports, + use the methods described in <xref linkend="serialports" />. + </para> + + <note> + <para> + For backwards compatibility, the legacy + <computeroutput>setextradata</computeroutput> statements, whose + description is retained below from the old version of the + manual, take <emphasis>precedence</emphasis> over the new way of + configuring serial ports. As a result, if configuring serial + ports the new way does not work, make sure the VM in question + does not have old configuration data such as below still active. + </para> + </note> + + <para> + The legacy sequence of configuring a serial port used the + following commands: + </para> + +<screen>VBoxManage setextradata "VM name" + "VBoxInternal/Devices/serial/0/Config/IRQ" 4 +VBoxManage setextradata "VM name" + "VBoxInternal/Devices/serial/0/Config/IOBase" 0x3f8 +VBoxManage setextradata "VM name" + "VBoxInternal/Devices/serial/0/LUN#0/Driver" Char +VBoxManage setextradata "VM name" + "VBoxInternal/Devices/serial/0/LUN#0/AttachedDriver/Driver" NamedPipe +VBoxManage setextradata "VM name" + "VBoxInternal/Devices/serial/0/LUN#0/AttachedDriver/Config/Location" "\\.\pipe\vboxCOM1" +VBoxManage setextradata "VM name" + "VBoxInternal/Devices/serial/0/LUN#0/AttachedDriver/Config/IsServer" 1</screen> + + <para> + This sets up a serial port in the guest with the default settings + for COM1 (IRQ 4, I/O address 0x3f8) and the + <computeroutput>Location</computeroutput> setting assumes that + this configuration is used on a Windows host, because the Windows + named pipe syntax is used. Keep in mind that on Windows hosts a + named pipe must always start with + <computeroutput>\\.\pipe\</computeroutput>. On Linux the same + configuration settings apply, except that the path name for the + <computeroutput>Location</computeroutput> can be chosen more + freely. Local domain sockets can be placed anywhere, provided the + user running &product-name; has the permission to create a new + file in the directory. The final command above defines that + &product-name; acts as a server. It creates the named pipe itself + instead of connecting to an already existing one. + </para> + + </sect1> + + <sect1 id="changenat"> + + <title>Fine Tuning the &product-name; NAT Engine</title> + + <sect2 id="nat-address-config"> + + <title>Configuring the Address of a NAT Network Interface</title> + + <para> + In NAT mode, the guest network interface is assigned to the IPv4 + range <computeroutput>10.0.x.0/24</computeroutput> by default + where <computeroutput>x</computeroutput> corresponds to the + instance of the NAT interface +2. So + <computeroutput>x</computeroutput> is 2 when there is only one + NAT instance active. In that case the guest is assigned to the + address <computeroutput>10.0.2.15</computeroutput>, the gateway + is set to <computeroutput>10.0.2.2</computeroutput> and the name + server can be found at + <computeroutput>10.0.2.3</computeroutput>. + </para> + + <para> + If the NAT network needs to be changed, use the following + command: + </para> + +<screen>VBoxManage modifyvm "VM name" --natnet1 "192.168/16"</screen> + + <para> + This command would reserve the network addresses from + <computeroutput>192.168.0.0</computeroutput> to + <computeroutput>192.168.254.254</computeroutput> for the first + NAT network instance of "VM name". The guest IP would be + assigned to <computeroutput>192.168.0.15</computeroutput> and + the default gateway could be found at + <computeroutput>192.168.0.2</computeroutput>. + </para> + + </sect2> + + <sect2 id="nat-adv-tftp"> + + <title>Configuring the Boot Server (Next Server) of a NAT Network Interface</title> + + <para> + For network booting in NAT mode, by default &product-name; uses + a built-in TFTP server at the IP address 10.0.2.4. This default + behavior should work fine for typical remote-booting scenarios. + However, it is possible to change the boot server IP and the + location of the boot image with the following commands: + </para> + +<screen>VBoxManage modifyvm "VM name" --nattftpserver1 10.0.2.2 +VBoxManage modifyvm "VM name" --nattftpfile1 /srv/tftp/boot/MyPXEBoot.pxe</screen> + + </sect2> + + <sect2 id="nat-adv-settings"> + + <title>Tuning TCP/IP Buffers for NAT</title> + + <para> + The &product-name; NAT stack performance is often determined by + its interaction with the host's TCP/IP stack and the size of + several buffers, <computeroutput>SO_RCVBUF</computeroutput> and + <computeroutput>SO_SNDBUF</computeroutput>. For certain setups + users might want to adjust the buffer size for a better + performance. This can by achieved using the following commands, + where values are in kilobytes and can range from 8 to 1024: + </para> + +<screen>VBoxManage modifyvm "VM name" --natsettings1 16000,128,128,0,0</screen> + + <para> + This example illustrates tuning the NAT settings. The first + parameter is the MTU, then the size of the socket's send buffer + and the size of the socket's receive buffer, the initial size of + the TCP send window, and lastly the initial size of the TCP + receive window. Note that specifying zero means fallback to the + default value. + </para> + + <para> + Each of these buffers has a default size of 64KB and default MTU + is 1500. + </para> + + </sect2> + + <sect2 id="nat-bind-sockets"> + + <title>Binding NAT Sockets to a Specific Interface</title> + + <para> + By default, &product-name;'s NAT engine will route TCP/IP + packets through the default interface assigned by the host's + TCP/IP stack. The technical reason for this is that the NAT + engine uses sockets for communication. If you want to change + this behavior, you can tell the NAT engine to bind to a + particular IP address instead. For example, use the following + command: + </para> + +<screen>VBoxManage modifyvm "VM name" --natbindip1 "10.45.0.2"</screen> + + <para> + After this, all outgoing traffic will be sent through the + interface with the IP address 10.45.0.2. Ensure that this + interface is up and running before changing the NAT bind + address. + </para> + + </sect2> + + <sect2 id="nat-adv-dns"> + + <title>Enabling DNS Proxy in NAT Mode</title> + + <para> + The NAT engine by default offers the same DNS servers to the + guest that are configured on the host. In some scenarios, it can + be desirable to hide the DNS server IPs from the guest, for + example when this information can change on the host due to + expiring DHCP leases. In this case, you can tell the NAT engine + to act as DNS proxy using the following command: + </para> + +<screen>VBoxManage modifyvm "VM name" --natdnsproxy1 on</screen> + + </sect2> + + <sect2 id="nat_host_resolver_proxy"> + + <title>Using the Host's Resolver as a DNS Proxy in NAT Mode</title> + + <para> + For resolving network names, the DHCP server of the NAT engine + offers a list of registered DNS servers of the host. If for some + reason you need to hide this DNS server list and use the host's + resolver settings, thereby forcing the &product-name; NAT engine + to intercept DNS requests and forward them to host's resolver, + use the following command: + </para> + +<screen>VBoxManage modifyvm "VM name" --natdnshostresolver1 on</screen> + + <para> + Note that this setting is similar to the DNS proxy mode, however + whereas the proxy mode just forwards DNS requests to the + appropriate servers, the resolver mode will interpret the DNS + requests and use the host's DNS API to query the information and + return it to the guest. + </para> + + <sect3 id="nat_host_resolver_name_intercepting"> + + <title>User-Defined Host Name Resolving</title> + + <para> + In some cases it might be useful to intercept the name + resolving mechanism, providing a user-defined IP address on a + particular DNS request. The intercepting mechanism enables the + user to map not only a single host but domains and even more + complex naming conventions if required. + </para> + + <para> + The following command sets a rule for mapping a name to a + specified IP: + </para> + +<screen>VBoxManage setextradata "VM name" \ + "VBoxInternal/Devices/{pcnet,e1000}/0/LUN#0/AttachedDriver/Config/HostResolverMappings/ \ + <unique rule name of interception rule>/HostIP" <IPv4> +VBoxManage setextradata "VM name" \ + "VBoxInternal/Devices/{pcnet,e1000}/0/LUN#0/AttachedDriver/Config/HostResolverMappings/ \ + <unique rule name>/HostName" <name of host></screen> + + <para> + The following command sets a rule for mapping a pattern name + to a specified IP: + </para> + +<screen>VBoxManage setextradata "VM name" \ + "VBoxInternal/Devices/{pcnet,e1000}/0/LUN#0/AttachedDriver/Config/HostResolverMappings/ \ + <unique rule name>/HostIP" <IPv4> +VBoxManage setextradata "VM name" \ + "VBoxInternal/Devices/{pcnet,e1000}/0/LUN#0/AttachedDriver/Config/HostResolverMappings/ \ + <unique rule name>/HostNamePattern" <hostpattern></screen> + + <para> + The host pattern may include <computeroutput>"|", "?" and + "*"</computeroutput>. + </para> + + <para> + This example demonstrates how to instruct the host-resolver + mechanism to resolve all domain and probably some mirrors of + www.blocked-site.info site with IP 127.0.0.1: + </para> + +<screen>VBoxManage setextradata "VM name" \ + "VBoxInternal/Devices/e1000/0/LUN#0/AttachedDriver/Config/HostResolverMappings/ \ + all_blocked_site/HostIP" 127.0.0.1 +VBoxManage setextradata "VM name" \ + "VBoxInternal/Devices/e1000/0/LUN#0/AttachedDriver/Config/HostResolverMappings/ \ + all_blocked_site/HostNamePattern" "*.blocked-site.*|*.fb.org"</screen> + + <para> + The host resolver mechanism should be enabled to use + user-defined mapping rules, otherwise they do not have any + effect. + </para> + + </sect3> + + </sect2> + + <sect2 id="nat-adv-alias"> + + <title>Configuring Aliasing of the NAT Engine</title> + + <para> + By default, the NAT core uses aliasing and uses random ports + when generating an alias for a connection. This works well for + the most protocols like SSH, FTP and so on. Though some + protocols might need a more transparent behavior or may depend + on the real port number the packet was sent from. It is possible + to change the NAT mode using the <command>VBoxManage</command> + frontend with the following commands: + </para> + +<screen>VBoxManage modifyvm "VM name" --nataliasmode1 proxyonly</screen> + +<screen>VBoxManage modifyvm "Linux Guest" --nataliasmode1 sameports</screen> + + <para> + The first example disables aliasing and switches NAT into + transparent mode, the second example enforces preserving of port + values. These modes can be combined if necessary. + </para> + + </sect2> + + </sect1> + + <sect1 id="changedmi"> + + <title>Configuring the BIOS DMI Information</title> + + <para> + The DMI data that &product-name; provides to guests can be changed + for a specific VM. Use the following commands to configure the DMI + BIOS information. In case your VM is configured to use EFI + firmware you need to replace + <computeroutput>pcbios</computeroutput> by + <computeroutput>efi</computeroutput> in the keys. + </para> + + <itemizedlist> + + <listitem> + <para> + DMI BIOS information (type 0) + </para> + +<screen>VBoxManage setextradata "VM name" + "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSVendor" "BIOS Vendor" +VBoxManage setextradata "VM name" + "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSVersion" "BIOS Version" +VBoxManage setextradata "VM name" + "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSReleaseDate" "BIOS Release Date" +VBoxManage setextradata "VM name" + "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSReleaseMajor" 1 +VBoxManage setextradata "VM name" + "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSReleaseMinor" 2 +VBoxManage setextradata "VM name" + "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSFirmwareMajor" 3 +VBoxManage setextradata "VM name" + "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSFirmwareMinor" 4</screen> + </listitem> + + <listitem> + <para> + DMI system information (type 1) + </para> + +<screen>VBoxManage setextradata "VM name" + "VBoxInternal/Devices/pcbios/0/Config/DmiSystemVendor" "System Vendor" +VBoxManage setextradata "VM name" + "VBoxInternal/Devices/pcbios/0/Config/DmiSystemProduct" "System Product" +VBoxManage setextradata "VM name" + "VBoxInternal/Devices/pcbios/0/Config/DmiSystemVersion" "System Version" +VBoxManage setextradata "VM name" + "VBoxInternal/Devices/pcbios/0/Config/DmiSystemSerial" "System Serial" +VBoxManage setextradata "VM name" + "VBoxInternal/Devices/pcbios/0/Config/DmiSystemSKU" "System SKU" +VBoxManage setextradata "VM name" + "VBoxInternal/Devices/pcbios/0/Config/DmiSystemFamily" "System Family" +VBoxManage setextradata "VM name" + "VBoxInternal/Devices/pcbios/0/Config/DmiSystemUuid" + "9852bf98-b83c-49db-a8de-182c42c7226b"</screen> + </listitem> + + <listitem> + <para> + DMI board information (type 2) + </para> + +<screen>VBoxManage setextradata "VM name" + "VBoxInternal/Devices/pcbios/0/Config/DmiBoardVendor" "Board Vendor" +VBoxManage setextradata "VM name" + "VBoxInternal/Devices/pcbios/0/Config/DmiBoardProduct" "Board Product" +VBoxManage setextradata "VM name" + "VBoxInternal/Devices/pcbios/0/Config/DmiBoardVersion" "Board Version" +VBoxManage setextradata "VM name" + "VBoxInternal/Devices/pcbios/0/Config/DmiBoardSerial" "Board Serial" +VBoxManage setextradata "VM name" + "VBoxInternal/Devices/pcbios/0/Config/DmiBoardAssetTag" "Board Tag" +VBoxManage setextradata "VM name" + "VBoxInternal/Devices/pcbios/0/Config/DmiBoardLocInChass" "Board Location" +VBoxManage setextradata "VM name" + "VBoxInternal/Devices/pcbios/0/Config/DmiBoardBoardType" 10</screen> + </listitem> + + <listitem> + <para> + DMI system enclosure or chassis (type 3) + </para> + +<screen>VBoxManage setextradata "VM name" + "VBoxInternal/Devices/pcbios/0/Config/DmiChassisVendor" "Chassis Vendor" +VBoxManage setextradata "VM name" + "VBoxInternal/Devices/pcbios/0/Config/DmiChassisType" 3 +VBoxManage setextradata "VM name" + "VBoxInternal/Devices/pcbios/0/Config/DmiChassisVersion" "Chassis Version" +VBoxManage setextradata "VM name" + "VBoxInternal/Devices/pcbios/0/Config/DmiChassisSerial" "Chassis Serial" +VBoxManage setextradata "VM name" + "VBoxInternal/Devices/pcbios/0/Config/DmiChassisAssetTag" "Chassis Tag"</screen> + </listitem> + + <listitem> + <para> + DMI processor information (type 4) + </para> + +<screen>VBoxManage setextradata "VM name" + "VBoxInternal/Devices/pcbios/0/Config/DmiProcManufacturer" "GenuineIntel" +VBoxManage setextradata "VM name" + "VBoxInternal/Devices/pcbios/0/Config/DmiProcVersion" "Pentium(R) III"</screen> + </listitem> + + <listitem> + <para> + DMI OEM strings (type 11) + </para> + +<screen>VBoxManage setextradata "VM name" + "VBoxInternal/Devices/pcbios/0/Config/DmiOEMVBoxVer" "vboxVer_1.2.3" +VBoxManage setextradata "VM name" + "VBoxInternal/Devices/pcbios/0/Config/DmiOEMVBoxRev" "vboxRev_12345"</screen> + </listitem> + + </itemizedlist> + + <para> + If a DMI string is not set, the default value of &product-name; is + used. To set an empty string use + <computeroutput>"<EMPTY>"</computeroutput>. + </para> + + <para> + Note that in the above list, all quoted parameters (DmiBIOSVendor, + DmiBIOSVersion but not DmiBIOSReleaseMajor) are expected to be + strings. If such a string is a valid number, the parameter is + treated as number and the VM will most probably refuse to start + with an <computeroutput>VERR_CFGM_NOT_STRING</computeroutput> + error. In that case, use + <computeroutput>"string:<value>"</computeroutput>. For + example: + </para> + +<screen>VBoxManage setextradata "VM name" + "VBoxInternal/Devices/pcbios/0/Config/DmiSystemSerial" "string:1234"</screen> + + <para> + Changing this information can be necessary to provide the DMI + information of the host to the guest to prevent Windows from + asking for a new product key. On Linux hosts, the DMI BIOS + information can be obtained with the following command: + </para> + +<screen>dmidecode -t0</screen> + + <para> + The DMI system information can be obtained as follows: + </para> + +<screen>dmidecode -t1</screen> + + </sect1> + + <sect1 id="changeacpicust"> + + <title>Configuring Custom ACPI Tables</title> + + <para> + &product-name; can be configured to present up to four custom ACPI + tables to the guest. A command such as the following can be used + to configure custom ACPI tables. Note that CustomTable1, + CustomTable2, and CustomTable3 are available in addition to + CustomTable0. + </para> + +<screen>VBoxManage setextradata "VM name" +"VBoxInternal/Devices/acpi/0/Config/CustomTable0" "/path/to/table.bin"</screen> + + <para> + Configuring custom ACPI tables can for example avoid the need for + asking for a new product key on Windows Vista, Windows 7, Windows + 8 and later guests. On Linux hosts, one of the system's ACPI + tables can be read from + <computeroutput>/sys/firmware/acpi/tables/</computeroutput>. + </para> + + </sect1> + + <sect1 id="fine-tune-timers"> + + <title>Fine Tuning Timers and Time Synchronization</title> + + <sect2 id="changetscmode"> + + <title>Configuring the Guest Time Stamp Counter (TSC) to Reflect Guest + Execution</title> + + <para> + By default, &product-name; keeps all sources of time visible to + the guest synchronized to a single time source, the monotonic + host time. This reflects the assumptions of many guest operating + systems, which expect all time sources to reflect "wall clock" + time. In special circumstances it may be useful however to make + the time stamp counter (TSC) in the guest reflect the time + actually spent executing the guest. + </para> + + <para> + This special TSC handling mode can be enabled on a per-VM basis, + and for best results must be used only in combination with + hardware virtualization. To enable this mode use the following + command: + </para> + +<screen>VBoxManage setextradata "VM name" "VBoxInternal/TM/TSCTiedToExecution" 1</screen> + + <para> + To revert to the default TSC handling mode use: + </para> + +<screen>VBoxManage setextradata "VM name" "VBoxInternal/TM/TSCTiedToExecution"</screen> + + <para> + Note that if you use the special TSC handling mode with a guest + operating system which is very strict about the consistency of + time sources you may get a warning or error message about the + timing inconsistency. It may also cause clocks to become + unreliable with some guest operating systems depending on how + they use the TSC. + </para> + + </sect2> + + <sect2 id="warpguest"> + + <title>Accelerate or Slow Down the Guest Clock</title> + + <para> + For certain purposes it can be useful to accelerate or to slow + down the virtual guest clock. This can be achieved as follows: + </para> + +<screen>VBoxManage setextradata "VM name" "VBoxInternal/TM/WarpDrivePercentage" 200</screen> + + <para> + The above example will double the speed of the guest clock while + </para> + +<screen>VBoxManage setextradata "VM name" "VBoxInternal/TM/WarpDrivePercentage" 50</screen> + + <para> + will halve the speed of the guest clock. Note that changing the + rate of the virtual clock can confuse the guest and can even + lead to abnormal guest behavior. For instance, a higher clock + rate means shorter timeouts for virtual devices with the result + that a slightly increased response time of a virtual device due + to an increased host load can cause guest failures. Note further + that any time synchronization mechanism will frequently try to + resynchronize the guest clock with the reference clock, which is + the host clock if the &product-name; Guest Additions are active. + Therefore any time synchronization should be disabled if the + rate of the guest clock is changed as described above. See + <xref linkend="changetimesync" />. + </para> + + </sect2> + + <sect2 id="changetimesync"> + + <title>Tuning the Guest Additions Time Synchronization Parameters</title> + + <para> + The &product-name; Guest Additions ensure that the guest's + system time is synchronized with the host time. There are + several parameters which can be tuned. The parameters can be set + for a specific VM using the following command: + </para> + +<screen>VBoxManage guestproperty set "VM name" "/VirtualBox/GuestAdd/VBoxService/PARAMETER" VALUE</screen> + + <para> + where <computeroutput>PARAMETER</computeroutput> is one of the + following: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput>--timesync-interval</computeroutput> + </term> + + <listitem> + <para> + Specifies the interval at which to synchronize the time + with the host. The default is 10000 ms (10 seconds). + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--timesync-min-adjust</computeroutput> + </term> + + <listitem> + <para> + The minimum absolute drift value measured in milliseconds + to make adjustments for. The default is 1000 ms on OS/2 + and 100 ms elsewhere. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--timesync-latency-factor</computeroutput> + </term> + + <listitem> + <para> + The factor to multiply the time query latency with to + calculate the dynamic minimum adjust time. The default is + 8 times, which means as follows: + </para> + + <para> + Measure the time it takes to determine the host time, the + guest has to contact the VM host service which may take + some time. Multiply this value by 8 and do an adjustment + only if the time difference between host and guest is + bigger than this value. Do not do any time adjustment + otherwise. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--timesync-max-latency</computeroutput> + </term> + + <listitem> + <para> + The max host timer query latency to accept. The default is + 250 ms. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--timesync-set-threshold</computeroutput> + </term> + + <listitem> + <para> + The absolute drift threshold, given as milliseconds where + to start setting the time instead of trying to smoothly + adjust it. The default is 20 minutes. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--timesync-set-start</computeroutput> + </term> + + <listitem> + <para> + Set the time when starting the time sync service. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--timesync-set-on-restore + 0|1</computeroutput> + </term> + + <listitem> + <para> + Set the time after the VM was restored from a saved state + when passing 1 as parameter. This is the default. Disable + by passing 0. In the latter case, the time will be + adjusted smoothly, which can take a long time. + </para> + </listitem> + </varlistentry> + + </variablelist> + + <para> + All these parameters can be specified as command line parameters + to VBoxService as well. + </para> + + </sect2> + + <sect2 id="disabletimesync"> + + <title>Disabling the Guest Additions Time Synchronization</title> + + <para> + Once installed and started, the &product-name; Guest Additions + will try to synchronize the guest time with the host time. This + can be prevented by forbidding the guest service from reading + the host clock: + </para> + +<screen>VBoxManage setextradata "VM name" "VBoxInternal/Devices/VMMDev/0/Config/GetHostTimeDisabled" 1</screen> + + </sect2> + + </sect1> + + <sect1 id="vboxbowsolaris11"> + + <title>Installing the Alternate Bridged Networking Driver on Oracle Solaris 11 + hosts</title> + + <para> + &product-name; includes a network filter driver that utilizes + Oracle Solaris 11's Crossbow functionality. By default, this new + driver is installed for Oracle Solaris 11 hosts, builds 159 and + above, that have support for it. + </para> + + <para> + To force installation of the older STREAMS based network filter + driver, execute as root the following command before installing + the &product-name; package: + </para> + +<screen>touch /etc/vboxinst_vboxflt</screen> + + <para> + To force installation of the Crossbow based network filter driver, + execute as root the following command before installing the + &product-name; package: + </para> + +<screen>touch /etc/vboxinst_vboxbow</screen> + + <para> + To check which driver is currently being used by &product-name;, + execute: + </para> + +<screen>modinfo | grep vbox</screen> + + <para> + If the output contains "vboxbow", it indicates &product-name; is + using the Crossbow network filter driver, while the name "vboxflt" + indicates usage of the older STREAMS network filter. + </para> + + </sect1> + + <sect1 id="vboxbowvnictemplates"> + + <title>&product-name; VNIC Templates for VLANs on Oracle Solaris 11 Hosts</title> + + <para> + &product-name; supports Virtual Network Interface (VNIC) templates + for configuring VMs over VLANs. An &product-name; VNIC template is + a VNIC whose name starts with + <computeroutput>vboxvnic_template</computeroutput>. The string is + case-sensitive. + </para> + + <para> + On Oracle Solaris 11 hosts, when Crossbow-based bridged networking + is used, a VNIC template may be used to specify the VLAN ID to use + while bridging over a network link. + </para> + + <para> + The following is an example of how to use a VNIC template to + configure a VM over a VLAN. Create an &product-name; VNIC + template, by executing as root: + </para> + +<screen>dladm create-vnic -t -l nge0 -v 23 vboxvnic_template0</screen> + + <para> + This will create a temporary VNIC template over interface "nge0" + with the VLAN ID 23. To create VNIC templates that are persistent + across host reboots, skip the <computeroutput>-t</computeroutput> + parameter in the above command. You may check the current state of + links using the following command: + </para> + +<screen>$ dladm show-link +LINK CLASS MTU STATE BRIDGE OVER +nge0 phys 1500 up -- -- +nge1 phys 1500 down -- -- +vboxvnic_template0 vnic 1500 up -- nge0 + +$ dladm show-vnic +LINK OVER SPEED MACADDRESS MACADDRTYPE VID +vboxvnic_template0 nge0 1000 2:8:20:25:12:75 random 23</screen> + + <para> + Once the VNIC template is created, any VMs that need to be on VLAN + 23 over the interface <computeroutput>nge0</computeroutput> can be + configured to bridge using this VNIC template. + </para> + + <para> + VNIC templates makes managing VMs on VLANs simpler and efficient. + The VLAN details are not stored as part of every VM's + configuration but rather inherited from the VNIC template while + starting the VM. The VNIC template itself can be modified anytime + using the <command>dladm</command> command. + </para> + + <para> + VNIC templates can be created with additional properties such as + bandwidth limits, CPU fanout etc. Refer to your Oracle Solaris + network documentation on how to accomplish this. These additional + properties, if any, are also applied to VMs which bridge using the + VNIC template. + </para> + + </sect1> + + <sect1 id="addhostonlysolaris"> + + <title>Configuring Multiple Host-Only Network Interfaces on Oracle Solaris + Hosts</title> + + <para> + By default &product-name; provides you with one host-only network + interface. Adding more host-only network interfaces on Oracle + Solaris hosts requires manual configuration. Here is how to add + another host-only network interface. + </para> + + <para> + Begin by stopping all running VMs. Then, unplumb the existing + "vboxnet0" interface by execute the following command as root: + </para> + +<screen>ifconfig vboxnet0 unplumb</screen> + + <para> + If you have several vboxnet interfaces, you will need to unplumb + all of them. Once all vboxnet interfaces are unplumbed, remove the + driver by executing the following command as root: + </para> + +<screen>rem_drv vboxnet</screen> + + <para> + Edit the file + <computeroutput>/platform/i86pc/kernel/drv/vboxnet.conf</computeroutput> + and add a line for the new interface we want to add as shown + below: + </para> + +<screen>name="vboxnet" parent="pseudo" instance=1; +name="vboxnet" parent="pseudo" instance=2;</screen> + + <para> + Add as many of these lines as required with each line having a + unique instance number. + </para> + + <para> + Next, reload the vboxnet driver by executing the following command + as root: + </para> + +<screen>add_drv vboxnet</screen> + + <para> + On Oracle Solaris 11.1 and newer hosts you may want to rename the + default vanity interface name. To check what name has been + assigned, execute: + </para> + +<screen>dladm show-phys +LINK MEDIA STATE SPEED DUPLEX DEVICE +net0 Ethernet up 100 full e1000g0 +net2 Ethernet up 1000 full vboxnet1 +net1 Ethernet up 1000 full vboxnet0</screen> + + <para> + In the above example, we can rename "net2" to "vboxnet1" before + proceeding to plumb the interface. This can be done by executing + as root: + </para> + +<screen>dladm rename-link net2 vboxnet1</screen> + + <para> + Now plumb all the interfaces using <computeroutput>ifconfig + vboxnetX plumb</computeroutput>, where 'X' would be 1 in this + case. Once the interface is plumbed, it may be configured like any + other network interface. Refer to the + <computeroutput>ifconfig</computeroutput> documentation for + further details. + </para> + + <para> + To make the settings for the newly added interfaces persistent + across reboots, you will need to edit the files + <computeroutput>/etc/inet/netmasks</computeroutput>, and if you + are using NWAM <computeroutput>/etc/nwam/llp</computeroutput> and + add the appropriate entries to set the netmask and static IP for + each of those interfaces. The &product-name; installer only + updates these configuration files for the one "vboxnet0" interface + it creates by default. + </para> + + </sect1> + + <sect1 id="solariscodedumper"> + + <title>Configuring the &product-name; CoreDumper on Oracle Solaris Hosts</title> + + <para> + &product-name; is capable of producing its own core files for + extensive debugging when things go wrong. Currently this is only + available on Oracle Solaris hosts. + </para> + + <para> + The &product-name; CoreDumper can be enabled using the following + command: + </para> + +<screen>VBoxManage setextradata "VM name" VBoxInternal2/CoreDumpEnabled 1</screen> + + <para> + You can specify which directory to use for core dumps with this + command, as follows: + </para> + +<screen>VBoxManage setextradata "VM name" VBoxInternal2/CoreDumpDir <path-to-directory></screen> + + <para> + Make sure the directory you specify is on a volume with sufficient + free space and that the &product-name; process has sufficient + permissions to write files to this directory. If you skip this + command and do not specify any core dump directory, the current + directory of the &product-name; executable will be used. This + would most likely fail when writing cores as they are protected + with root permissions. It is recommended you explicitly set a core + dump directory. + </para> + + <para> + You must specify when the &product-name; CoreDumper should be + triggered. This is done using the following commands: + </para> + +<screen>VBoxManage setextradata "VM name" VBoxInternal2/CoreDumpReplaceSystemDump 1 +VBoxManage setextradata "VM name" VBoxInternal2/CoreDumpLive 1</screen> + + <para> + At least one of the above two commands will have to be provided if + you have enabled the &product-name; CoreDumper. + </para> + + <para> + Setting <computeroutput>CoreDumpReplaceSystemDump</computeroutput> + sets up the VM to override the host's core dumping mechanism and + in the event of any crash only the &product-name; CoreDumper would + produce the core file. + </para> + + <para> + Setting <computeroutput>CoreDumpLive</computeroutput> sets up the + VM to produce cores whenever the VM process receives a + <computeroutput>SIGUSR2</computeroutput> signal. After producing + the core file, the VM will not be terminated and will continue to + run. You can thus take cores of the VM process using the following + command: + </para> + +<screen>kill -s SIGUSR2 <VM-process-id></screen> + + <para> + Core files produced by the &product-name; CoreDumper are of the + form + <computeroutput>core.vb.<ProcessName>.<ProcessID></computeroutput>, + for example + <computeroutput>core.vb.VBoxHeadless.11321</computeroutput>. + </para> + + </sect1> + + <sect1 id="vboxandsolzvmm"> + + <title>&product-name; and Oracle Solaris Kernel Zones</title> + + <para> + Oracle Solaris kernel zones on x86-based systems make use of + hardware-assisted virtualization features like &product-name; + does. However, for kernel zones and &product-name; to share this + hardware resource, they need to cooperate. + </para> + + <para> + By default, due to performance reasons, &product-name; acquires + the hardware-assisted virtualization resource (VT-x/AMD-V) + globally on the host machine and uses it until the last + &product-name; VM that requires it is powered off. This prevents + other software from using VT-x/AMD-V during the time + &product-name; has taken control of it. + </para> + + <para> + &product-name; can be instructed to relinquish use of + hardware-assisted virtualization features when not executing guest + code, thereby allowing kernel zones to make use of them. To do + this, shutdown all &product-name; VMs and execute the following + command: + </para> + +<screen>VBoxManage setproperty hwvirtexclusive off</screen> + + <para> + This command needs to be executed only once as the setting is + stored as part of the global &product-name; settings which will + continue to persist across host-reboots and &product-name; + upgrades. + </para> + + </sect1> + + <sect1 id="guitweaks"> + + <title>Locking Down the &product-name; GUI</title> + + <sect2 id="customize-vm-manager"> + + <title>Customizing the VirtualBox Manager</title> + + <para> + There are several advanced customization settings for locking + down the VirtualBox Manager. Locking down means removing some + features that the user should not see. + </para> + +<screen>VBoxManage setextradata global GUI/Customizations OPTION[,OPTION...]</screen> + + <para> + where <computeroutput>OPTION</computeroutput> is one of the + following keywords: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput>noSelector</computeroutput> + </term> + + <listitem> + <para> + Do not allow users to start the VirtualBox Manager. Trying + to do so will show a window containing a proper error + message. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>noMenuBar</computeroutput> + </term> + + <listitem> + <para> + VM windows will not contain a menu bar. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>noStatusBar</computeroutput> + </term> + + <listitem> + <para> + VM windows will not contain a status bar. + </para> + </listitem> + </varlistentry> + + </variablelist> + + <para> + To disable any of these VirtualBox Manager customizations use + the following command: + </para> + +<screen>VBoxManage setextradata global GUI/Customizations</screen> + + </sect2> + + <sect2 id="customize-vm-selector"> + + <title>VM Selector Customization</title> + + <para> + The following per-machine VM extradata settings can be used to + change the behavior of the VM selector window in respect of + certain VMs: + </para> + +<screen>VBoxManage setextradata "VM name" SETTING true</screen> + + <para> + where <computeroutput>SETTING</computeroutput> can be: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput>GUI/HideDetails</computeroutput> + </term> + + <listitem> + <para> + Do not show the VM configuration of a certain VM. The + details window will remain just empty if this VM is + selected. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>GUI/PreventReconfiguration</computeroutput> + </term> + + <listitem> + <para> + Do not allow the user to open the + <emphasis role="bold">Settings</emphasis> dialog for a + certain VM. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>GUI/PreventSnapshotOperations</computeroutput> + </term> + + <listitem> + <para> + Prevent snapshot operations for a VM from the GUI, either + at runtime or when the VM is powered off. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>GUI/HideFromManager</computeroutput> + </term> + + <listitem> + <para> + Hide a certain VM in the VM selector window. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>GUI/PreventApplicationUpdate</computeroutput> + </term> + + <listitem> + <para> + Disable the automatic update check and hide the + corresponding menu item. + </para> + </listitem> + </varlistentry> + + </variablelist> + + <para> + Please note that these settings would not prevent the user from + reconfiguring the VM by using <command>VBoxManage + modifyvm</command>. + </para> + + </sect2> + + <sect2 id="config-vm-selector-menu"> + + <title>Configure VM Selector Menu Entries</title> + + <para> + You can disable, or blacklist, certain entries in the global + settings page of the VM selector: + </para> + +<screen>VBoxManage setextradata global GUI/RestrictedGlobalSettingsPages OPTION[,OPTION...]</screen> + + <para> + where <computeroutput>OPTION</computeroutput> is one of the + following keywords: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput>General</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">General</emphasis> + settings pane. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Input</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Input</emphasis> + settings pane. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Update</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Update</emphasis> + settings pane. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Language</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Language</emphasis> + settings pane. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Display</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Display</emphasis> + settings pane. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Network</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Network</emphasis> + settings pane. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Extensions</computeroutput> + </term> + + <listitem> + <para> + Do not show the + <emphasis role="bold">Extensions</emphasis> settings pane. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Proxy</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Proxy</emphasis> + settings pane. + </para> + </listitem> + </varlistentry> + + </variablelist> + + <para> + This is a global setting. Any combination of the above is + allowed. To restore the default behavior, use + </para> + +<screen>VBoxManage setextradata global GUI/RestrictedGlobalSettingsPages</screen> + + </sect2> + + <sect2 id="config-vm-window-menu"> + + <title>Configure VM Window Menu Entries</title> + + <para> + You can disable, or blacklist, certain menu actions in the VM + window: + </para> + +<screen>VBoxManage setextradata "VM name" GUI/RestrictedRuntimeMenus OPTION[,OPTION...]</screen> + + <para> + where <computeroutput>OPTION</computeroutput> is one of the + following keywords: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput>All</computeroutput> + </term> + + <listitem> + <para> + Do not show any menu in the VM window. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Machine</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Machine</emphasis> + menu in the VM window. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>View</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">View</emphasis> menu + in the VM window. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Devices</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Devices</emphasis> + menu in the VM window. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Help</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Help</emphasis> menu + in the VM window. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Debug</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Debug</emphasis> + menu in the VM window. The Debug menu is only visible if + the GUI was started with special command line parameters + or environment variable settings. + </para> + </listitem> + </varlistentry> + + </variablelist> + + <para> + This is a per-VM setting. Any combination of the above is + allowed. To restore the default behavior, use + </para> + +<screen>VBoxManage setextradata "VM name" GUI/RestrictedRuntimeMenus</screen> + + <para> + You can also disable, or blacklist, certain menu actions of + certain menus. Use the following command to disable certain + actions of the <emphasis role="bold">Application</emphasis> + menu. This is only available on Mac OS X hosts. + </para> + +<screen>VBoxManage setextradata "VM name" GUI/RestrictedRuntimeApplicationMenuActions OPTION[,OPTION...]</screen> + + <para> + where <computeroutput>OPTION</computeroutput> is one of the + following keywords: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput>All</computeroutput> + </term> + + <listitem> + <para> + Do not show any menu item in this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>About</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">About</emphasis> + menu item in this menu. + </para> + </listitem> + </varlistentry> + + </variablelist> + + <para> + This is a per-VM setting. Any combination of the above is + allowed. To restore the default behavior, use + </para> + +<screen>VBoxManage setextradata "VM name" GUI/RestrictedRuntimeMenus</screen> + + <para> + Use the following command to disable certain actions of the + <emphasis role="bold">Machine</emphasis> menu: + </para> + +<screen>VBoxManage setextradata "VM name" GUI/RestrictedRuntimeApplicationMenuActions OPTION[,OPTION...]</screen> + + <para> + where <computeroutput>OPTION</computeroutput> is one of the + following keywords: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput>All</computeroutput> + </term> + + <listitem> + <para> + Do not show any menu item in this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>SettingsDialog</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Settings</emphasis> + menu item in this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>TakeSnapshot</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Take + Snapshot</emphasis> menu item in this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>TakeScreenshot</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Take + Screenshot</emphasis> menu item in this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>InformationDialog</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Session + Information</emphasis> menu item in this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>MouseIntegration</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Disable Mouse + Integration</emphasis> menu item in this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>TypeCAD</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Insert + Ctrl+Alt+Del</emphasis> menu item in this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>TypeCABS</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Insert + Ctrl+Alt+Backspace</emphasis> menu item in this menu. + Available on X11 hosts only. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Pause</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Pause</emphasis> + menu item in this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Reset</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Reset</emphasis> + menu item in this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>SaveState</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Save the machine + state</emphasis> menu item in this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Shutdown</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">ACPI + Shutdown</emphasis> menu item in this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>PowerOff</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Power Off the + machine</emphasis> menu item in this menu. + </para> + </listitem> + </varlistentry> + + </variablelist> + + <para> + This is a per-VM setting. Any combination of the above is + allowed. To restore the default behavior, use + </para> + +<screen>VBoxManage setextradata "VM name" GUI/RestrictedRuntimeApplicationMenuActions</screen> + + <para> + Use the following command to disable certain actions of the + <emphasis role="bold">View</emphasis> menu: + </para> + +<screen>VBoxManage setextradata "VM name" GUI/RestrictedRuntimeViewMenuActions OPTION[,OPTION...]</screen> + + <para> + where <computeroutput>OPTION</computeroutput> is one of the + following keywords: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput>All</computeroutput> + </term> + + <listitem> + <para> + Do not show any menu item in this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Fullscreen</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Switch to + Fullscreen</emphasis> menu item in this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Seamless</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Switch to Seamless + Mode</emphasis> menu item in this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Scale</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Switch to Scaled + Mode</emphasis> menu item in this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>GuestAutoresize</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Auto-resize Guest + Display</emphasis> menu item in this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>AdjustWindow</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Adjust Window + Size</emphasis> menu item in this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Multiscreen</computeroutput> + </term> + + <listitem> + <para> + Do not show the + <emphasis role="bold">Multiscreen</emphasis> menu item in + this menu. Only visible in full screen/seamless mode. + </para> + </listitem> + </varlistentry> + + </variablelist> + + <para> + This is a per-VM setting. Any combination of the above is + allowed. To restore the default behavior, use + </para> + +<screen>VBoxManage setextradata "VM name" GUI/RestrictedRuntimeViewMenuActions</screen> + + <para> + Use the following command to disable certain actions of the + <emphasis role="bold">View</emphasis> menu: + </para> + +<screen>VBoxManage setextradata "VM name" GUI/RestrictedRuntimeDevicesMenuActions OPTION[,OPTION...]</screen> + + <para> + where <computeroutput>OPTION</computeroutput> is one of the + following keywords to disable actions in the + <emphasis role="bold">Devices</emphasis> menu: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput>All</computeroutput> + </term> + + <listitem> + <para> + Do not show any menu item in this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>OpticalDevices</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">CD/DVD + Devices</emphasis> menu item in this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>FloppyDevices</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Floppy + Devices</emphasis> menu item in this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>USBDevices</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">USB + Devices</emphasis> menu item in this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>SharedClipboard</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Shared + Clipboard</emphasis> menu item in this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>DragAndDrop</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Drag and + Drop</emphasis> menu item in this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>NetworkSettings</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Network + Settings...</emphasis> menu item in this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>SharedFoldersSettings</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Shared Folders + Settings...</emphasis> menu item in this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>VRDEServer</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Remove + Display</emphasis> menu item in this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>InstallGuestTools</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Insert Guest + Additions CD image...</emphasis> menu item in this menu. + </para> + </listitem> + </varlistentry> + + </variablelist> + + <para> + This is a per-VM setting. Any combination of the above is + allowed. To restore the default behavior, use + </para> + +<screen>VBoxManage setextradata "VM name" GUI/RestrictedRuntimeDevicesMenuActions</screen> + + <para> + Use the following command to disable certain actions of the + <emphasis role="bold">View</emphasis> menu: + </para> + +<screen>VBoxManage setextradata "VM name" GUI/RestrictedRuntimeDebuggerMenuActions OPTION[,OPTION...]</screen> + + <para> + where <computeroutput>OPTION</computeroutput> is one of the + following keywords to disable actions in the + <emphasis>Debug</emphasis> menu, which is normally completely + disabled: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput>All</computeroutput> + </term> + + <listitem> + <para> + Do not show any menu item in this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Statistics</computeroutput> + </term> + + <listitem> + <para> + Do not show the + <emphasis role="bold">Statistics...</emphasis> menu item + in this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>CommandLine</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Command + Line...</emphasis> menu item in this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Logging</computeroutput> + </term> + + <listitem> + <para> + Do not show the + <emphasis role="bold">Logging...</emphasis> menu item in + this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>LogDialog</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Show + Log...</emphasis> menu item in this menu. + </para> + </listitem> + </varlistentry> + + </variablelist> + + <para> + This is a per-VM setting. Any combination of the above is + allowed. To restore the default behavior, use + </para> + +<screen>VBoxManage setextradata "VM name" GUI/RestrictedRuntimeDebuggerMenuActions</screen> + + <para> + Use the following command to disable certain actions of the + <emphasis role="bold">View</emphasis> menu: + </para> + +<screen>VBoxManage setextradata "VM name" GUI/RestrictedRuntimeHelpMenuActions OPTION[,OPTION...]</screen> + + <para> + where <computeroutput>OPTION</computeroutput> is one of the + following keywords to disable actions in the + <emphasis role="bold">Help</emphasis> menu, which is normally + completely disabled: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput>All</computeroutput> + </term> + + <listitem> + <para> + Do not show any menu item in this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Contents</computeroutput> + </term> + + <listitem> + <para> + Do not show the + <emphasis role="bold">Contents...</emphasis> menu item in + this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>WebSite</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">VirtualBox Web + Site...</emphasis> menu item in this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>ResetWarnings</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Reset All + Warnings</emphasis> menu item in this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>NetworkAccessManager</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">Network Operations + Manager</emphasis> menu item in this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>About</computeroutput> + </term> + + <listitem> + <para> + Do not show the <emphasis role="bold">About</emphasis> + menu item in this menu. Only for non-Mac OS X hosts. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Contents</computeroutput> + </term> + + <listitem> + <para> + Do not show the + <emphasis role="bold">Contents...</emphasis> menu item in + this menu. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Contents</computeroutput> + </term> + + <listitem> + <para> + Do not show the + <emphasis role="bold">Contents...</emphasis> menu item in + this menu. + </para> + </listitem> + </varlistentry> + + </variablelist> + + <para> + This is a per-VM setting. Any combination of the above is + allowed. To restore the default behavior, use + </para> + +<screen>VBoxManage setextradata "VM name" GUI/RestrictedRuntimeHelpMenuActions</screen> + + </sect2> + + <sect2 id="config-vm-window-status-bar"> + + <title>Configure VM Window Status Bar Entries</title> + + <para> + You can disable, or blacklist, certain status bar items: + </para> + +<screen>VBoxManage setextradata "VM name" GUI/RestrictedStatusBarIndicators OPTION[,OPTION...]</screen> + + <para> + where <computeroutput>OPTION</computeroutput> is one of the + following keywords: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput>HardDisks</computeroutput> + </term> + + <listitem> + <para> + Do not show the hard disk icon in the VM window status + bar. By default the hard disk icon is only shown if the VM + configuration contains one or more hard disks. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>OpticalDisks</computeroutput> + </term> + + <listitem> + <para> + Do not show the CD icon in the VM window status bar. By + default the CD icon is only shown if the VM configuration + contains one or more CD drives. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>FloppyDisks</computeroutput> + </term> + + <listitem> + <para> + Do not show the floppy icon in the VM window status bar. + By default the floppy icon is only shown if the VM + configuration contains one or more floppy drives. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Network</computeroutput> + </term> + + <listitem> + <para> + Do not show the network icon in the VM window status bar. + By default the network icon is only shown if the VM + configuration contains one or more active network + adapters. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>USB</computeroutput> + </term> + + <listitem> + <para> + Do not show the USB icon in the status bar. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>SharedFolders</computeroutput> + </term> + + <listitem> + <para> + Do not show the shared folders icon in the status bar. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Capture</computeroutput> + </term> + + <listitem> + <para> + Do not show the capture icon in the status bar. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Features</computeroutput> + </term> + + <listitem> + <para> + Do not show the CPU features icon in the status bar. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Mouse</computeroutput> + </term> + + <listitem> + <para> + Do not show the mouse icon in the status bar. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Keyboard</computeroutput> + </term> + + <listitem> + <para> + Do not show the keyboard icon in the status bar. + </para> + </listitem> + </varlistentry> + + </variablelist> + + <para> + This is a per-VM setting. Any combination of the above is + allowed. If all options are specified, no icons are displayed in + the status bar of the VM window. To restore the default + behavior, use + </para> + +<screen>VBoxManage setextradata "VM name" GUI/RestrictedStatusBarIndicators</screen> + + </sect2> + + <sect2 id="config-vm-window-visual-modes"> + + <title>Configure VM Window Visual Modes</title> + + <para> + You can disable, or blacklist, certain VM visual modes: + </para> + +<screen>VBoxManage setextradata "VM name" GUI/RestrictedVisualStates OPTION[,OPTION...]</screen> + + <para> + where <computeroutput>OPTION</computeroutput> is one of the + following keywords: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput>Fullscreen</computeroutput> + </term> + + <listitem> + <para> + Do not allow to switch the VM into full screen mode. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Seamless</computeroutput> + </term> + + <listitem> + <para> + Do not allow to switch the VM into seamless mode. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Scale</computeroutput> + </term> + + <listitem> + <para> + Do not allow to switch the VM into scale mode. + </para> + </listitem> + </varlistentry> + + </variablelist> + + <para> + This is a per-VM setting. Any combination of the above is + allowed. To restore the default behavior, use + </para> + +<screen>VBoxManage setextradata "VM name" GUI/RestrictedVisualStates</screen> + + </sect2> + + <sect2 id="host-key-customize"> + + <title>Host Key Customization</title> + + <para> + To disable all Host key combinations, open the preferences and + change the Host key to None. This might be useful when using + &product-name; in a kiosk mode. + </para> + + <para> + To redefine or disable certain Host key actions, use the + following command: + </para> + +<screen>VBoxManage setextradata global GUI/Input/MachineShortcuts "FullscreenMode=F,...."</screen> + + <para> + The following table shows the possible Host key actions, + together with their default Host key shortcut. Setting an action + to None will disable that Host key action. + </para> + + <table id="table-host-key-customize" tabstyle="oracle-all"> + <title>Host Key Customization</title> + <tgroup cols="3"> + <thead> + <row> + <entry><para> + <emphasis role="bold">Action</emphasis> + </para></entry> + <entry><para> + <emphasis role="bold">Default Key</emphasis> + </para></entry> + <entry><para> + <emphasis role="bold">Action</emphasis> + </para></entry> + </row> + </thead> + <tbody> + <row> + <entry><para> + <computeroutput>TakeSnapshot</computeroutput> + </para></entry> + <entry><para> + T + </para></entry> + <entry><para> + Take a snapshot + </para></entry> + </row> + <row> + <entry><para> + <computeroutput>TakeScreenshot</computeroutput> + </para></entry> + <entry><para> + E + </para></entry> + <entry><para> + Take a screenshot + </para></entry> + </row> + <row> + <entry><para> + <computeroutput>MouseIntegration</computeroutput> + </para></entry> + <entry><para> + I + </para></entry> + <entry><para> + Toggle mouse integration + </para></entry> + </row> + <row> + <entry><para> + <computeroutput>TypeCAD</computeroutput> + </para></entry> + <entry><para> + Del + </para></entry> + <entry><para> + Inject Ctrl+Alt+Del + </para></entry> + </row> + <row> + <entry><para> + <computeroutput>TypeCABS</computeroutput> + </para></entry> + <entry><para> + Backspace + </para></entry> + <entry><para> + Inject Ctrl+Alt+Backspace + </para></entry> + </row> + <row> + <entry><para> + <computeroutput>Pause</computeroutput> + </para></entry> + <entry><para> + P + </para></entry> + <entry><para> + Pause the VM + </para></entry> + </row> + <row> + <entry><para> + <computeroutput>Reset</computeroutput> + </para></entry> + <entry><para> + R + </para></entry> + <entry>Hard reset the guest</entry> + </row> + <row> + <entry><para> + <computeroutput>SaveState</computeroutput> + </para></entry> + <entry><para></para></entry> + <entry><para> + Save the VM state and terminate the VM + </para></entry> + </row> + <row> + <entry><para> + <computeroutput>Shutdown</computeroutput> + </para></entry> + <entry><para> + H + </para></entry> + <entry><para> + Press the virtual ACPI power button + </para></entry> + </row> + <row> + <entry><para> + <computeroutput>PowerOff</computeroutput> + </para></entry> + <entry><para></para></entry> + <entry><para> + Power off the VM without saving the state + </para></entry> + </row> + <row> + <entry><para> + <computeroutput>Close</computeroutput> + </para></entry> + <entry><para> + Q + </para></entry> + <entry><para> + Show the Close VM dialog + </para></entry> + </row> + <row> + <entry><para> + <computeroutput>FullscreenMode</computeroutput> + </para></entry> + <entry><para> + F + </para></entry> + <entry><para> + Switch the VM into full screen mode + </para></entry> + </row> + <row> + <entry><para> + <computeroutput>SeamlessMode</computeroutput> + </para></entry> + <entry><para> + L + </para></entry> + <entry><para> + Switch the VM into seamless mode + </para></entry> + </row> + <row> + <entry><para> + <computeroutput>ScaleMode</computeroutput> + </para></entry> + <entry><para> + C + </para></entry> + <entry><para> + Switch the VM into scaled mode + </para></entry> + </row> + <row> + <entry><para> + <computeroutput>GuestAutoResize</computeroutput> + </para></entry> + <entry><para> + G + </para></entry> + <entry><para> + Automatically resize the guest window + </para></entry> + </row> + <row> + <entry><para> + <computeroutput>WindowAdjust</computeroutput> + </para></entry> + <entry><para> + A + </para></entry> + <entry><para> + Immediately resize the guest window + </para></entry> + </row> + <row> + <entry><para> + <computeroutput>PopupMenu</computeroutput> + </para></entry> + <entry><para> + Home + </para></entry> + <entry><para> + Show the popup menu in full screen mode and seamless + mode + </para></entry> + </row> + <row> + <entry><para> + <computeroutput>SettingsDialog</computeroutput> + </para></entry> + <entry><para> + S + </para></entry> + <entry><para> + Open the VM Settings dialog + </para></entry> + </row> + <row> + <entry><para> + <computeroutput>InformationDialog</computeroutput> + </para></entry> + <entry><para> + N + </para></entry> + <entry><para> + Show the VM Session Information window + </para></entry> + </row> + <row> + <entry><para> + <computeroutput>NetworkAdaptersDialog</computeroutput> + </para></entry> + <entry><para></para></entry> + <entry><para> + Show the VM Network Adapters dialog + </para></entry> + </row> + <row> + <entry><para> + <computeroutput>SharedFoldersDialog</computeroutput> + </para></entry> + <entry><para></para></entry> + <entry><para> + Show the VM Shared Folders dialog + </para></entry> + </row> + <row> + <entry><para> + <computeroutput>InstallGuestAdditions</computeroutput> + </para></entry> + <entry><para> + D + </para></entry> + <entry><para> + Mount the ISO containing the Guest Additions + </para></entry> + </row> + </tbody> + </tgroup> + </table> + + <para> + To disable full screen mode and seamless mode, use the following + command: + </para> + +<screen>VBoxManage setextradata global GUI/Input/MachineShortcuts "FullscreenMode=None,SeamlessMode=None"</screen> + + </sect2> + + <sect2 id="terminate-vm-action"> + + <title>Action when Terminating the VM</title> + + <para> + You can disallow, or blacklist, certain actions when terminating + a VM. To disallow specific actions, use the following command: + </para> + +<screen>VBoxManage setextradata "VM name" GUI/RestrictedCloseActions OPTION[,OPTION...]</screen> + + <para> + where <computeroutput>OPTION</computeroutput> is one of the + following keywords: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput>SaveState</computeroutput> + </term> + + <listitem> + <para> + Do not allow the user to save the VM state when + terminating the VM. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Shutdown</computeroutput> + </term> + + <listitem> + <para> + Do not allow the user to shutdown the VM by sending the + ACPI power-off event to the guest. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>PowerOff</computeroutput> + </term> + + <listitem> + <para> + Do not allow the user to power off the VM. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>PowerOffRestoringSnapshot</computeroutput> + </term> + + <listitem> + <para> + Do not allow the user to return to the last snapshot when + powering off the VM. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Detach</computeroutput> + </term> + + <listitem> + <para> + Do not allow the user to detach from the VM process if the + VM was started in separate mode. + </para> + </listitem> + </varlistentry> + + </variablelist> + + <para> + This is a per-VM setting. Any combination of the above is + allowed. If all options are specified, the VM cannot be shut + down at all. + </para> + + </sect2> + + <sect2 id="terminate-vm-default-action"> + + <title>Default Action when Terminating the VM</title> + + <para> + You can define a specific action for terminating a VM. In + contrast to the setting decribed in the previous section, this + setting allows only one action when the user terminates the VM. + No exit menu is shown. Use the following command: + </para> + +<screen>VBoxManage setextradata "VM name" GUI/DefaultCloseAction ACTION</screen> + + <para> + where <computeroutput>ACTION</computeroutput> is one of the + following keywords: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput>SaveState</computeroutput> + </term> + + <listitem> + <para> + Save the VM state before terminating the VM process. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Shutdown</computeroutput> + </term> + + <listitem> + <para> + The VM is shut down by sending the ACPI power-off event to + the guest. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>PowerOff</computeroutput> + </term> + + <listitem> + <para> + The VM is powered off. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>PowerOffRestoringSnapshot</computeroutput> + </term> + + <listitem> + <para> + The VM is powered off and the saved state returns to the + last snapshot. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Detach</computeroutput> + </term> + + <listitem> + <para> + Terminate the frontend but leave the VM process running. + </para> + </listitem> + </varlistentry> + + </variablelist> + + <para> + This is a per-VM setting. Any combination of the above is + allowed. If all options are specified, the VM cannot be shut + down at all. + </para> + + </sect2> + + <sect2 id="guru-meditation-action"> + + <title>Action for Handling a Guru Meditation</title> + + <para> + A VM runs into a Guru Meditation if there is a problem which + cannot be fixed by other means than terminating the process. The + default is to show a message window which instructs the user to + open a bug report. + </para> + + <para> + This behavior can be configured as follows: + </para> + +<screen>VBoxManage setextradata "VM name" GUI/GuruMeditationHandler MODE</screen> + + <para> + where <computeroutput>MODE</computeroutput> is one of the + following keywords: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput>Default</computeroutput> + </term> + + <listitem> + <para> + A message window is shown. After the user confirmed, the + VM is terminated. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>PowerOff</computeroutput> + </term> + + <listitem> + <para> + The VM is immediately powered-off without showing any + message window. The VM logfile will show information about + what happened. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Ignore</computeroutput> + </term> + + <listitem> + <para> + The VM is left in stuck mode. Execution is stopped but no + message window is shown. The VM has to be powered off + manually. + </para> + </listitem> + </varlistentry> + + </variablelist> + + <para> + This is a per-VM setting. + </para> + + </sect2> + + <sect2 id="mouse-capture"> + + <title>Configuring Automatic Mouse Capturing</title> + + <para> + By default, the mouse is captured if the user clicks on the + guest window and the guest expects relative mouse coordinates at + this time. This happens if the pointing device is configured as + PS/2 mouse and the guest has not yet started the &product-name; + Guest Additions. For instance, the guest is booting or the Guest + Additions are not installed, or if the pointing device is + configured as a USB tablet but the guest has no USB driver + loaded yet. Once the Guest Additions become active or the USB + guest driver is started, the mouse capture is automatically + released. + </para> + + <para> + The default behavior is sometimes not desired. Therefore it can + be configured as follows: + </para> + +<screen>VBoxManage setextradata "VM name" GUI/MouseCapturePolicy MODE</screen> + + <para> + where <computeroutput>MODE</computeroutput> is one of the + following keywords: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput>Default</computeroutput> + </term> + + <listitem> + <para> + The default behavior as described above. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>HostComboOnly</computeroutput> + </term> + + <listitem> + <para> + The mouse is only captured if the Host Key is toggled. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>Disabled</computeroutput> + </term> + + <listitem> + <para> + The mouse is never captured, also not by toggling the Host + Key + </para> + </listitem> + </varlistentry> + + </variablelist> + + <para> + This is a per-VM setting. + </para> + + </sect2> + + <sect2 id="legacy-fullscreen-mode"> + + <title>Requesting Legacy Full-Screen Mode</title> + + <para> + &product-name; uses special window manager facilities to switch + a multi-screen machine to full-screen on a multi-monitor host + system. However, not all window managers provide these + facilities correctly. &product-name; can be configured to use a + legacy method of switching to full-screen mode instead, by using + the command: + </para> + +<screen>VBoxManage setextradata global GUI/Fullscreen/LegacyMode true</screen> + + <para> + You can go back to the default method by using the following + command: + </para> + +<screen>VBoxManage setextradata global GUI/Fullscreen/LegacyMode</screen> + + <para> + This is a global setting. + </para> + + </sect2> + + </sect1> + + <sect1 id="vboxwebsrv-daemon"> + + <title>Starting the &product-name; Web Service Automatically</title> + + <para> + The &product-name; web service, + <computeroutput>vboxwebsrv</computeroutput>, is used for + controlling &product-name; remotely. It is documented in detail in + the &product-name; Software Development Kit (SDK). See + <xref linkend="VirtualBoxAPI" />. As the client base using this + interface is growing, we added start scripts for the various + operation systems we support. The following sections describe how + to use them. The &product-name; web service is never started + automatically as a result of a standard installation. + </para> + + <sect2 id="vboxwebsrv-linux"> + + <title>Linux: Starting the Web Service With init</title> + + <para> + On Linux, the web service can be automatically started during + host boot by adding appropriate parameters to the file + <computeroutput>/etc/default/virtualbox</computeroutput>. There + is one mandatory parameter, + <computeroutput>VBOXWEB_USER</computeroutput>, which must be set + to the user which will later start the VMs. The parameters in + the following table all start with the + <computeroutput>VBOXWEB_</computeroutput> prefix string. For + example: <computeroutput>VBOXWEB_HOST</computeroutput> and + <computeroutput>VBOXWEB_PORT</computeroutput>. + </para> + + <table id="table-websrv-config-params" tabstyle="oracle-all"> + <title>Web Service Configuration Parameters</title> + <tgroup cols="3"> + <thead> + <row> + <entry><para> + <emphasis role="bold">Parameter</emphasis> + </para></entry> + <entry><para> + <emphasis role="bold">Description</emphasis> + </para></entry> + <entry><para> + <emphasis role="bold">Default</emphasis> + </para></entry> + </row> + </thead> + <tbody> + <row> + <entry><para> + <computeroutput>USER</computeroutput> + </para></entry> + <entry><para> + The user which the web service runs as + </para></entry> + <entry><para></para></entry> + </row> + <row> + <entry><para> + <computeroutput>HOST</computeroutput> + </para></entry> + <entry><para> + The host to bind the web service to + </para></entry> + <entry><para> + localhost + </para></entry> + </row> + <row> + <entry><para> + <computeroutput>PORT</computeroutput> + </para></entry> + <entry><para> + The port to bind the web service to + </para></entry> + <entry><para> + 18083 + </para></entry> + </row> + <row> + <entry><para> + <computeroutput>SSL_KEYFILE</computeroutput> + </para></entry> + <entry><para> + Server key and certificate file, in PEM format + </para></entry> + <entry><para></para></entry> + </row> + <row> + <entry><para> + <computeroutput>SSL_PASSWORDFILE</computeroutput> + </para></entry> + <entry><para> + File name for password to server key + </para></entry> + <entry><para></para></entry> + </row> + <row> + <entry><para> + <computeroutput>SSL_CACERT</computeroutput> + </para></entry> + <entry><para> + CA certificate file, in PEM format + </para></entry> + <entry><para></para></entry> + </row> + <row> + <entry><para> + <computeroutput>SSL_CAPATH</computeroutput> + </para></entry> + <entry><para> + CA certificate path + </para></entry> + <entry><para></para></entry> + </row> + <row> + <entry><para> + <computeroutput>SSL_DHFILE</computeroutput> + </para></entry> + <entry><para> + DH file name or DH key length in bits + </para></entry> + <entry><para></para></entry> + </row> + <row> + <entry><para> + <computeroutput>SSL_RANDFILE</computeroutput> + </para></entry> + <entry><para> + File containing seed for random number generator + </para></entry> + <entry><para></para></entry> + </row> + <row> + <entry><para> + <computeroutput>TIMEOUT</computeroutput> + </para></entry> + <entry><para> + Session timeout in seconds, 0 disables timeouts + </para></entry> + <entry><para> + 300 + </para></entry> + </row> + <row> + <entry><para> + <computeroutput>CHECK_INTERVAL</computeroutput> + </para></entry> + <entry><para> + Frequency of timeout checks in seconds + </para></entry> + <entry><para> + 5 + </para></entry> + </row> + <row> + <entry><para> + <computeroutput>THREADS</computeroutput> + </para></entry> + <entry><para> + Maximum number of worker threads to run in parallel + </para></entry> + <entry><para> + 100 + </para></entry> + </row> + <row> + <entry><para> + <computeroutput>KEEPALIVE</computeroutput> + </para></entry> + <entry><para> + Maximum number of requests before a socket will be + closed + </para></entry> + <entry><para> + 100 + </para></entry> + </row> + <row> + <entry><para> + <computeroutput>ROTATE</computeroutput> + </para></entry> + <entry><para> + Number of log files, 0 disables log rotation + </para></entry> + <entry><para> + 10 + </para></entry> + </row> + <row> + <entry><para> + <computeroutput>LOGSIZE</computeroutput> + </para></entry> + <entry><para> + Maximum log file size to trigger rotation, in bytes + </para></entry> + <entry><para> + 1MB + </para></entry> + </row> + <row> + <entry><para> + <computeroutput>LOGINTERVAL</computeroutput> + </para></entry> + <entry><para> + Maximum time interval to trigger log rotation, in + seconds + </para></entry> + <entry><para> + 1 day + </para></entry> + </row> + </tbody> + </tgroup> + </table> + + <para> + Setting the parameter + <computeroutput>SSL_KEYFILE</computeroutput> enables the SSL/TLS + support. Using encryption is strongly encouraged, as otherwise + everything, including passwords, is transferred in clear text. + </para> + + </sect2> + + <sect2 id="vboxwebsrv-solaris"> + + <title>Oracle Solaris: Starting the Web Service With SMF</title> + + <para> + On Oracle Solaris hosts, the &product-name; web service daemon + is integrated into the SMF framework. You can change the + parameters, but do not have to if the defaults below already + match your needs: + </para> + +<screen>svccfg -s svc:/application/virtualbox/webservice:default setprop config/host=localhost +svccfg -s svc:/application/virtualbox/webservice:default setprop config/port=18083 +svccfg -s svc:/application/virtualbox/webservice:default setprop config/user=root</screen> + + <para> + <xref linkend="table-websrv-config-params"/> showing the + parameter names and defaults also applies for Oracle Solaris. + The parameter names must be changed to lowercase and a prefix of + <computeroutput>config/</computeroutput> has to be added. For + example: <computeroutput>config/user</computeroutput> or + <computeroutput>config/ssl_keyfile</computeroutput>. If you make + any change, do not forget to run the following command to put + the changes into effect immediately: + </para> + +<screen>svcadm refresh svc:/application/virtualbox/webservice:default</screen> + + <para> + If you forget the above command then the previous settings are + used when enabling the service. Check the current property + settings as follows: + </para> + +<screen>svcprop -p config svc:/application/virtualbox/webservice:default</screen> + + <para> + When everything is configured correctly you can start the + &product-name; web service with the following command: + </para> + +<screen>svcadm enable svc:/application/virtualbox/webservice:default</screen> + + <para> + For more information about SMF, please refer to the Oracle + Solaris documentation. + </para> + + </sect2> + + <sect2 id="vboxwebsrv-osx"> + + <title>Mac OS X: Starting the Web Service With launchd</title> + + <para> + On Mac OS X, launchd is used to start the &product-name; + webservice. An example configuration file can be found in + <computeroutput>$HOME/Library/LaunchAgents/org.virtualbox.vboxwebsrv.plist</computeroutput>. + It can be enabled by changing the + <computeroutput>Disabled</computeroutput> key from + <computeroutput>true</computeroutput> to + <computeroutput>false</computeroutput>. To manually start the + service use the following command: + </para> + +<screen>launchctl load ~/Library/LaunchAgents/org.virtualbox.vboxwebsrv.plist</screen> + + <para> + For additional information on how launchd services could be + configured see: + </para> + + <para> + <ulink + url="https://developer.apple.com/library/mac/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html">https://developer.apple.com/library/mac/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html</ulink>. + </para> + + </sect2> + + </sect1> + + <sect1 id="vboxwatchdog"> + + <title>&product-name; Watchdog</title> + + <para> + The memory ballooning service, formerly known as + <computeroutput>VBoxBalloonCtrl</computeroutput>, was renamed to + VBoxWatchdog. This service now incorporates the following host + services that are meant to be run in a server environment: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Memory ballooning control.</emphasis> + This service automatically takes care of a VM's configured + memory balloon. See <xref linkend="guestadd-balloon" />. This + service is useful for server environments where VMs may + dynamically require more or less memory during runtime. + </para> + + <para> + The service periodically checks a VM's current memory balloon + and its free guest RAM and automatically adjusts the current + memory balloon by inflating or deflating it accordingly. This + handling only applies to running VMs having recent Guest + Additions installed. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Host isolation detection.</emphasis> + This service provides a way to detect whether the host cannot + reach the specific &product-name; server instance anymore and + take appropriate actions, such as shutting down, saving the + current state or even powering down certain VMs. + </para> + </listitem> + + </itemizedlist> + + <para> + All configuration values can be either specified using the command + line or global extradata, whereas command line values always have + a higher priority when set. Some of the configuration values also + be specified on a per-VM basis. So the overall lookup order is: + command line, per-VM basis extradata if available, global + extradata. + </para> + + <sect2 id="vboxwatchdog-ballonctrl"> + + <title>Memory Ballooning Control</title> + + <para> + The memory ballooning control inflates and deflates the memory + balloon of VMs based on the VMs free memory and the desired + maximum balloon size. + </para> + + <para> + To set up the memory ballooning control the maximum ballooning + size a VM can reach needs to be set. This can be specified using + the command line, as follows: + </para> + +<screen>--balloon-max <Size in MB></screen> + + <para> + Using a per-VM basis extradata value, as follows: + </para> + +<screen>VBoxManage setextradata <VM-Name> VBoxInternal2/Watchdog/BalloonCtrl/BalloonSizeMax <Size in MB></screen> + + <para> + Using a global extradata value, as follows: + </para> + +<screen>VBoxManage setextradata global VBoxInternal2/Watchdog/BalloonCtrl/BalloonSizeMax <Size in MB></screen> + + <note> + <para> + If no maximum ballooning size is specified by at least one of + the parameters above, no ballooning will be performed at all. + </para> + </note> + + <para> + Setting the ballooning increment in MB can be either done using + command line, as follows: + </para> + +<screen>--balloon-inc <Size in MB></screen> + + <para> + Using a global extradata value, as follows: + </para> + +<screen>VBoxManage setextradata global VBoxInternal2/Watchdog/BalloonCtrl/BalloonIncrementMB <Size in MB></screen> + + <para> + The default ballooning increment is 256 MB if not specified. + </para> + + <para> + The same options apply for a ballooning decrement. Using the + command line, as follows: + </para> + +<screen>--balloon-dec <Size in MB></screen> + + <para> + Using a global extradata value, as follows: + </para> + +<screen>VBoxManage setextradata global VBoxInternal2/Watchdog/BalloonCtrl/BalloonDecrementMB <Size in MB></screen> + + <para> + The default ballooning decrement is 128 MB if not specified. + </para> + + <para> + The lower limit in MB for a balloon can be defined using the + command line, as follows: + </para> + +<screen>--balloon-lower-limit <Size in MB></screen> + + <para> + Using a global extradata value, as follows: + </para> + +<screen>VBoxManage setextradata global VBoxInternal2/Watchdog/BalloonCtrl/BalloonLowerLimitMB <Size in MB></screen> + + <para> + The default lower limit is 128 MB if not specified. + </para> + + </sect2> + + <sect2 id="vboxwatchdog-hostisln"> + + <title>Host Isolation Detection</title> + + <para> + To detect whether a host is being isolated, that is, the host + cannot reach the &product-name; server instance anymore, the + host needs to set an alternating value to a global extradata + value within a time period. If this value is not set within that + time period a timeout occurred and the so-called host isolation + response will be performed to the VMs handled. Which VMs are + handled can be controlled by defining VM groups and assigning + VMs to those groups. By default no groups are set, meaning that + all VMs on the server will be handled when no host response is + received within 30 seconds. + </para> + + <para> + Set the groups handled by the host isolation detection using the + following command line: + </para> + +<screen>--apimon-groups=<string[,stringN]></screen> + + <para> + Using a global extradata value, as follows: + </para> + +<screen>VBoxManage setextradata global VBoxInternal2/Watchdog/APIMonitor/Groups <string[,stringN]></screen> + + <para> + Set the host isolation timeout using the following command line: + </para> + +<screen>--apimon-isln-timeout=<ms></screen> + + <para> + Using a global extradata value, as follows: + </para> + +<screen>VBoxManage setextradata global VBoxInternal2/Watchdog/APIMonitor/IsolationTimeoutMS <ms></screen> + + <para> + Set the actual host isolation response using the following + command line: + </para> + +<screen>--apimon-isln-response=<cmd></screen> + + <para> + Using a global extradata value, as follows: + </para> + +<screen>VBoxManage setextradata global VBoxInternal2/Watchdog/APIMonitor/IsolationResponse <cmd></screen> + + <para> + The following response commands are available: + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>none</computeroutput>. This has no effect. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>pause</computeroutput>. Pauses the execution + of a VM. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>poweroff</computeroutput>. Shuts down the VM + by pressing the virtual power button. The VM will not have + the chance of saving any data or veto the shutdown process. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>save</computeroutput>. Saves the current + machine state and powers off the VM afterwards. If saving + the machine state fails the VM will be paused. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>shutdown</computeroutput>. Shuts down the VM + in a gentle way by sending an + <computeroutput>ACPI</computeroutput> shutdown event to the + VM's operating system. The OS then has the chance of doing a + clean shutdown. + </para> + </listitem> + + </itemizedlist> + + </sect2> + + <sect2 id="vboxwatchdog-moreinfo"> + + <title>More Information</title> + + <para> + For more advanced options and parameters like verbose logging + check the built-in command line help accessible with + <computeroutput>--help</computeroutput>. + </para> + + </sect2> + + <sect2 id="vboxwatchdog-linux"> + + <title>Linux: Starting the Watchdog Service With init</title> + + <para> + On Linux, the watchdog service can be automatically started + during host boot by adding appropriate parameters to the file + <computeroutput>/etc/default/virtualbox</computeroutput>. There + is one mandatory parameter, + <computeroutput>VBOXWATCHDOG_USER</computeroutput>, which must + be set to the user which will later start the VMs. For backward + compatibility you can also specify + <computeroutput>VBOXBALLOONCTRL_USER</computeroutput>. + </para> + + <para> + The parameters in the following table all start with the + <computeroutput>VBOXWATCHDOG_</computeroutput> prefix string. + For example: + <computeroutput>VBOXWATCHDOG_BALLOON_INTERVAL</computeroutput> + and <computeroutput>VBOXWATCHDOG_LOGSIZE</computeroutput>. + Legacy parameters such as + <computeroutput>VBOXBALLOONCTRL_INTERVAL</computeroutput> can + still be used. + </para> + + <table id="table-vboxwatchdog-config-params" tabstyle="oracle-all"> + <title>&product-name; Watchdog Configuration Parameters</title> + <tgroup cols="3"> + <thead> + <row> + <entry><para> + <emphasis role="bold">Parameter</emphasis> + </para></entry> + <entry><para> + <emphasis role="bold">Description</emphasis> + </para></entry> + <entry><para> + <emphasis role="bold">Default</emphasis> + </para></entry> + </row> + </thead> + <tbody> + <row> + <entry><para> + <computeroutput>USER</computeroutput> + </para></entry> + <entry><para> + The user which the watchdog service runs as + </para></entry> + <entry><para></para></entry> + </row> + <row> + <entry><para> + <computeroutput>ROTATE</computeroutput> + </para></entry> + <entry><para> + Number of log files, 0 disables log rotation + </para></entry> + <entry><para> + 10 + </para></entry> + </row> + <row> + <entry><para> + <computeroutput>LOGSIZE</computeroutput> + </para></entry> + <entry><para> + Maximum log file size to trigger rotation, in bytes + </para></entry> + <entry><para> + 1MB + </para></entry> + </row> + <row> + <entry><para> + <computeroutput>LOGINTERVAL</computeroutput> + </para></entry> + <entry><para> + Maximum time interval to trigger log rotation, in + seconds + </para></entry> + <entry><para> + 1 day + </para></entry> + </row> + <row> + <entry><para> + <computeroutput>BALLOON_INTERVAL</computeroutput> + </para></entry> + <entry><para> + Interval for checking the balloon size, in + milliseconds + </para></entry> + <entry><para> + 30000 + </para></entry> + </row> + <row> + <entry><para> + <computeroutput>BALLOON_INCREMENT</computeroutput> + </para></entry> + <entry><para> + Balloon size increment, in megabytes + </para></entry> + <entry><para> + 256 + </para></entry> + </row> + <row> + <entry><para> + <computeroutput>BALLOON_DECREMENT</computeroutput> + </para></entry> + <entry><para> + Balloon size decrement, in megabytes + </para></entry> + <entry><para> + 128 + </para></entry> + </row> + <row> + <entry><para> + <computeroutput>BALLOON_LOWERLIMIT</computeroutput> + </para></entry> + <entry><para> + Balloon size lower limit, in megabytes + </para></entry> + <entry><para> + 64 + </para></entry> + </row> + <row> + <entry><para> + <computeroutput>BALLOON_SAFETYMARGIN</computeroutput> + </para></entry> + <entry><para> + Free memory required for decreasing the balloon size, + in megabytes + </para></entry> + <entry><para> + 1024 + </para></entry> + </row> + </tbody> + </tgroup> + </table> + + </sect2> + + <sect2 id="vboxwatchdog-solaris"> + + <title>Oracle Solaris: Starting the Watchdog Service With SMF</title> + + <para> + On Oracle Solaris hosts, the &product-name; watchdog service + daemon is integrated into the SMF framework. You can change the + parameters, but do not have to if the defaults already match + your needs: + </para> + +<screen>svccfg -s svc:/application/virtualbox/balloonctrl:default setprop \ + config/balloon_interval=10000 +svccfg -s svc:/application/virtualbox/balloonctrl:default setprop \ +config/balloon_safetymargin=134217728</screen> + + <para> + <xref linkend="table-vboxwatchdog-config-params"/> also applies + for Oracle Solaris. The parameter names must be changed to + lowercase and a prefix of + <computeroutput>config/</computeroutput> has to be added. For + example: <computeroutput>config/user</computeroutput> or + <computeroutput>config/balloon_safetymargin</computeroutput>. If + you made any change, do not forget to run the following command + to put the changes into effect immediately: + </para> + +<screen>svcadm refresh svc:/application/virtualbox/balloonctrl:default</screen> + + <para> + If you forget the above command then the previous settings will + be used when enabling the service. Check the current property + settings with the following command: + </para> + +<screen>svcprop -p config svc:/application/virtualbox/balloonctrl:default</screen> + + <para> + When everything is configured correctly you can start the + &product-name; watchdog service with the following command: + </para> + +<screen>svcadm enable svc:/application/virtualbox/balloonctrl:default</screen> + + <para> + For more information about SMF, please refer to the Oracle + Solaris documentation. + </para> + + </sect2> + + </sect1> + + <sect1 id="otherextpacks"> + + <title>Other Extension Packs</title> + + <para> + Another extension pack called VNC is available. This extension + pack is open source and replaces the previous integration of the + VNC remote access protocol. This is experimental code, and is + initially available in the &product-name; source code package + only. It is to a large portion code contributed by users, and is + not supported in any way by Oracle. + </para> + + <para> + The keyboard handling is severely limited, and only the US + keyboard layout works. Other keyboard layouts will have at least + some keys which produce the wrong results, often with quite + surprising effects, and for layouts which have significant + differences to the US keyboard layout it is most likely unusable. + </para> + + <para> + It is possible to install both the &product-name; Extension Pack + and VNC, but only one VRDE module can be active at any time. The + following command switches to the VNC VRDE module in VNC: + </para> + +<screen>VBoxManage setproperty vrdeextpack VNC</screen> + + <para> + Configuring the remote access works very similarly to VRDP, see + <xref linkend="vrde" />, with some limitations. VNC does not + support specifying several port numbers, and the authentication is + done differently. VNC can only deal with password authentication, + and there is no option to use password hashes. This leaves no + other choice than having a clear-text password in the VM + configuration, which can be set with the following command: + </para> + +<screen>VBoxManage modifyvm "VM name" --vrdeproperty VNCPassword=secret</screen> + + <para> + The user is responsible for keeping this password secret, and it + should be removed when a VM configuration is passed to another + person, for whatever purpose. Some VNC servers claim to have + encrypted passwords in the configuration. This is not true + encryption, it is only concealing the passwords, which is only as + secure as using clear-text passwords. + </para> + + <para> + The following command switches back to VRDP, if installed: + </para> + +<screen>VBoxManage setproperty vrdeextpack "&product-name; Extension Pack"</screen> + + </sect1> + + <sect1 id="autostart"> + + <title>Starting Virtual Machines During System Boot</title> + + <para> + You can start VMs automatically during system boot on Linux, + Oracle Solaris, and Mac OS X platforms for all users. + </para> + + <sect2 id="autostart-linux"> + + <title>Linux: Starting the Autostart Service With init</title> + + <para> + On Linux, the autostart service is activated by setting two + variables in + <computeroutput>/etc/default/virtualbox</computeroutput>. The + first one is <computeroutput>VBOXAUTOSTART_DB</computeroutput> + which contains an absolute path to the autostart database + directory. The directory should have write access for every user + who should be able to start virtual machines automatically. + Furthermore the directory should have the sticky bit set. The + second variable is + <computeroutput>VBOXAUTOSTART_CONFIG</computeroutput> which + points the service to the autostart configuration file which is + used during boot to determine whether to allow individual users + to start a VM automatically and configure startup delays. The + configuration file can be placed in + <computeroutput>/etc/vbox</computeroutput> and contains several + options. One is <computeroutput>default_policy</computeroutput> + which controls whether the autostart service allows or denies to + start a VM for users which are not in the exception list. The + exception list starts with + <computeroutput>exception_list</computeroutput> and contains a + comma separated list with usernames. Furthermore a separate + startup delay can be configured for every user to avoid + overloading the host. A sample configuration is given below: + </para> + +<screen> +# Default policy is to deny starting a VM, the other option is "allow". +default_policy = deny + +# Bob is allowed to start virtual machines but starting them +# will be delayed for 10 seconds +bob = { + allow = true + startup_delay = 10 +} + +# Alice is not allowed to start virtual machines, useful to exclude certain users +# if the default policy is set to allow. +alice = { + allow = false +} + </screen> + + <para> + Every user who wants to enable autostart for individual machines + has to set the path to the autostart database directory with the + following command: + </para> + +<screen>VBoxManage setproperty autostartdbpath <Autostart directory></screen> + + </sect2> + + <sect2 id="autostart-solaris"> + + <title>Oracle Solaris: Starting the Autostart Service With SMF</title> + + <para> + On Oracle Solaris hosts, the &product-name; autostart daemon is + integrated into the SMF framework. To enable it you have to + point the service to an existing configuration file which has + the same format as on Linux, see + <xref linkend="autostart-linux" />. For example: + </para> + +<screen>svccfg -s svc:/application/virtualbox/autostart:default setprop \ + config/config=/etc/vbox/autostart.cfg</screen> + + <para> + When everything is configured correctly you can start the + &product-name; autostart service with the following command: + </para> + +<screen>svcadm enable svc:/application/virtualbox/autostart:default</screen> + + <para> + For more information about SMF, please refer to the Oracle + Solaris documentation. + </para> + + </sect2> + + <sect2 id="autostart-osx"> + + <title>Mac OS X: Starting the Autostart Service With launchd</title> + + <para> + On Mac OS X, launchd is used to start the &product-name; + autostart service. An example configuration file can be found in + <computeroutput>/Applications/VirtualBox.app/Contents/MacOS/org.virtualbox.vboxautostart.plist</computeroutput>. + To enable the service copy the file to + <computeroutput>/Library/LaunchDaemons</computeroutput> and + change the <computeroutput>Disabled</computeroutput> key from + <computeroutput>true</computeroutput> to + <computeroutput>false</computeroutput>. Furthermore replace the + second parameter to an existing configuration file which has the + same format as on Linux, see <xref linkend="autostart-linux" />. + </para> + + <para> + To manually start the service use the following command: + </para> + +<screen>launchctl load /Library/LaunchDaemons/org.virtualbox.vboxautostart.plist</screen> + + <para> + For additional information on how launchd services can be + configured see: + </para> + + <para> + <ulink + url="http://developer.apple.com/mac/library/documentation/MacOSX/Conceptual/BPSystemStartup/BPSystemStartup.html">http://developer.apple.com/mac/library/documentation/MacOSX/Conceptual/BPSystemStartup/BPSystemStartup.html</ulink>. + </para> + + </sect2> + + </sect1> + + <sect1 id="vboxexpertstoragemgmt"> + + <title>&product-name; Expert Storage Management</title> + + <para> + In case the snapshot model of &product-name; is not sufficient it + is possible to enable a special mode which makes it possible to + reconfigure storage attachments while the VM is paused. The user + has to make sure that the disk data stays consistent to the guest + because unlike with hotplugging the guest is not informed about + detached or newly attached media. + </para> + + <para> + The expert storage management mode can be enabled per VM + executing: + </para> + +<screen>VBoxManage setextradata "VM name" "VBoxInternal2/SilentReconfigureWhilePaused" 1</screen> + + <para> + Storage attachments can be reconfigured while the VM is paused + afterwards using: + </para> + +<screen>VBoxManage storageattach ...</screen> + + </sect1> + + <sect1 id="hostpowertweaks"> + + <title>Handling of Host Power Management Events</title> + + <para> + Some host power management events are handled by &product-name;. + The actual behavior depends on the platform: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Host Suspends.</emphasis> This event is + generated when the host is about to suspend, that is, the host + saves the state to some non-volatile storage and powers off. + </para> + + <para> + This event is currently only handled on Windows hosts and Mac + OS X hosts. When this event is generated, &product-name; will + pause all running VMs. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Host Resumes.</emphasis> This event is + generated when the host woke up from the suspended state. + </para> + + <para> + This event is currently only handled on Windows hosts and Mac + OS X hosts. When this event is generated, &product-name; will + resume all VMs which are where paused before. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Battery Low.</emphasis> The battery + level reached a critical level, usually less than 5 percent + charged. + </para> + + <para> + This event is currently only handled on Windows hosts and Mac + OS X hosts. When this event is generated, &product-name; will + save the state and terminate all VMs in preparation of a + potential host powerdown. + </para> + + <para> + The behavior can be configured. By executing the following + command, no VM is saved: + </para> + +<screen>VBoxManage setextradata global "VBoxInternal2/SavestateOnBatteryLow" 0</screen> + + <para> + This is a global setting as well as a per-VM setting. The + per-VM value has higher precedence than the global value. The + following command will save the state of all VMs but will not + save the state of VM "foo": + </para> + +<screen>VBoxManage setextradata global "VBoxInternal2/SavestateOnBatteryLow" 1 +VBoxManage setextradata "foo" "VBoxInternal2/SavestateOnBatteryLow" 0</screen> + + <para> + The first line is actually not required as by default the + savestate action is performed. + </para> + </listitem> + + </itemizedlist> + + </sect1> + + <sect1 id="sse412passthrough"> + + <title>Passing Through SSE4.1/SSE4.2 Instructions</title> + + <para> + To provide SSE 4.1/SSE 4.2 support to guests, the host CPU has to + implement these instruction sets. The instruction sets are exposed + to guests by default, but it is possible to disable the + instructions for certain guests by using the following commands: + </para> + +<screen>VBoxManage setextradata "VM name" VBoxInternal/CPUM/IsaExts/SSE4.1 0 +VBoxManage setextradata "VM name" VBoxInternal/CPUM/IsaExts/SSE4.2 0</screen> + + <para> + These are per-VM settings which are enabled by default. + </para> + + </sect1> + + <sect1 id="hidledssync"> + + <title>Support for Keyboard Indicator Synchronization</title> + + <para> + This feature makes the host keyboard indicators (LEDs) match those + of the VM's emulated keyboard when the machine window is active. + It is currently implemented for Mac OS X and Windows hosts. This + feature is enabled by default on supported host OSes. You can + disable this feature by running the following command: + </para> + +<screen>VBoxManage setextradata "VM name" GUI/HidLedsSync 0</screen> + + <para> + This is a per-VM setting, which is enabled by default. + </para> + + </sect1> + + <sect1 id="usbtrafficcapturing"> + + <title>Capturing USB Traffic for Selected Devices</title> + + <para> + You can capture USB traffic for single USB devices or on the root + hub level, which captures the traffic of all USB devices attached + to the root hub. &product-name; stores the traffic in a format + which is compatible with Wireshark. To capture the traffic of a + specific USB device it must be attached to the VM with + <command>VBoxManage</command> using the following command: + </para> + +<screen>VBoxManage controlvm "VM name" usbattach "device uuid|address" --capturefile "filename"</screen> + + <para> + In order to enable capturing on the root hub use the following + command while the VM is not running: + </para> + +<screen>VBoxManage setextradata "VM name" \ + VBoxInternal/Devices/usb-ehci/0/LUN#0/Config/CaptureFilename "filename"</screen> + + <para> + The command above enables capturing on the root hub attached to + the EHCI controller. To enable it for the OHCI or XHCI controller + replace <computeroutput>usb-ehci</computeroutput> with + <computeroutput>usb-ohci</computeroutput> or + <computeroutput>usb-xhci</computeroutput> respectively. + </para> + + </sect1> + + <sect1 id="heartbeatservice"> + + <title>Configuring the Heartbeat Service</title> + + <para> + &product-name; ships a simple heartbeat service. Once the Guest + Additions are active, the guest sends frequent heartbeat pings to + the host. If the guest stops sending the heartbeat pings without + properly terminating the service, the VM process will log this + event in the VBox.log file. In the future it might be possible to + configure dedicated actions but for now there is only a warning in + the log file. + </para> + + <para> + There are two parameters to configure. The <emphasis>heartbeat + interval</emphasis> defines the time between two heartbeat pings. + The default value is 2 seconds, that is, the heartbeat service of + the &product-name; Guest Additions will send a heartbeat ping + every two seconds. The value in nanoseconds can be configured like + this: + </para> + +<screen>VBoxManage setextradata "VM name"\ + VBoxInternal/Devices/VMMDev/0/Config/HeartbeatInterval 2000000000</screen> + + <para> + The <emphasis>heartbeat timeout</emphasis> defines the time the + host waits starting from the last heartbeat ping before it defines + the guest as unresponsive. The default value is 2 times the + heartbeat interval (4 seconds) and can be configured as following, + in nanoseconds: + </para> + +<screen>VBoxManage setextradata "VM name" \ + VBoxInternal/Devices/VMMDev/0/Config/HeartbeatTimeout 4000000000</screen> + + <para> + If the heartbeat timeout expires, there will be a log message like + <emphasis>VMMDev: HeartBeatCheckTimer: Guest seems to be + unresponsive. Last heartbeat received 5 seconds ago.</emphasis> If + another heartbeat ping arrives after this warning, there will be a + log message like <emphasis>VMMDev: GuestHeartBeat: Guest is + alive.</emphasis> + </para> + + </sect1> + + <sect1 id="diskencryption"> + + <title>Encryption of Disk Images</title> + + <para> + &product-name; enables you to transparently encrypt the data + stored in hard disk images for the guest. It does not depend on a + specific image format to be used. Images which have the data + encrypted are not portable between &product-name; and other + virtualization software. + </para> + + <para> + &product-name; uses the AES algorithm in XTS mode and supports + 128-bit or 256-bit data encryption keys (DEK). The DEK is stored + encrypted in the medium properties and is decrypted during VM + startup by entering a password which was chosen when the image was + encrypted. + </para> + + <para> + Since the DEK is stored as part of the VM configuration file, it + is important that it is kept safe. Losing the DEK means that the + data stored in the disk images is lost irrecoverably. Having + complete and up to date backups of all data related to the VM is + the responsibility of the user. + </para> + + <sect2 id="diskencryption-limitations"> + + <title>Limitations of Disk Encryption</title> + + <para> + There are some limitations the user needs to be aware of when + using this feature: + </para> + + <itemizedlist> + + <listitem> + <para> + This feature is part of the &product-name; Extension Pack, + which needs to be installed. Otherwise disk encryption is + unavailable. + </para> + </listitem> + + <listitem> + <para> + Since encryption works only on the stored user data, it is + currently not possible to check for metadata integrity of + the disk image. Attackers might destroy data by removing or + changing blocks of data in the image or change metadata + items such as the disk size. + </para> + </listitem> + + <listitem> + <para> + Exporting appliances which contain encrypted disk images is + not possible because the OVF specification does not support + this. All images are therefore decrypted during export. + </para> + </listitem> + + <listitem> + <para> + The DEK is kept in memory while the VM is running to be able + to decrypt data read and encrypt data written by the guest. + While this should be obvious the user needs to be aware of + this because an attacker might be able to extract the key on + a compromised host and decrypt the data. + </para> + </listitem> + + <listitem> + <para> + When encrypting or decrypting the images, the password is + passed in clear text using the &product-name; API. This + needs to be kept in mind, especially when using third party + API clients which make use of the webservice where the + password might be transmitted over the network. The use of + HTTPS is mandatory in such a case. + </para> + </listitem> + + <listitem> + <para> + Encrypting images with differencing images is only possible + if there are no snapshots or a linear chain of snapshots. + This limitation may be addressed in a future &product-name; + version. + </para> + </listitem> + + </itemizedlist> + + </sect2> + + <sect2 id="diskencryption-encryption"> + + <title>Encrypting Disk Images</title> + + <para> + Encrypting disk images can be done either using the GUI or + <command>VBoxManage</command>. While the GUI is easier to use, + it works on a per VM basis and encrypts all disk images attached + to the specific VM. With <command>VBoxManage</command> one can + encrypt individual images, including all differencing images. To + encrypt an unencrypted medium with + <command>VBoxManage</command>, use: + </para> + +<screen>VBoxManage encryptmedium "uuid|filename" \ + --newpassword "file|-" --cipher "cipher id" --newpasswordid "id"</screen> + + <para> + To supply the encryption password point + <command>VBoxManage</command> to the file where the password is + stored or specify <option>-</option> to let VBoxManage ask you + for the password on the command line. + </para> + + <para> + The cipher parameter specifies the cipher to use for encryption + and can be either + <computeroutput>AES-XTS128-PLAIN64</computeroutput> or + <computeroutput>AES-XTS256-PLAIN64</computeroutput>. The + specified password identifier can be freely chosen by the user + and is used for correct identification when supplying multiple + passwords during VM startup. + </para> + + <para> + If the user uses the same password when encrypting multiple + images and also the same password identifier, the user needs to + supply the password only once during VM startup. + </para> + + </sect2> + + <sect2 id="diskencryption-startvm"> + + <title>Starting a VM with Encrypted Images</title> + + <para> + When a VM is started using the GUI, a dialog will open where the + user needs to enter all passwords for all encrypted images + attached to the VM. If another frontend like VBoxHeadless is + used, the VM will be paused as soon as the guest tries to access + an encrypted disk. The user needs to provide the passwords + through <command>VBoxManage</command> using the following + command: + </para> + +<screen>VBoxManage controlvm "uuid|vmname" addencpassword "id" "password" [--removeonsuspend "yes|no"]</screen> + + <para> + The <computeroutput>id</computeroutput> parameter must be the + same as the password identifier supplied when encrypting the + images. <computeroutput>password</computeroutput> is the + password used when encrypting the images. The user can + optionally specify <computeroutput>--removeonsuspend + "yes|no"</computeroutput> to specify whether to remove the + password from VM memory when the VM is suspended. Before the VM + can be resumed, the user needs to supply the passwords again. + This is useful when a VM is suspended by a host suspend event + and the user does not want the password to remain in memory. + </para> + + </sect2> + + <sect2 id="diskencryption-decryption"> + + <title>Decrypting Encrypted Images</title> + + <para> + In some circumstances it might be required to decrypt previously + encrypted images. This can be done in the GUI for a complete VM + or using <command>VBoxManage</command> with the following + command: + </para> + +<screen>VBoxManage encryptmedium "uuid|filename" --oldpassword "file|-"</screen> + + <para> + The only required parameter is the password the image was + encrypted with. The options are the same as for encrypting + images. + </para> + + </sect2> + + </sect1> + + <sect1 id="gimdebug"> + + <title>Paravirtualized Debugging</title> + + <para> + In this section we cover debugging of guest operating systems + using interfaces supported by paravirtualization providers. + </para> + + <note> + <para> + Paravirtualized debugging significantly alter guest operating + system behaviour and should only be used by expert users for + debugging and diagnostics. + </para> + </note> + + <para> + These debug options are specified as a string of key-value pairs + separated by commas. An empty string disables paravirtualized + debugging. + </para> + + <sect2 id="gimdebughyperv"> + + <title>Hyper-V Debug Options</title> + + <para> + All of the options listed below are optional, and thus the + default value specified will be used when the corresponding + key-value pair is not specified. + </para> + + <itemizedlist> + + <listitem> + <para> + Key: + <emphasis role="bold"><computeroutput>enabled</computeroutput></emphasis> + </para> + + <para> + Value: <computeroutput>0</computeroutput> or + <computeroutput>1</computeroutput> + </para> + + <para> + Default: <computeroutput>0</computeroutput> + </para> + + <para> + Specify <computeroutput>1</computeroutput> to enable the + Hyper-V debug interface. If this key-value pair is not + specified or the value is not + <computeroutput>1</computeroutput>, the Hyper-V debug + interface is disabled regardless of other key-value pairs + being present. + </para> + </listitem> + + <listitem> + <para> + Key: + <emphasis role="bold"><computeroutput>address</computeroutput></emphasis> + </para> + + <para> + Value: IPv4 address + </para> + + <para> + Default: 127.0.0.1 + </para> + + <para> + Specify the IPv4 address where the remote debugger is + connected. + </para> + </listitem> + + <listitem> + <para> + Key: + <emphasis role="bold"><computeroutput>port</computeroutput></emphasis> + </para> + + <para> + Value: UDP port number + </para> + + <para> + Default: 50000 + </para> + + <para> + Specify the UDP port number where the remote debugger is + connected. + </para> + </listitem> + + <listitem> + <para> + Key: + <emphasis role="bold"><computeroutput>vendor</computeroutput></emphasis> + </para> + + <para> + Value: Hyper-V vendor signature reported by CPUID to the + guest + </para> + + <para> + Default: When debugging is enabled: + <computeroutput>Microsoft Hv</computeroutput>, otherwise: + <computeroutput>VBoxVBoxVBox</computeroutput> + </para> + + <para> + Specify the Hyper-V vendor signature which is exposed to the + guest by CPUID. For debugging Microsoft Windows guests, it + is required the hypervisor reports the Microsoft vendor. + </para> + </listitem> + + <listitem> + <para> + Key: + <emphasis role="bold"><computeroutput>hypercallinterface</computeroutput> + </emphasis> + </para> + + <para> + Value: <computeroutput>0</computeroutput> or + <computeroutput>1</computeroutput> + </para> + + <para> + Default: <computeroutput>0</computeroutput> + </para> + + <para> + Specify whether hypercalls should be suggested for + initiating debug data transfers between host and guest + rather than MSRs when requested by the guest. + </para> + </listitem> + + <listitem> + <para> + Key: + <emphasis role="bold"><computeroutput>vsinterface</computeroutput> + </emphasis> + </para> + + <para> + Value: <computeroutput>0</computeroutput> or + <computeroutput>1</computeroutput> + </para> + + <para> + Default: When debugging is enabled, + <computeroutput>1</computeroutput>, otherwise + <computeroutput>0</computeroutput> + </para> + + <para> + Specify whether to expose the VS#1 virtualization service + interface to the guest. This interface is required for + debugging Microsoft Windows 10 32-bit guests, but is + optional for other Windows versions. + </para> + </listitem> + + </itemizedlist> + + <sect3 id="gimdebughyperv-windows-setup"> + + <title>Setting up Windows Guests for Debugging with the Hyper-V + Paravirtualization Provider</title> + + <para> + Windows supports debugging over a serial cable, USB, IEEE 1394 + Firewire, and Ethernet. USB and IEEE 1394 are not applicable + for virtual machines, and Ethernet requires Windows 8 or + later. While a serial connection is universally usable, it is + slow. + </para> + + <para> + Debugging using the Hyper-V debug transport, supported on + Windows Vista and later, offers significant benefits. It + provides excellent performance due to direct host-to-guest + transfers, it is easy to set up and requires minimal support + from the hypervisor. It can be used with the debugger running + on the same host as the VM or with the debugger and VM on + separate machines connected over a network. + </para> + + <para> + <emphasis role="bold">Prerequisites</emphasis> + </para> + + <itemizedlist> + + <listitem> + <para> + A VM configured for Hyper-V paravirtualization running a + Windows Vista or newer Windows guest. You can check the + effective paravirtualization provider for your VM with the + output of the following <command>VBoxManage</command> + command: + </para> + +<screen>VBoxManage showvminfo "VM name"</screen> + </listitem> + + <listitem> + <para> + A sufficiently up-to-date version of the Microsoft WinDbg + debugger required to debug the version of Windows in your + VM. + </para> + </listitem> + + <listitem> + <para> + While Windows 8 and newer Windows guests ship with Hyper-V + debug support, Windows 7 and Vista do not. To use Hyper-V + debugging with a Windows 7 or Vista guest, copy the file + <computeroutput>kdvm.dll</computeroutput> from a Windows + 8.0 installation. This file is typically located in + <computeroutput>C:\Windows\System32</computeroutput>. Copy + it to the same location in your Windows 7/Vista guest. + Make sure you copy the 32-bit or 64-bit version of the DLL + which matches your guest OS. + </para> + + <note> + <para> + Only Windows 8.0 ships + <computeroutput>kdvm.dll</computeroutput>. Windows 8.1 + and newer Windows versions do not. + </para> + </note> + </listitem> + + </itemizedlist> + + <para> + <emphasis role="bold">VM and Guest Configuration</emphasis> + </para> + + <orderedlist> + + <listitem> + <para> + Power off the VM. + </para> + </listitem> + + <listitem> + <para> + Enable the debug options with the following + <command>VBoxManage</command> command: + </para> + +<screen>VBoxManage modifyvm "VM name" --paravirtdebug "enabled=1"</screen> + + <para> + The above command assumes your debugger will connect to + your host machine on UDP port 50000. However, if you need + to run the debugger on a remote machine you may specify + the remote address and port here. For example: + </para> + +<screen>VBoxManage modifyvm "VM name" --paravirtdebug "enabled=1,address=192.168.32.1,port=55000"</screen> + + <para> + See <xref linkend="gimdebughyperv" /> for the complete set + of options. + </para> + </listitem> + + <listitem> + <para> + Start the VM. + </para> + </listitem> + + <listitem> + <para> + In the guest, start an elevated command prompt and execute + the following commands: + </para> + + <itemizedlist> + + <listitem> + <para> + For a Windows 8 or newer Windows guest: + </para> + +<screen>bcdedit /dbgsettings net hostip:5.5.5.5 port:50000 key:1.2.3.4</screen> + </listitem> + + <listitem> + <para> + For a Windows 7 or Vista guest: + </para> + +<screen>bcdedit /set loadoptions host_ip=5.5.5.5,host_port=50000,encryption_key=1.2.3.4</screen> + +<screen>bcdedit /set dbgtransport kdvm.dll</screen> + + <para> + The IP address and port in the + <command>bcdedit</command> command are ignored when + using the Hyper-V debug transport. Any valid IP and a + port number greater than 49151 and lower than 65536 + can be entered. + </para> + + <para> + The encryption key in the <command>bcdedit</command> + command is relevant and must be valid. The key + "1.2.3.4" used in the above example is valid and may + be used if security is not a concern. If you do not + specify any encryption key, <command>bcdedit</command> + will generate one for you and you will need to copy + this key to later enter in Microsoft WinDbg on the + remote end. This encryption key is used to encrypt the + debug data exchanged between Windows and the debugger. + </para> + </listitem> + + <listitem> + <para> + Run one or more of the following commands to enable + debugging for the appropriate phase or component of + your Windows guest: + </para> + +<screen>bcdedit /set debug on</screen> + +<screen>bcdedit /set bootdebug on</screen> + +<screen>bcdedit /set {bootmgr} bootdebug on</screen> + + <para> + Please note that the <command>bootdebug</command> + options are only effective on Windows 8 or newer when + using the Hyper-V debug transport. Refer to Microsoft + Windows documentation for detailed explanation of + <command>bcdedit</command> options. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + Start Microsoft WinDbg on your host machine or remote + host. + </para> + + <para> + From the <emphasis role="bold">File</emphasis> menu, + select <emphasis role="bold">Kernel Debug</emphasis>. On + the <emphasis role="bold">NET</emphasis> tab, specify the + UDP port number you used in the + <computeroutput>paravirtdebug</computeroutput> options. If + you did not specify any, leave it as 50000. Ensure that + the UDP port is not blocked by a firewall or other + security software. + </para> + + <para> + In the <emphasis role="bold">Key</emphasis> field, enter + <computeroutput>1.2.3.4</computeroutput> or the encryption + key from the <computeroutput>bcdedit</computeroutput> + command in your Windows guest. + </para> + + <para> + Click <emphasis role="bold">OK</emphasis> to start + listening for connections. Microsoft WinDbg typically + shows a Waiting to Reconnect message during this phase. + </para> + + <para> + Alternatively, to directly start a debug session, run + WinDbg from the command line as follows : + </para> + +<screen>windbg.exe -k net:port=50000,key=1.2.3.4</screen> + + <para> + See the WinDbg documentation for the complete command line + syntax. + </para> + </listitem> + + <listitem> + <para> + Reboot your Windows guest and it should then connect as a + debuggee with Microsoft WinDbg. + </para> + </listitem> + + </orderedlist> + + </sect3> + + </sect2> + + </sect1> + + <sect1 id="pcspeaker_passthrough"> + + <title>PC Speaker Passthrough</title> + + <para> + As an experimental feature, primarily due to being limited to + Linux host only and unknown Linux distribution coverage, + &product-name; supports passing through the PC speaker to the + host. The PC speaker, sometimes called the system speaker, is a + way to produce audible feedback such as beeps without the need for + regular audio and sound card support. + </para> + + <para> + The PC speaker passthrough feature in &product-name; handles beeps + only. Advanced PC speaker use by the VM, such as PCM audio, will + not work, resulting in undefined host behavior. + </para> + + <para> + Producing beeps on Linux is a very complex topic. &product-name; + offers a collection of options, in an attempt to make this work + deterministically and reliably on as many Linux distributions and + system configurations as possible. These are summarized in the + following table. + </para> + + <table id="table-pcspeaker-config" tabstyle="oracle-all"> + <title>PC Speaker Configuration Options</title> + <tgroup cols="3"> + <thead> + <row> + <entry><para> + <emphasis role="bold">Code</emphasis> + </para></entry> + <entry><para> + <emphasis role="bold">Device</emphasis> + </para></entry> + <entry><para> + <emphasis role="bold">Notes</emphasis> + </para></entry> + </row> + </thead> + <tbody> + <row> + <entry><para> + 1 + </para></entry> + <entry><para> + <computeroutput>/dev/input/by-path/platform-pcspkr-event-spkr</computeroutput> + </para></entry> + <entry><para> + Direct host PC speaker use. + </para></entry> + </row> + <row> + <entry><para> + 2 + </para></entry> + <entry><computeroutput>/dev/tty</computeroutput></entry> + <entry><para> + Uses the terminal association of the VM process. VM + needs to be started on a virtual console. + </para></entry> + </row> + <row> + <entry><para> + 3 + </para></entry> + <entry><para> + <computeroutput>/dev/tty0</computeroutput> or + <computeroutput>/dev/vc/0</computeroutput> + </para></entry> + <entry><para> + Can only be used by user + <computeroutput>root</computeroutput> or users with + <computeroutput>cap_sys_tty_config</computeroutput> + capability. + </para></entry> + </row> + <row> + <entry><para> + 9 + </para></entry> + <entry><para> + A user-specified console or evdev device path. + </para></entry> + <entry><para> + As for codes 1 to 3, but with a custom device path. + </para></entry> + </row> + <row> + <entry><para> + 70 + </para></entry> + <entry><para> + <computeroutput>/dev/tty</computeroutput> + </para></entry> + <entry><para> + Standard beep only. Loses frequency and length. See code + 2. + </para></entry> + </row> + <row> + <entry><para> + 79 + </para></entry> + <entry><para> + A user-specified terminal device path. + </para></entry> + <entry><para> + As for code 70, but with a custom device path. + </para></entry> + </row> + <row> + <entry><para> + 100 + </para></entry> + <entry><para> + All of the above. + </para></entry> + <entry><para> + Tries all the available codes. + </para></entry> + </row> + </tbody> + </tgroup> + </table> + + <para> + To enable PC speaker passthrough use the following command: + </para> + +<screen>VBoxManage setextradata "VM name" "VBoxInternal/Devices/i8254/0/Config/PassthroughSpeaker" N</screen> + + <para> + Replace <computeroutput>N</computeroutput> with the code + representing the case you want to use. Changing this setting will + take effect when the VM is started next. It is safe to enable PC + speaker passthrough on all host OSes. It will only have an effect + on Linux. + </para> + + <para> + The VM log file, <computeroutput>VBox.log</computeroutput>, will + contain lines with the prefix <computeroutput>PIT: + speaker:</computeroutput> showing the PC speaker passthrough setup + activities. It gives hints which device it picked or why it + failed. + </para> + + <para> + Enabling PC speaker passthrough for the VM is usually the simple + part. The real difficulty is making sure that &product-name; can + access the necessary device, because in a typical Linux install + most of them can only be accessed by user + <computeroutput>root</computeroutput>. You should follow the + preferred way to persistently change this, such as by referring to + your distribution's documentation. Since there are countless Linux + distribution variants, we can only give the general hints that + there is often a way to give the X11 session user access to + additional devices, or you need to find a working solution using a + udev configuration file. If everything fails you might try setting + the permissions using a script which is run late enough in the + host system startup. + </para> + + <para> + Sometimes additional rules are applied by the kernel to limit + access. For example, that the VM process must have the same + controlling terminal as the device configured to be used for + beeping, something which is often very difficult to achieve for + GUI applications such as &product-name;. The table above contains + some hints, but in general refer to the Linux documentation. + </para> + + <para> + If you have trouble getting any beeps even if the device + permissions are set up and VBox.log confirms that it uses evdev or + console for the PC speaker control, check if your system has a PC + speaker. Some systems do not have one. Other complications can + arise from Linux rerouting the PC speaker output to a sound card. + Check if the beeps are audible if you connect speakers to your + sound card. Today almost all systems have one. Finally, check if + the audio mixer control has a channel named "beep", which could be + hidden in the mixer settings, and that it is not muted. + </para> + + </sect1> + + <sect1 id="usbip"> + + <title>Accessing USB devices Exposed Over the Network with USB/IP</title> + + <para> + &product-name; supports passing through USB devices which are + exposed over the network using the USB over IP protocol without + the need to configure the client side provided by the kernel and + usbip tools. Furthermore, this feature works with &product-name; + running on any supported host, rather than just Linux alone, as is + the case with the official client. + </para> + + <para> + To enable support for passing through USB/IP devices, the device + server exporting the devices must be added with the following + command: + </para> + +<screen>VBoxManage usbdevsource add "Unique name" --backend "USBIP" --address "Device server[:port]"</screen> + + <para> + USB devices exported on the device server are then accessible + through the GUI or <command>VBoxManage</command>, like any USB + devices attached locally. This can be used multiple times to + access different device servers. + </para> + + <para> + To remove a device server, the following command can be used: + </para> + +<screen>VBoxManage usbdevsource remove "Unique name"</screen> + + <sect2 id="usbip-setup-server"> + + <title>Setting up USB/IP Support on a Linux System</title> + + <para> + This section gives a brief overview on how to set up a Linux + based system to act as a USB device server. The system on the + server requires that the + <computeroutput>usbip-core.ko</computeroutput> and + <computeroutput>usbip-host.ko</computeroutput> kernel drivers + are available, and that the USB/IP tools package is installed. + The particular installation method for the necessary tools + depends on which distribution is used. For example, for Debian + based systems, the following command should be used to install + the required tools: + </para> + +<screen>apt-get install usbip-utils</screen> + + <para> + To check whether the necessary tools are already installed use + the following command: + </para> + +<screen> +$ usbip list -l + </screen> + + <para> + This should produce output similar to that shown in the example + below: + </para> + +<screen> + - busid 4-2 (0bda:0301) + Realtek Semiconductor Corp. : multicard reader (0bda:0301) + + - busid 5-1 (046d:c52b) + Logitech, Inc. : Unifying Receiver (046d:c52b) + </screen> + + <para> + If everything is installed, the USB/IP server needs to be + started as <computeroutput>root</computeroutput> using the + following command: + </para> + +<screen>usbipd -D</screen> + + <para> + Refer to the documentation for the installed distribution to + determine how to start the service when the system boots. + </para> + + <para> + By default, no device on the server is exported. This must be + done manually for each device. To export a device use the + following command: + </para> + +<screen>usbip bind -b "bus identifier"</screen> + + <para> + To export the multicard reader in the previous example: + </para> + +<screen>usbip bind -b 4-2</screen> + + </sect2> + + <sect2 id="usbip-security"> + + <title>Security Considerations</title> + + <para> + The communication between the server and client is unencrypted + and there is no authorization required to access exported + devices. An attacker might sniff sensitive data or gain control + over a device. To mitigate this risk, the device should be + exposed over a local network to which only trusted clients have + access. To access the device remotely over a public network, a + VPN solution should be used to provide the required level of + security protection. + </para> + + </sect2> + + </sect1> + + <sect1 id="hyperv-support"> + + <title>Using Hyper-V with &product-name;</title> + + <para> + &product-name; can be used on a Windows host where Hyper-V is + running. This is an experimental feature. + </para> + + <para> + No configuration is required. &product-name; detects Hyper-V + automatically and uses Hyper-V as the virtualization engine for + the host system. The CPU icon in the VM window status bar + indicates that Hyper-V is being used. + </para> + + <note> + <para> + When using this feature, you might experience significant + &product-name; performance degradation on some host systems. + </para> + </note> + + </sect1> + + <sect1 id="nested-virt"> + + <title>Nested Virtualization</title> + + <para> + &product-name; supports <emphasis>nested virtualization</emphasis> + on host systems that run AMD CPUs. This feature enables the + passthrough of hardware virtualization functions to the guest VM. + That means that you can install a hypervisor, such as + &product-name;, Oracle VM Server or KVM, on an &product-name; + guest. You can then create and run VMs within the guest VM. + </para> + + <para> + You can enable the nested virtualization feature in one of the + following ways: + </para> + + <itemizedlist> + + <listitem> + <para> + From the VirtualBox Manager, select the + <emphasis role="bold">Enable Nested VT-x/AMD-V</emphasis> + check box on the <emphasis role="bold">Processor</emphasis> + tab. To disable the feature, deselect the check box. + </para> + </listitem> + + <listitem> + <para> + Use the <option>--nested-hw-virt</option> option of the + <command>VBoxManage modifyvm</command> command to enable or + disable nested virtualization. See + <xref linkend="vboxmanage-modifyvm"/>. + </para> + </listitem> + + </itemizedlist> + + </sect1> + + <xi:include href="user_isomakercmd-man.xml" xpointer="element(/1)" xmlns:xi="http://www.w3.org/2001/XInclude" /> + +</chapter> diff --git a/doc/manual/en_US/user_BasicConcepts.xml b/doc/manual/en_US/user_BasicConcepts.xml new file mode 100644 index 00000000..4667f112 --- /dev/null +++ b/doc/manual/en_US/user_BasicConcepts.xml @@ -0,0 +1,3238 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" +"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"[ +<!ENTITY % all.entities SYSTEM "all-entities.ent"> +%all.entities; +]> +<chapter id="BasicConcepts"> + + <title>Configuring Virtual Machines</title> + + <para> + This chapter provides detailed steps for configuring an + &product-name; virtual machine (VM). For an introduction to + &product-name; and steps to get your first virtual machine running, + see <xref linkend="Introduction" />. + </para> + + <para> + You have considerable latitude when deciding what virtual hardware + to provide to the guest. Use virtual hardware to communicate with + the host system or with other guests. For example, you can use + virtual hardware in the following ways: + </para> + + <itemizedlist> + + <listitem> + <para> + Have &product-name; present an ISO CD-ROM image to a guest + system as if it were a physical CD-ROM. + </para> + </listitem> + + <listitem> + <para> + Provide a guest system access to the physical network through + its virtual network card. + </para> + </listitem> + + <listitem> + <para> + Provide the host system, other guests, and computers on the + Internet access to the guest system. + </para> + </listitem> + + </itemizedlist> + + <sect1 id="guestossupport"> + + <title>Supported Guest Operating Systems</title> + + <para> + Because &product-name; is designed to provide a generic + virtualization environment for x86 systems, it can run operating + systems (OSes) of any kind. However, &product-name; focuses on the + following guest systems: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Windows NT 4.0:</emphasis> + </para> + + <itemizedlist> + + <listitem> + <para> + Fully supports all versions, editions, and service packs. + Note that you might encounter issues with some older + service packs, so install at least service pack 6a. + </para> + </listitem> + + <listitem> + <para> + Guest Additions are available with a limited feature set. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Windows 2000, Windows XP, Windows Server + 2003, Windows Vista, Windows Server 2008, Windows 7, Windows + Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, + Windows Server 2012 R2, Windows 10 (non-Insider Preview + releases), Windows Server 2016, Windows Server + 2019:</emphasis> + </para> + + <itemizedlist> + + <listitem> + <para> + Fully supports all versions, editions, and service packs, + including 64-bit versions. + </para> + </listitem> + + <listitem> + <para> + Note that you must enable hardware virtualization when + running at least Windows 8. + </para> + </listitem> + + <listitem> + <para> + Guest Additions are available. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + <emphasis role="bold">MS-DOS, Windows 3.x, Windows 95, Windows + 98, Windows ME:</emphasis> + </para> + + <itemizedlist> + + <listitem> + <para> + Limited testing has been performed. + </para> + </listitem> + + <listitem> + <para> + Use beyond legacy installation mechanisms is not + recommended. + </para> + </listitem> + + <listitem> + <para> + Guest Additions are not available. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Linux 2.4:</emphasis> + </para> + + <para> + Limited support. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Linux 2.6:</emphasis> + </para> + + <itemizedlist> + + <listitem> + <para> + Fully supports all versions and editions, both 32-bit and + 64-bit. + </para> + </listitem> + + <listitem> + <para> + For best performance, use at least Linux kernel version + 2.6.13. + </para> + </listitem> + + <listitem> + <para> + Guest Additions are available. + </para> + </listitem> + + </itemizedlist> + + <note> + <para> + Certain Linux kernel releases have bugs that prevent them + from executing in a virtual environment. See + <xref linkend="ts_linux-buggy" />. + </para> + </note> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Linux 3.x and later:</emphasis> + </para> + + <itemizedlist> + + <listitem> + <para> + Fully supports all versions and editions, both 32-bit and + 64-bit. + </para> + </listitem> + + <listitem> + <para> + Guest Additions are available. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + <emphasis role="bold"> Oracle Solaris 10 and Oracle Solaris + 11:</emphasis> + </para> + + <itemizedlist> + + <listitem> + <para> + Fully supports all versions starting with Oracle Solaris + 10 8/08 and Oracle Solaris 11. + </para> + </listitem> + + <listitem> + <para> + Supports 64-bit prior to Oracle Solaris 11 11/11, and + 32-bit. + </para> + </listitem> + + <listitem> + <para> + Guest Additions are available. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + <emphasis role="bold">FreeBSD:</emphasis> + </para> + + <itemizedlist> + + <listitem> + <para> + Limited support. + </para> + </listitem> + + <listitem> + <para> + Note that you must enable hardware virtualization when + running FreeBSD. + </para> + </listitem> + + <listitem> + <para> + Guest Additions are not available. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + <emphasis role="bold"> OpenBSD:</emphasis> + </para> + + <itemizedlist> + + <listitem> + <para> + Supports at least version 3.7. + </para> + </listitem> + + <listitem> + <para> + Note that you must enable hardware virtualization when + running OpenBSD. + </para> + </listitem> + + <listitem> + <para> + Guest Additions are not available. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + <emphasis role="bold">OS/2 Warp 4.5:</emphasis> + </para> + + <itemizedlist> + + <listitem> + <para> + Only MCP2 is supported. Other OS/2 versions might not + work. + </para> + </listitem> + + <listitem> + <para> + Note that you must enable hardware virtualization when + running OS/2 Warp 4.5. + </para> + </listitem> + + <listitem> + <para> + Guest Additions are available with a limited feature set. + See <xref linkend="KnownIssues" />. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Mac OS X:</emphasis> + </para> + + <itemizedlist> + + <listitem> + <para> + &product-name; 3.2 added experimental support for Mac OS X + guests, with restrictions. See + <xref linkend="intro-macosxguests"/> and + <xref linkend="KnownIssues" />. + </para> + </listitem> + + <listitem> + <para> + Guest Additions are not available. + </para> + </listitem> + + </itemizedlist> + </listitem> + + </itemizedlist> + + <sect2 id="intro-macosxguests"> + + <title>Mac OS X Guests</title> + + <para> + &product-name; enables you to install and execute unmodified + versions of Mac OS X guests on supported host hardware. Note + that this feature is experimental and thus unsupported. + </para> + + <para> + &product-name; is the first product to provide the modern PC + architecture expected by OS X without requiring any of the + modifications used by competing virtualization solutions. For + example, some competing solutions perform modifications to the + Mac OS X install DVDs, such as a different boot loader and + replaced files. + </para> + + <para> + Be aware of the following important issues before you attempt to + install a Mac OS X guest: + </para> + + <itemizedlist> + + <listitem> + <para> + Mac OS X is commercial, licensed software and contains + <emphasis role="bold">both license and technical + restrictions</emphasis> that limit its use to certain + hardware and usage scenarios. You must understand and comply + with these restrictions. + </para> + + <para> + In particular, Apple prohibits the installation of most + versions of Mac OS X on non-Apple hardware. + </para> + + <para> + These license restrictions are also enforced on a technical + level. Mac OS X verifies that it is running on Apple + hardware. Most DVDs that accompany Apple hardware check for + the exact model. These restrictions are + <emphasis>not</emphasis> circumvented by &product-name; and + continue to apply. + </para> + </listitem> + + <listitem> + <para> + Only <emphasis role="bold">CPUs</emphasis> that are known + and tested by Apple are supported. As a result, if your + Intel CPU is newer than the Mac OS X build, or if you have a + non-Intel CPU, you will likely encounter a panic during + bootup with an "Unsupported CPU" exception. + </para> + + <para> + Ensure that you use the Mac OS X DVD that comes with your + Apple hardware. + </para> + </listitem> + + <listitem> + <para> + The Mac OS X installer expects the hard disk to be + <emphasis>partitioned</emphasis>. So, the installer will not + offer a partition selection to you. Before you can install + the software successfully, start the Disk Utility from the + Tools menu and partition the hard disk. Close the Disk + Utility and proceed with the installation. + </para> + </listitem> + + <listitem> + <para> + In addition, Mac OS X support in &product-name; is an + experimental feature. See <xref linkend="KnownIssues" />. + </para> + </listitem> + + </itemizedlist> + + </sect2> + + <sect2 id="intro-64bitguests"> + + <title>64-bit Guests</title> + + <para> + &product-name; enables you to run 64-bit guest OSes even on a + 32-bit host OS. To run a 64-bit guest OS on a 32-bit host + system, ensure that you meet the following conditions: + </para> + + <itemizedlist> + + <listitem> + <para> + You need a 64-bit processor that has hardware virtualization + support. See <xref linkend="hwvirt" />. + </para> + </listitem> + + <listitem> + <para> + You must enable hardware virtualization for the particular + VM that requires 64-bit support. Software virtualization is + not supported for 64-bit VMs. + </para> + </listitem> + + <listitem> + <para> + To use 64-bit guest support on a 32-bit host OS, you must + select a 64-bit OS for the particular VM. Since supporting + 64 bits on 32-bit hosts incurs additional overhead, + &product-name; only enables this support only upon explicit + request. + </para> + + <para> + 64-bit hosts typically come with hardware virtualization + support. So, you can install a 64-bit guest OS in the guest + regardless of the settings. + </para> + </listitem> + + </itemizedlist> + + <warning> + <para> + Be sure to enable <emphasis role="bold">I/O APIC</emphasis> + for virtual machines that you intend to use in 64-bit mode. + This is especially true for 64-bit Windows VMs. See + <xref linkend="settings-general-advanced" />. For 64-bit + Windows guests, ensure that the VM uses the + <emphasis role="bold">Intel networking device</emphasis> + because there is no 64-bit driver support for the AMD PCNet + card. See <xref linkend="nichardware" />. + </para> + </warning> + + <para> + If you use the <emphasis role="bold">Create VM</emphasis> wizard + of the &product-name; graphical user interface (GUI), + &product-name; automatically uses the correct settings for each + selected 64-bit OS type. See <xref linkend="gui-createvm" />. + </para> + + </sect2> + + </sect1> + + <sect1 id="basic-unattended"> + + <title>Unattended Guest Installation</title> + + <para> + &product-name; can install a guest OS automatically. You only need + to provide the installation medium and a few other parameters, + such as the name of the default user. + </para> + + <para> + Performing an unattended guest installation involves the following + steps: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Create a new VM.</emphasis> Use one of + the following methods: + </para> + + <itemizedlist> + + <listitem> + <para> + The VirtualBox Manager, see + <xref linkend="gui-createvm" />. + </para> + </listitem> + + <listitem> + <para> + The <command>VBoxManage createvm</command> command, see + <xref linkend="vboxmanage-createvm" />. + </para> + </listitem> + + </itemizedlist> + + <para> + For the new VM, choose the guest OS type and accept the + default settings for that OS. The following sections in this + chapter describe how to change the settings for a VM. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Prepare the VM for unattended guest + installation.</emphasis> Use the <command>VBoxManage + unattended</command> command, see + <xref linkend="vboxmanage-unattended" />. + </para> + + <para> + During this step, &product-name; scans the installation medium + and changes certain parameters to ensure a seamless + installation as a guest running on &product-name;. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Start the VM.</emphasis> Use the + VirtualBox Manager or the <command>VBoxManage + startvm</command> command. + </para> + + <para> + When you start the VM, the unattended installation is + performed automatically. + </para> + + <para> + The installation operation changes the boot device order to + boot the virtual hard disk first and then the virtual DVD + drive. If the virtual hard disk is empty prior to the + automatic installation, the VM boots from the virtual DVD + drive and begins the installation. + </para> + + <para> + If the virtual hard disk contains a bootable OS, the + installation operation exits. In this case, change the boot + device order manually by pressing F12 during the BIOS splash + screen. + </para> + </listitem> + + </itemizedlist> + + <para> + <xref linkend="unattended-guest-install-example"/> describes how + to perform an unattended guest installation for an Oracle Linux + guest. + </para> + + <sect2 id="unattended-guest-install-example"> + + <title>An Example of Unattended Guest Installation</title> + + <para> + The following example shows how to perform an unattended guest + installation for an Oracle Linux VM. The example uses various + <command>VBoxManage</command> commands to prepare the guest VM. + The <command>VBoxManage unattended install</command> command is + then used to install and configure the guest OS. + </para> + + <orderedlist> + + <listitem> + <para> + Create the virtual machine. + </para> + +<screen># VM="ol7-autoinstall" +# VBoxManage list ostypes +# VBoxManage createvm --name $VM --ostype "Oracle_64" --register</screen> + + <para> + Note the following: + </para> + + <itemizedlist> + + <listitem> + <para> + The $VM variable represents the name of the VM. + </para> + </listitem> + + <listitem> + <para> + The <command>VBoxManage list ostypes</command> command + lists the guest OSes supported by &product-name;, + including the name used for each OS in the + <command>VBoxManage</command> commands. + </para> + </listitem> + + <listitem> + <para> + A 64-bit Oracle Linux 7 VM is created and registered + with &product-name;. + </para> + </listitem> + + <listitem> + <para> + The VM has a unique UUID. + </para> + </listitem> + + <listitem> + <para> + An XML settings file is generated. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + Create a virtual hard disk and storage devices for the VM. + </para> + +<screen># VBoxManage createhd --filename /VirtualBox/$VM/$VM.vdi --size 32768 +# VBoxManage storagectl $VM --name "SATA Controller" --add sata --controller IntelAHCI +# VBoxManage storageattach $VM --storagectl "SATA Controller" --port 0 --device 0 \ +--type hdd --medium /VirtualBox/$VM/$VM.vdi +# VBoxManage storagectl $VM --name "IDE Controller" --add ide +# VBoxManage storageattach $VM --storagectl "IDE Controller" --port 0 --device 0 \ +--type dvddrive --medium /u01/Software/OL/OracleLinux-R7-U6-Server-x86_64-dvd.iso</screen> + + <para> + The previous commands do the following: + </para> + + <itemizedlist> + + <listitem> + <para> + Create a 32768 MB virtual hard disk. + </para> + </listitem> + + <listitem> + <para> + Create a SATA storage controller and attach the virtual + hard disk. + </para> + </listitem> + + <listitem> + <para> + Create an IDE storage controller for a virtual DVD drive + and attach an Oracle Linux installation ISO. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + (Optional) Configure some settings for the VM. + </para> + +<screen># VBoxManage modifyvm $VM --ioapic on +# VBoxManage modifyvm $VM --boot1 dvd --boot2 disk --boot3 none --boot4 none +# VBoxManage modifyvm $VM --memory 8192 --vram 128</screen> + + <para> + The previous commands do the following: + </para> + + <itemizedlist> + + <listitem> + <para> + Enable I/O APIC for the motherboard of the VM. + </para> + </listitem> + + <listitem> + <para> + Configure the boot device order for the VM. + </para> + </listitem> + + <listitem> + <para> + Allocate 8192 MB of RAM and 128 MB of video RAM to the + VM. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + Perform an unattended install of the OS. + </para> + +<screen># VBoxManage unattended install $VM \ +--iso=/u01/Software/OL/OracleLinux-R7-U6-Server-x86_64-dvd.iso \ +--user=<replaceable>login</replaceable> --full-user-name=<replaceable>name</replaceable> --password <replaceable>password</replaceable> \ +--install-additions --time-zone=CET</screen> + + <para> + The previous command does the following: + </para> + + <itemizedlist> + + <listitem> + <para> + Specifies an Oracle Linux ISO as the installation ISO. + </para> + </listitem> + + <listitem> + <para> + Specifies a login name, full name, and login password + for a default user on the guest OS. + </para> + + <para> + Note that the specified password is also used for the + root user account on the guest. + </para> + </listitem> + + <listitem> + <para> + Installs the Guest Additions on the VM. + </para> + </listitem> + + <listitem> + <para> + Sets the time zone for the guest OS to Central European + Time (CET). + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + Start the virtual machine. + </para> + + <para> + This step completes the unattended installation process. + </para> + +<screen># VBoxManage startvm $VM --type headless</screen> + + <para> + The VM starts in headless mode, which means that the + VirtualBox Manager window does not open. + </para> + </listitem> + + <listitem> + <para> + (Optional) Update the guest OS to use the latest Oracle + Linux packages. + </para> + + <para> + On the guest VM, run the following command: + </para> + +<screen># yum update</screen> + </listitem> + + </orderedlist> + + </sect2> + + </sect1> + + <sect1 id="emul-hardware"> + + <title>Emulated Hardware</title> + + <para> + &product-name; virtualizes nearly all hardware of the host. + Depending on a VM's configuration, the guest will see the + following virtual hardware: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Input devices.</emphasis> By default, + &product-name; emulates a standard PS/2 keyboard and mouse. + These devices are supported by almost all past and present + OSes. + </para> + + <para> + In addition, &product-name; can provide virtual USB input + devices to avoid having to capture mouse and keyboard, as + described in <xref + linkend="keyb_mouse_normal" />. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Graphics.</emphasis> The &product-name; + graphics device, sometimes referred to as a VGA device, is not + based on any physical counterpart. This is unlike nearly all + other emulated devices. It is a simple, synthetic device which + provides compatibility with standard VGA and several extended + registers used by the VESA BIOS Extensions (VBE). + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Storage.</emphasis> &product-name; + currently emulates the standard ATA interface found on Intel + PIIX3/PIIX4 chips, the SATA (AHCI) interface, and two SCSI + adapters (LSI Logic and BusLogic). See + <xref linkend="harddiskcontrollers" /> for details. Whereas + providing one of these would be enough for &product-name; by + itself, this multitude of storage adapters is required for + compatibility with other hypervisors. Windows is particularly + picky about its boot devices, and migrating VMs between + hypervisors is very difficult or impossible if the storage + controllers are different. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Networking.</emphasis> See + <xref + linkend="nichardware" />. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">USB.</emphasis> &product-name; emulates + three USB host controllers: xHCI, EHCI, and OHCI. While xHCI + handles all USB transfer speeds, only guest OSes released + approximately after 2011 support xHCI. Note that for Windows 7 + guests, 3rd party drivers must be installed for xHCI support. + </para> + + <para> + Older OSes typically support OHCI and EHCI. The two + controllers are needed because OHCI only handles USB low-speed + and full-speed devices (both USB 1.x and 2.0), while EHCI only + handles high-speed devices (USB 2.0 only). + </para> + + <para> + The emulated USB controllers do not communicate directly with + devices on the host but rather with a virtual USB layer which + abstracts the USB protocol and enables the use of remote USB + devices. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Audio.</emphasis> See + <xref linkend="settings-audio" />. + </para> + </listitem> + + </itemizedlist> + + </sect1> + + <sect1 id="generalsettings"> + + <title>General Settings</title> + + <para> + In the <emphasis role="bold">Settings</emphasis> window, under + <emphasis role="bold">General</emphasis>, you can configure the + most fundamental aspects of the virtual machine such as memory and + essential hardware. The following tabs are available. + </para> + + <sect2 id="settings-basic"> + + <title>Basic Tab</title> + + <para> + In the <emphasis role="bold">Basic</emphasis> tab of the + <emphasis role="bold">General</emphasis> settings category, you + can find these settings: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Name:</emphasis> The name under which + the VM is shown in the list of VMs in the main window. Under + this name, &product-name; also saves the VM's configuration + files. By changing the name, &product-name; renames these + files as well. As a result, you can only use characters + which are allowed in your host OS's file names. + </para> + + <para> + Note that internally, &product-name; uses unique identifiers + (UUIDs) to identify virtual machines. You can display these + with <command>VBoxManage</command>. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Type:</emphasis> The type of the guest + OS for the VM. This is the same setting that is specified in + the <emphasis role="bold">New Virtual Machine</emphasis> + wizard. See <xref linkend="gui-createvm" />. + </para> + + <para> + Whereas the default settings of a newly created VM depend on + the selected OS type, changing the type later has no effect + on VM settings. This value is purely informational and + decorative. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Version:</emphasis> The version of the + guest OS for the VM. This is the same setting that is + specified in the <emphasis role="bold">New Virtual + Machine</emphasis> wizard. See + <xref linkend="gui-createvm" />. + </para> + </listitem> + + </itemizedlist> + + </sect2> + + <sect2 id="settings-general-advanced"> + + <title>Advanced Tab</title> + + <para> + The following settings are available in the + <emphasis role="bold">Advanced</emphasis> tab: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Snapshot Folder:</emphasis> By + default, &product-name; saves snapshot data together with + your other &product-name; configuration data. See + <xref linkend="vboxconfigdata" />. With this setting, you + can specify any other folder for each VM. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Shared Clipboard:</emphasis> You can + select here whether the clipboard of the guest OS should be + shared with that of your host. If you select + <emphasis role="bold">Bidirectional</emphasis>, then + &product-name; will always make sure that both clipboards + contain the same data. If you select + <emphasis role="bold">Host to Guest</emphasis> or + <emphasis role="bold">Guest to Host</emphasis>, then + &product-name; will only ever copy clipboard data in one + direction. + </para> + + <para> + Clipboard sharing requires that the &product-name; Guest + Additions be installed. In such a case, this setting has no + effect. See <xref linkend="guestadditions" />. + </para> + + <para> + For security reasons, the shared clipboard is disabled by + default. This setting can be changed at any time using the + <emphasis role="bold">Shared Clipboard</emphasis> menu item + in the <emphasis role="bold">Devices</emphasis> menu of the + virtual machine. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Drag and Drop:</emphasis> This setting + enables support for drag and drop. Select an object, such as + a file, from the host or guest and directly copy or open it + on the guest or host. Multiple per-VM drag and drop modes + allow restricting access in either direction. + </para> + + <para> + For drag and drop to work the Guest Additions need to be + installed on the guest. + </para> + + <note> + <para> + Drag and drop is disabled by default. This setting can be + changed at any time using the <emphasis role="bold">Drag + and Drop</emphasis> menu item in the + <emphasis role="bold">Devices</emphasis> menu of the + virtual machine. + </para> + </note> + + <para> + See <xref linkend="guestadd-dnd"/>. + </para> + </listitem> + + </itemizedlist> + + </sect2> + + <sect2 id="settings-description"> + + <title>Description Tab</title> + + <para> + On the <emphasis role="bold">Description</emphasis> tab you can + enter a description for your virtual machine. This has no effect + on the functionality of the machine, but you may find this space + useful to note down things such as the configuration of a + virtual machine and the software that has been installed into + it. + </para> + + <para> + To insert a line break into the + <emphasis role="bold">Description</emphasis> text field, press + Shift+Enter. + </para> + + </sect2> + + <sect2 id="settings-disk-encryption"> + + <title>Disk Encryption Tab</title> + + <para> + The <emphasis role="bold">Disk Encryption</emphasis> tab enables + you to encrypt disks that are attached to the virtual machine. + </para> + + <para> + To enable disk encryption, select the + <emphasis role="bold">Enable Disk Encryption</emphasis> check + box. + </para> + + <para> + Settings are available to configure the cipher used for + encryption and the encryption password. + </para> + + </sect2> + + </sect1> + + <sect1 id="settings-system"> + + <title>System Settings</title> + + <para> + The <emphasis role="bold">System</emphasis> category groups + various settings that are related to the basic hardware that is + presented to the virtual machine. + </para> + + <note> + <para> + As the activation mechanism of Microsoft Windows is sensitive to + hardware changes, if you are changing hardware settings for a + Windows guest, some of these changes may trigger a request for + another activation with Microsoft. + </para> + </note> + + <para> + The following tabs are available. + </para> + + <sect2 id="settings-motherboard"> + + <title>Motherboard Tab</title> + + <para> + On the <emphasis role="bold">Motherboard</emphasis> tab, you can + configure virtual hardware that would normally be on the + motherboard of a real computer. + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Base Memory:</emphasis> Sets the + amount of RAM that is allocated and given to the VM when it + is running. The specified amount of memory will be requested + from the host OS, so it must be available or made available + as free memory on the host when attempting to start the VM + and will not be available to the host while the VM is + running. This is the same setting that was specified in the + <emphasis role="bold">New Virtual Machine</emphasis> wizard, + as described in <xref linkend="gui-createvm" />. + </para> + + <para> + Generally, it is possible to change the memory size after + installing the guest OS. But you must not reduce the memory + to an amount where the OS would no longer boot. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Boot Order:</emphasis> Determines the + order in which the guest OS will attempt to boot from the + various virtual boot devices. Analogous to a real PC's BIOS + setting, &product-name; can tell a guest OS to start from + the virtual floppy, the virtual CD/DVD drive, the virtual + hard drive (each of these as defined by the other VM + settings), the network, or none of these. + </para> + + <para> + If you select <emphasis role="bold">Network</emphasis>, the + VM will attempt to boot from a network using the PXE + mechanism. This needs to be configured in detail on the + command line. See <xref linkend="vboxmanage-modifyvm" />. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Chipset:</emphasis> You can select + which chipset will be presented to the virtual machine. In + legacy versions of &product-name;, PIIX3 was the only + available option. For modern guest OSes such as Mac OS X, + that old chipset is no longer well supported. As a result, + &product-name; supports an emulation of the more modern ICH9 + chipset, which supports PCI express, three PCI buses, + PCI-to-PCI bridges and Message Signaled Interrupts (MSI). + This enables modern OSes to address more PCI devices and no + longer requires IRQ sharing. Using the ICH9 chipset it is + also possible to configure up to 36 network cards, up to 8 + network adapters with PIIX3. Note that the ICH9 support is + experimental and not recommended for guest OSes which do not + require it. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Pointing Device:</emphasis> The + default virtual pointing devices for older guests is the + traditional PS/2 mouse. If set to <emphasis>USB + tablet</emphasis>, &product-name; reports to the virtual + machine that a USB tablet device is present and communicates + mouse events to the virtual machine through this device. The + third setting is a <emphasis>USB Multi-Touch + Tablet</emphasis> which is suited for recent Windows guests. + </para> + + <para> + Using the virtual USB tablet has the advantage that + movements are reported in absolute coordinates, instead of + as relative position changes. This enables &product-name; to + translate mouse events over the VM window into tablet events + without having to "capture" the mouse in the guest as + described in <xref linkend="keyb_mouse_normal" />. This + makes using the VM less tedious even if Guest Additions are + not installed. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Enable I/O APIC:</emphasis> Advanced + Programmable Interrupt Controllers (APICs) are a newer x86 + hardware feature that have replaced old-style Programmable + Interrupt Controllers (PICs) in recent years. With an I/O + APIC, OSes can use more than 16 interrupt requests (IRQs) + and therefore avoid IRQ sharing for improved reliability. + </para> + + <note> + <para> + Enabling the I/O APIC is <emphasis>required</emphasis> for + 64-bit guest OSes, especially Windows Vista. It is also + required if you want to use more than one virtual CPU in a + virtual machine. + </para> + </note> + + <para> + However, software support for I/O APICs has been unreliable + with some OSes other than Windows. Also, the use of an I/O + APIC slightly increases the overhead of virtualization and + therefore slows down the guest OS a little. + </para> + + <warning> + <para> + All Windows OSes starting with Windows 2000 install + different kernels, depending on whether an I/O APIC is + available. As with ACPI, the I/O APIC therefore + <emphasis>must not be turned off after + installation</emphasis> of a Windows guest OS. Turning it + on after installation will have no effect however. + </para> + </warning> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Enable EFI:</emphasis> Enables + Extensible Firmware Interface (EFI), which replaces the + legacy BIOS and may be useful for certain advanced use + cases. See <xref linkend="efi" />. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Hardware Clock in UTC Time:</emphasis> + If selected, &product-name; will report the system time in + UTC format to the guest instead of the local (host) time. + This affects how the virtual real-time clock (RTC) operates + and may be useful for UNIX-like guest OSes, which typically + expect the hardware clock to be set to UTC. + </para> + </listitem> + + </itemizedlist> + + <para> + In addition, you can turn off the <emphasis role="bold">Advanced + Configuration and Power Interface (ACPI)</emphasis> which + &product-name; presents to the guest OS by default. + </para> + + <para> + ACPI is the current industry standard to allow OSes to recognize + hardware, configure motherboards and other devices and manage + power. As all modern PCs contain this feature and Windows and + Linux have been supporting it for years, it is also enabled by + default in &product-name;. ACPI can only be turned off using the + command line. See <xref linkend="vboxmanage-modifyvm" />. + </para> + + <warning> + <para> + All Windows OSes starting with Windows 2000 install different + kernels, depending on whether ACPI is available. This means + that ACPI <emphasis>must not be turned off</emphasis> after + installation of a Windows guest OS. However, turning it on + after installation will have no effect. + </para> + </warning> + + </sect2> + + <sect2 id="settings-processor"> + + <title>Processor Tab</title> + + <para> + On the <emphasis role="bold">Processor</emphasis> tab, you can + configure settings for the CPU used by the virtual machine. + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Processor(s):</emphasis> Sets the + number of virtual CPU cores the guest OSes can see. + &product-name; supports symmetrical multiprocessing (SMP) + and can present up to 32 virtual CPU cores to each virtual + machine. + </para> + + <para> + You should not configure virtual machines to use more CPU + cores than are available physically. This includes real + cores, with no hyperthreads. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Execution Cap:</emphasis> Configures + the CPU execution cap. This limits the amount of time a host + CPU spends to emulate a virtual CPU. The default setting is + 100%, meaning that there is no limitation. A setting of 50% + implies a single virtual CPU can use up to 50% of a single + host CPU. Note that limiting the execution time of the + virtual CPUs may cause guest timing problems. + </para> + + <para> + A warning is displayed at the bottom of the Processor tab if + an Execution Cap setting is made that may affect system + performance. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Enable PAE/NX:</emphasis> Determines + whether the PAE and NX capabilities of the host CPU will be + exposed to the virtual machine. + </para> + + <para> + PAE stands for Physical Address Extension. Normally, if + enabled and supported by the OS, then even a 32-bit x86 CPU + can access more than 4 GB of RAM. This is made possible by + adding another 4 bits to memory addresses, so that with 36 + bits, up to 64 GB can be addressed. Some OSes, such as + Ubuntu Server, require PAE support from the CPU and cannot + be run in a virtual machine without it. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Enable Nested VT-x/AMD-V</emphasis>: + Enables nested virtualization, with passthrough of hardware + virtualization functions to the guest VM. + </para> + + <para> + This feature is available on host systems that use an AMD + CPU. For Intel CPUs, the option is grayed out. + </para> + </listitem> + + </itemizedlist> + + <para> + With virtual machines running modern server OSes, &product-name; + also supports CPU hot-plugging. For details, see + <xref linkend="cpuhotplug" />. + </para> + + </sect2> + + <sect2 id="settings-acceleration"> + + <title>Acceleration Tab</title> + + <para> + On this tab, you can configure &product-name; to use hardware + virtualization extensions that your host CPU supports. + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Paravirtualization + Interface:</emphasis> &product-name; provides + paravirtualization interfaces to improve time-keeping + accuracy and performance of guest OSes. The options + available are documented under the + <computeroutput>paravirtprovider</computeroutput> option in + <xref linkend="vboxmanage-modifyvm" />. For further details + on the paravirtualization providers, see + <xref linkend="gimproviders" />. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Hardware Virtualization:</emphasis> + You can select for each virtual machine individually whether + &product-name; should use software or hardware + virtualization. + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Enable VT-x/AMD-V:</emphasis> + Enables Intel VT-x and AMD-V hardware extensions if the + host CPU supports them. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Enable Nested Paging:</emphasis> + If the host CPU supports the nested paging (AMD-V) or + EPT (Intel VT-x) features, then you can expect a + significant performance increase by enabling nested + paging in addition to hardware virtualization. For + technical details, see <xref linkend="nestedpaging" />. + For Intel EPT security recommendations, see + <xref linkend="sec-rec-cve-2018-3646" />. + </para> + </listitem> + + </itemizedlist> + + <para> + Advanced users may be interested in technical details about + software versus hardware virtualization. See + <xref linkend="hwvirt" />. + </para> + </listitem> + + </itemizedlist> + + <para> + In most cases, the default settings on the + <emphasis role="bold">Acceleration</emphasis> tab will work + well. &product-name; selects sensible defaults, depending on the + OS that you selected when you created the virtual machine. In + certain situations, however, you may want to change the + preconfigured defaults. + </para> + + </sect2> + + </sect1> + + <sect1 id="settings-display"> + + <title>Display Settings</title> + + <para> + The following tabs are available for configuring the display for a + virtual machine. + </para> + + <sect2 id="settings-screen"> + + <title>Screen Tab</title> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Video Memory:</emphasis> Sets the size + of the memory provided by the virtual graphics card + available to the guest, in MB. As with the main memory, the + specified amount will be allocated from the host's resident + memory. Based on the amount of video memory, higher + resolutions and color depths may be available. + </para> + + <para> + The GUI will show a warning if the amount of video memory is + too small to be able to switch the VM into full screen mode. + The minimum value depends on the number of virtual monitors, + the screen resolution and the color depth of the host + display as well as on the use of <emphasis>3D + acceleration</emphasis> and <emphasis>2D video + acceleration</emphasis>. A rough estimate is + (<emphasis>color depth</emphasis> / 8) x <emphasis>vertical + pixels</emphasis> x <emphasis>horizontal pixels</emphasis> x + <emphasis>number of screens</emphasis> = <emphasis>number of + bytes</emphasis>. Extra memory may be required if display + acceleration is used. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Monitor Count:</emphasis> With this + setting, &product-name; can provide more than one virtual + monitor to a virtual machine. If a guest OS supports + multiple attached monitors, &product-name; can pretend that + multiple virtual monitors are present. Up to eight such + virtual monitors are supported. + </para> + + <para> + The output of the multiple monitors are displayed on the + host in multiple VM windows which are running side by side. + However, in full screen and seamless mode, they use the + available physical monitors attached to the host. As a + result, for full screen and seamless modes to work with + multiple monitors, you will need at least as many physical + monitors as you have virtual monitors configured, or + &product-name; will report an error. + </para> + + <para> + You can configure the relationship between guest and host + monitors using the <emphasis role="bold">View</emphasis> + menu by pressing Host key + Home when you are in full screen + or seamless mode. + </para> + + <para> + See also <xref linkend="KnownIssues" />. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Scale Factor:</emphasis> Enables + scaling of the display size. For multiple monitor displays, + you can set the scale factor for individual monitors, or + globally for all of the monitors. Use the slider to select a + scaling factor up to 200%. + </para> + + <para> + You can set a default scale factor for all VMs. Use the + <emphasis role="bold">Display</emphasis> tab in the Global + Settings dialogs. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Enable 3D Acceleration:</emphasis> If + a virtual machine has Guest Additions installed, you can + select here whether the guest should support accelerated 3D + graphics. See <xref linkend="guestadd-3d" />. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Enable 2D Video + Acceleration:</emphasis> If a virtual machine with Microsoft + Windows has Guest Additions installed, you can select here + whether the guest should support accelerated 2D video + graphics. See <xref linkend="guestadd-2d" />. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Graphics Controller:</emphasis> + Specifies the graphics adapter type used by the guest VM. + Note that you must install the Guest Additions on the guest + VM to specify the VBoxSVGA or VMSVGA graphics controller. + The following options are available: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">VBoxSVGA:</emphasis> The default + graphics controller for new VMs that use Linux or + Windows 7 or later. + </para> + + <para> + This graphics controller improves performance and 3D + support when compared to the legacy VBoxVGA option. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">VBoxVGA:</emphasis> Use this + graphics controller for legacy guest OSes. This is the + default graphics controller for Windows versions before + Windows 7. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">VMSVGA:</emphasis> Use this + graphics controller to emulate a VMware SVGA graphics + device. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">None:</emphasis> Does not emulate + a graphics adapter type. + </para> + </listitem> + + </itemizedlist> + </listitem> + + </itemizedlist> + + </sect2> + + <sect2 id="settings-remote-display"> + + <title>Remote Display Tab</title> + + <para> + On the <emphasis role="bold">Remote Display</emphasis> tab, if + the VirtualBox Remote Display Extension (VRDE) is installed, you + can enable the VRDP server that is built into &product-name;. + This enables you to connect to the console of the virtual + machine remotely with any standard RDP viewer, such as + <command>mstsc.exe</command> that comes with Microsoft Windows. + On Linux and Oracle Solaris systems you can use the standard + open source <command>rdesktop</command> program. These features + are described in <xref linkend="vrde" />. + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Enable Server:</emphasis> Select this + check box and configure settings for the remote display + connection. + </para> + </listitem> + + </itemizedlist> + + </sect2> + + <sect2 id="settings-capture"> + + <title>Recording Tab</title> + + <para> + On the <emphasis role="bold">Recording</emphasis> tab you can + enable video and audio recording for a virtual machine and + change related settings. Note that these features can be enabled + and disabled while a VM is running. + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Enable Recording:</emphasis> Select + this check box and select a <emphasis role="bold">Recording + Mode</emphasis> option. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Recording Mode:</emphasis> You can + choose to record video, audio, or both video and audio. + </para> + + <para> + Some settings on the + <emphasis role="bold">Recording</emphasis> tab may be grayed + out, depending on the <emphasis role="bold">Recording + Mode</emphasis> setting. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">File Path:</emphasis> The file where + the recording is saved. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Frame Size:</emphasis> The video + resolution of the recorded video, in pixels. The drop-down + list enables you to select from common frame sizes. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Frame Rate:</emphasis> Use the slider + to set the maximum number of video frames per second (FPS) + to record. Frames that have a higher frequency are skipped. + Increasing this value reduces the number of skipped frames + and increases the file size. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Quality:</emphasis> Use the slider to + set the the bit rate of the video in kilobits per second. + Increasing this value improves the appearance of the video + at the cost of an increased file size. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Audio Quality:</emphasis> Use the + slider to set the quality of the audio recording. Increasing + this value improves the audio quality at the cost of an + increased file size. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Screens:</emphasis> For a multiple + monitor display, you can select which screens to record + video from. + </para> + </listitem> + + </itemizedlist> + + <para> + As you adjust the video and audio recording settings, the + approximate output file size for a five minute video is shown. + </para> + + </sect2> + + </sect1> + + <sect1 id="settings-storage"> + + <title>Storage Settings</title> + + <para> + The <emphasis role="bold">Storage</emphasis> category in the VM + settings enables you to connect virtual hard disk, CD/DVD, and + floppy images and drives to your virtual machine. + </para> + + <para> + In a real PC, so-called <emphasis>storage controllers</emphasis> + connect physical disk drives to the rest of the computer. + Similarly, &product-name; presents virtual storage controllers to + a virtual machine. Under each controller, the virtual devices, + such as hard disks, CD/DVD or floppy drives, attached to the + controller are shown. + </para> + + <note> + <para> + This section gives a quick introduction to the &product-name; + storage settings. See <xref linkend="storage" /> for a full + description of the available storage settings in &product-name;. + </para> + </note> + + <para> + If you have used the <emphasis role="bold">Create VM</emphasis> + wizard to create a machine, you will normally see something like + the following: + </para> + + <figure id="fig-storage-settings"> + <title>Storage Settings for a Virtual Machine</title> + <mediaobject> + <imageobject> + <imagedata align="center" fileref="images/vm-settings-harddisk.png" + width="10cm" /> + </imageobject> + </mediaobject> + </figure> + + <para> + Depending on the guest OS type that you selected when you created + the VM, a new VM includes the following storage devices: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">IDE controller.</emphasis> A virtual + CD/DVD drive is attached to the secondary master port of the + IDE controller. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">SATA controller.</emphasis> This is a + modern type of storage controller for higher hard disk data + throughput, to which the virtual hard disks are attached. + Initially you will normally have one such virtual disk, but as + shown in the previous screenshot, you can have more than one. + Each is represented by a disk image file, such as a VDI file + in this example. + </para> + </listitem> + + </itemizedlist> + + <para> + If you created your VM with an older version of &product-name;, + the default storage layout may differ. You might then only have an + IDE controller to which both the CD/DVD drive and the hard disks + have been attached. This might also apply if you selected an older + OS type when you created the VM. Since older OSes do not support + SATA without additional drivers, &product-name; will make sure + that no such devices are present initially. See + <xref linkend="harddiskcontrollers" />. + </para> + + <para> + &product-name; also provides a <emphasis>floppy + controller</emphasis>. You cannot add devices other than floppy + drives to this controller. Virtual floppy drives, like virtual + CD/DVD drives, can be connected to either a host floppy drive, if + you have one, or a disk image, which in this case must be in RAW + format. + </para> + + <para> + You can modify these media attachments freely. For example, if you + wish to copy some files from another virtual disk that you + created, you can connect that disk as a second hard disk, as in + the above screenshot. You could also add a second virtual CD/DVD + drive, or change where these items are attached. The following + options are available: + </para> + + <itemizedlist> + + <listitem> + <para> + To <emphasis role="bold">add another virtual hard disk, or a + CD/DVD or floppy drive</emphasis>, select the storage + controller to which it should be added (IDE, SATA, SCSI, SAS, + floppy controller) and then click the + <emphasis role="bold">Add Disk</emphasis> button below the + tree. You can then either select <emphasis role="bold">Add + CD/DVD Device</emphasis> or <emphasis role="bold">Add Hard + Disk</emphasis>. If you clicked on a floppy controller, you + can add a floppy drive instead. Alternatively, right-click on + the storage controller and select a menu item there. + </para> + + <para> + On the right part of the window, you can then set the + following: + </para> + + <orderedlist> + + <listitem> + <para> + The <emphasis role="bold">device slot</emphasis> of the + controller that the virtual disk is connected to. IDE + controllers have four slots which have traditionally been + called primary master, primary slave, secondary master, + and secondary slave. By contrast, SATA and SCSI + controllers offer you up to 30 slots for attaching virtual + devices. + </para> + </listitem> + + <listitem> + <para> + The <emphasis role="bold">image file</emphasis> to use. + </para> + + <itemizedlist> + + <listitem> + <para> + For virtual hard disks, a button with a drop-down list + appears on the right, offering you to either select a + <emphasis role="bold">virtual hard disk + file</emphasis> using a standard file dialog or to + <emphasis role="bold">create a new hard + disk</emphasis> (image file). The latter option + displays the <emphasis role="bold">Create New + Disk</emphasis> wizard, described in + <xref linkend="gui-createvm" />. + </para> + + <para> + For virtual floppy drives, a dialog enables you to + create and format a new floppy disk image + automatically. + </para> + + <para> + For details on the image file types that are + supported, see <xref linkend="vdidetails" />. + </para> + </listitem> + + <listitem> + <para> + For virtual CD/DVD drives, the image files will + typically be in the standard ISO format instead. Most + commonly, you will select this option when installing + an OS from an ISO file that you have obtained from the + Internet. For example, most Linux distributions are + available in this way. + </para> + + <para> + For virtual CD/DVD drives, the following additional + options are available: + </para> + + <itemizedlist> + + <listitem> + <para> + If you select <emphasis role="bold">Host + Drive</emphasis> from the list, then the physical + device of the host computer is connected to the + VM, so that the guest OS can read from and write + to your physical device. This is, for instance, + useful if you want to install Windows from a real + installation CD. In this case, select your host + drive from the drop-down list presented. + </para> + + <para> + If you want to write, or burn, CDs or DVDs using + the host drive, you need to also enable the + <emphasis role="bold">Passthrough</emphasis> + option. See <xref linkend="storage-cds" />. + </para> + </listitem> + + <listitem> + <para> + If you select <emphasis role="bold">Remove Disk + from Virtual Drive</emphasis>, &product-name; will + present an empty CD/DVD drive to the guest into + which no media has been inserted. + </para> + </listitem> + + </itemizedlist> + </listitem> + + </itemizedlist> + </listitem> + + </orderedlist> + </listitem> + + <listitem> + <para> + To <emphasis role="bold">remove an attachment</emphasis>, + either select it and click on the + <emphasis role="bold">Remove</emphasis> icon at the bottom, or + right-click on it and select the menu item. + </para> + </listitem> + + </itemizedlist> + + <para> + Removable media, such as CD/DVDs and floppies, can be changed + while the guest is running. Since the + <emphasis role="bold">Settings</emphasis> dialog is not available + at that time, you can also access these settings from the + <emphasis role="bold">Devices</emphasis> menu of your virtual + machine window. + </para> + + </sect1> + + <sect1 id="settings-audio"> + + <title>Audio Settings</title> + + <para> + The <emphasis role="bold">Audio</emphasis> section in a virtual + machine's <emphasis role="bold">Settings</emphasis> window + determines whether the VM will detect a connected sound card, and + if the audio output should be played on the host system. + </para> + + <para> + To enable audio for a guest, select the + <emphasis role="bold">Enable Audio</emphasis> check box. The + following settings are available: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Host Audio Driver:</emphasis> The audio + driver that &product-name; uses on the host. On a Linux host, + depending on your host configuration, you can select between + the OSS, ALSA, or the PulseAudio subsystem. On newer Linux + distributions, the PulseAudio subsystem is preferred. + </para> + + <para> + Only OSS is supported on Oracle Solaris hosts. The Oracle + Solaris Audio audio backend is no longer supported on Oracle + Solaris hosts. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Audio Controller:</emphasis> You can + choose between the emulation of an Intel AC'97 controller, an + Intel HD Audio controller, or a SoundBlaster 16 card. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Enable Audio Output:</emphasis> Enables + audio output only for the VM. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Enable Audio Input:</emphasis> Enables + audio input only for the VM. + </para> + </listitem> + + </itemizedlist> + + </sect1> + + <sect1 id="settings-network"> + + <title>Network Settings</title> + + <para> + The <emphasis role="bold">Network</emphasis> section in a virtual + machine's <emphasis role="bold">Settings</emphasis> window enables + you to configure how &product-name; presents virtual network cards + to your VM, and how they operate. + </para> + + <para> + When you first create a virtual machine, &product-name; by default + enables one virtual network card and selects the Network Address + Translation (NAT) mode for it. This way the guest can connect to + the outside world using the host's networking and the outside + world can connect to services on the guest which you choose to + make visible outside of the virtual machine. + </para> + + <para> + This default setup is good for the majority of &product-name; + users. However, &product-name; is extremely flexible in how it can + virtualize networking. It supports many virtual network cards per + virtual machine. The first four virtual network cards can be + configured in detail in the VirtualBox Manager window. Additional + network cards can be configured using the + <command>VBoxManage</command> command. + </para> + + <para> + Many networking options are available. See + <xref linkend="networkingdetails" /> for more information. + </para> + + </sect1> + + <sect1 id="serialports"> + + <title>Serial Ports</title> + + <para> + &product-name; supports the use of virtual serial ports in a + virtual machine. + </para> + + <para> + Ever since the original IBM PC, personal computers have been + equipped with one or two serial ports, also called COM ports by + DOS and Windows. Serial ports were commonly used with modems, and + some computer mice used to be connected to serial ports before USB + became commonplace. + </para> + + <para> + While serial ports are no longer as common as they used to be, + there are still some important uses left for them. For example, + serial ports can be used to set up a primitive network over a + null-modem cable, in case Ethernet is not available. Also, serial + ports are indispensable for system programmers needing to do + kernel debugging, since kernel debugging software usually + interacts with developers over a serial port. With virtual serial + ports, system programmers can do kernel debugging on a virtual + machine instead of needing a real computer to connect to. + </para> + + <para> + If a virtual serial port is enabled, the guest OS sees a standard + 16550A compatible UART device. Other UART types can be configured + using the <command>VBoxManage modifyvm</command> command. Both + receiving and transmitting data is supported. How this virtual + serial port is then connected to the host is configurable, and the + details depend on your host OS. + </para> + + <para> + You can use either the Settings tabs or the + <command>VBoxManage</command> command to set up virtual serial + ports. For the latter, see <xref linkend="vboxmanage-modifyvm" /> + for information on the <computeroutput>--uart</computeroutput>, + <computeroutput>--uartmode</computeroutput> and + <computeroutput>--uarttype</computeroutput> options. + </para> + + <para> + You can configure up to four virtual serial ports per virtual + machine. For each device, you must set the following: + </para> + + <orderedlist> + + <listitem> + <para> + <emphasis role="bold">Port Number:</emphasis> This determines + the serial port that the virtual machine should see. For best + results, use the traditional values as follows: + </para> + + <itemizedlist> + + <listitem> + <para> + COM1: I/O base 0x3F8, IRQ 4 + </para> + </listitem> + + <listitem> + <para> + COM2: I/O base 0x2F8, IRQ 3 + </para> + </listitem> + + <listitem> + <para> + COM3: I/O base 0x3E8, IRQ 4 + </para> + </listitem> + + <listitem> + <para> + COM4: I/O base 0x2E8, IRQ 3 + </para> + </listitem> + + </itemizedlist> + + <para> + You can also configure a user-defined serial port. Enter an + I/O base address and interrupt (IRQ). + </para> + + <para> + See also + <ulink + url="http://en.wikipedia.org/wiki/COM_(hardware_interface)">http://en.wikipedia.org/wiki/COM_(hardware_interface)</ulink>. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Port Mode:</emphasis> What the virtual + port is connected to. For each virtual serial port, you have + the following options: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Disconnected:</emphasis> The guest + will see the device, but it will behave as if no cable had + been connected to it. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Host Device:</emphasis> Connects the + virtual serial port to a physical serial port on your + host. On a Windows host, this will be a name like + <computeroutput>COM1</computeroutput>. On Linux or Oracle + Solaris hosts, it will be a device node like + <computeroutput>/dev/ttyS0</computeroutput>. + &product-name; will then simply redirect all data received + from and sent to the virtual serial port to the physical + device. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Host Pipe:</emphasis> Configure + &product-name; to connect the virtual serial port to a + software pipe on the host. This depends on your host OS, + as follows: + </para> + + <itemizedlist> + + <listitem> + <para> + On a Windows host, data will be sent and received + through a named pipe. The pipe name must be in the + format + <computeroutput>\\.\pipe\<name></computeroutput> + where <computeroutput><name></computeroutput> + should identify the virtual machine but may be freely + chosen. + </para> + </listitem> + + <listitem> + <para> + On a Mac, Linux, or Oracle Solaris host, a local + domain socket is used instead. The socket filename + must be chosen such that the user running + &product-name; has sufficient privileges to create and + write to it. The <computeroutput>/tmp</computeroutput> + directory is often a good candidate. + </para> + + <para> + On Linux there are various tools which can connect to + a local domain socket or create one in server mode. + The most flexible tool is + <computeroutput>socat</computeroutput> and is + available as part of many distributions. + </para> + </listitem> + + </itemizedlist> + + <para> + In this case, you can configure whether &product-name; + should create the named pipe, or the local domain socket + non-Windows hosts, itself or whether &product-name; should + assume that the pipe or socket exists already. With the + <command>VBoxManage</command> command-line options, this + is referred to as server mode or client mode, + respectively. + </para> + + <para> + For a direct connection between two virtual machines, + corresponding to a null-modem cable, simply configure one + VM to create a pipe or socket and another to attach to it. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Raw File:</emphasis> Send the + virtual serial port output to a file. This option is very + useful for capturing diagnostic output from a guest. Any + file may be used for this purpose, as long as the user + running &product-name; has sufficient privileges to create + and write to the file. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">TCP Socket:</emphasis> Useful for + forwarding serial traffic over TCP/IP, acting as a server, + or it can act as a TCP client connecting to other servers. + This option enables a remote machine to directly connect + to the guest's serial port using TCP. + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">TCP Server:</emphasis> Deselect + the <emphasis role="bold">Connect to Existing + Pipe/Socket</emphasis> check box and specify the port + number in the + <emphasis role="bold">Path/Address</emphasis> field. + This is typically 23 or 2023. Note that on UNIX-like + systems you will have to use a port a number greater + than 1024 for regular users. + </para> + + <para> + The client can use software such as + <command>PuTTY</command> or the + <command>telnet</command> command line tool to access + the TCP Server. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">TCP Client:</emphasis> To create + a virtual null-modem cable over the Internet or LAN, + the other side can connect using TCP by specifying + <computeroutput>hostname:port</computeroutput> in the + <emphasis role="bold">Path/Address</emphasis> field. + The TCP socket will act in client mode if you select + the <emphasis role="bold">Connect to Existing + Pipe/Socket</emphasis> check box. + </para> + </listitem> + + </itemizedlist> + </listitem> + + </itemizedlist> + </listitem> + + </orderedlist> + + <para> + Up to four serial ports can be configured per virtual machine, but + you can pick any port numbers out of the above. However, serial + ports cannot reliably share interrupts. If both ports are to be + used at the same time, they must use different interrupt levels, + for example COM1 and COM2, but not COM1 and COM3. + </para> + + </sect1> + + <sect1 id="usb-support"> + + <title>USB Support</title> + + <sect2 id="settings-usb"> + + <title>USB Settings</title> + + <para> + The <emphasis role="bold">USB</emphasis> section in a virtual + machine's <emphasis role="bold">Settings</emphasis> window + enables you to configure &product-name;'s sophisticated USB + support. + </para> + + <para> + &product-name; can enable virtual machines to access the USB + devices on your host directly. To achieve this, &product-name; + presents the guest OS with a virtual USB controller. As soon as + the guest system starts using a USB device, it will appear as + unavailable on the host. + </para> + + <note> + <itemizedlist> + + <listitem> + <para> + Be careful with USB devices that are currently in use on + the host. For example, if you allow your guest to connect + to your USB hard disk that is currently mounted on the + host, when the guest is activated, it will be disconnected + from the host without a proper shutdown. This may cause + data loss. + </para> + </listitem> + + <listitem> + <para> + Oracle Solaris hosts have a few known limitations + regarding USB support. See <xref linkend="KnownIssues" />. + </para> + </listitem> + + </itemizedlist> + </note> + + <para> + In addition to allowing a guest access to your local USB + devices, &product-name; even enables your guests to connect to + remote USB devices by use of the VirtualBox Remote Desktop + Extension (VRDE). See <xref linkend="usb-over-rdp" />. + </para> + + <para> + To enable USB for a VM, select the <emphasis role="bold">Enable + USB Controller</emphasis> check box. The following settings are + available: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">USB Controller:</emphasis> Selects a + controller with the specified level of USB support, as + follows: + </para> + + <itemizedlist> + + <listitem> + <para> + OHCI for USB 1.1 + </para> + </listitem> + + <listitem> + <para> + EHCI for USB 2.0. This also enables OHCI. + </para> + </listitem> + + <listitem> + <para> + xHCI for USB 3.0. This supports all USB speeds. + </para> + </listitem> + + </itemizedlist> + + <note> + <para> + The xHCI and EHCI controllers are shipped as an + &product-name; extension package, which must be installed + separately. See <xref linkend="intro-installing" />. + </para> + </note> + </listitem> + + <listitem> + <para> + <emphasis role="bold">USB Device Filters:</emphasis> When + USB support is enabled for a VM, you can determine in detail + which devices will be automatically attached to the guest. + For this, you can create filters by specifying certain + properties of the USB device. USB devices with a matching + filter will be automatically passed to the guest once they + are attached to the host. USB devices without a matching + filter can be passed manually to the guest, for example by + using the <emphasis role="bold">Devices</emphasis>, + <emphasis role="bold">USB</emphasis> menu. + </para> + + <para> + Clicking on the <emphasis role="bold">+</emphasis> button to + the right of the <emphasis role="bold">USB Device + Filters</emphasis> window creates a new filter. You can give + the filter a name, for later reference, and specify the + filter criteria. The more criteria you specify, the more + precisely devices will be selected. For instance, if you + specify only a vendor ID of 046d, all devices produced by + Logitech will be available to the guest. If you fill in all + fields, on the other hand, the filter will only apply to a + particular device model from a particular vendor, and not + even to other devices of the same type with a different + revision and serial number. + </para> + + <para> + In detail, the following criteria are available: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Vendor and Product ID.</emphasis> + With USB, each vendor of USB products carries an + identification number that is unique world-wide, called + the <emphasis>vendor ID</emphasis>. Similarly, each line + of products is assigned a <emphasis>product + ID</emphasis> number. Both numbers are commonly written + in hexadecimal, and a colon separates the vendor from + the product ID. For example, + <computeroutput>046d:c016</computeroutput> stands for + Logitech as a vendor, and the M-UV69a Optical Wheel + Mouse product. + </para> + + <para> + Alternatively, you can also specify + <emphasis role="bold">Manufacturer</emphasis> and + <emphasis role="bold">Product</emphasis> by name. + </para> + + <para> + To list all the USB devices that are connected to your + host machine with their respective vendor IDs and + product IDs, use the following command: + </para> + +<screen>VBoxManage list usbhost</screen> + + <para> + On Windows, you can also see all USB devices that are + attached to your system in the Device Manager. On Linux, + you can use the <command>lsusb</command> command. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Serial Number.</emphasis> While + vendor ID and product ID are quite specific to identify + USB devices, if you have two identical devices of the + same brand and product line, you will also need their + serial numbers to filter them out correctly. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Remote.</emphasis> This setting + specifies whether the device will be local only, remote + only, such as over VRDP, or either. + </para> + </listitem> + + </itemizedlist> + + <para> + On a Windows host, you will need to unplug and reconnect a + USB device to use it after creating a filter for it. + </para> + + <para> + As an example, you could create a new USB filter and specify + a vendor ID of 046d for Logitech, Inc, a manufacturer index + of 1, and "not remote". Then any USB devices on the host + system produced by Logitech, Inc with a manufacturer index + of 1 will be visible to the guest system. + </para> + + <para> + Several filters can select a single device. For example, a + filter which selects all Logitech devices, and one which + selects a particular webcam. + </para> + + <para> + You can deactivate filters without deleting them by + deselecting the check box next to the filter name. + </para> + </listitem> + + </itemizedlist> + + </sect2> + + <sect2 id="usb-implementation-notes"> + + <title>Implementation Notes for Windows and Linux Hosts</title> + + <para> + On Windows hosts, a kernel mode device driver provides USB proxy + support. It implements both a USB monitor, which enables + &product-name; to capture devices when they are plugged in, and + a USB device driver to claim USB devices for a particular + virtual machine. As opposed to &product-name; versions before + 1.4.0, system reboots are no longer necessary after installing + the driver. Also, you no longer need to replug devices for + &product-name; to claim them. + </para> + + <para> + On newer Linux hosts, &product-name; accesses USB devices + through special files in the file system. When &product-name; is + installed, these are made available to all users in the + <computeroutput>vboxusers</computeroutput> system group. In + order to be able to access USB from guest systems, make sure + that you are a member of this group. + </para> + + <para> + On older Linux hosts, USB devices are accessed using the + <computeroutput>usbfs</computeroutput> file system. Therefore, + the user executing &product-name; needs read and write + permission to the USB file system. Most distributions provide a + group, such as <computeroutput>usbusers</computeroutput>, which + the &product-name; user needs to be added to. Also, + &product-name; can only proxy to virtual machines USB devices + which are not claimed by a Linux host USB driver. The + <computeroutput>Driver=</computeroutput> entry in + <computeroutput>/proc/bus/usb/devices</computeroutput> will show + you which devices are currently claimed. See also + <xref + linkend="ts_usb-linux" /> for details about + <computeroutput>usbfs</computeroutput>. + </para> + + </sect2> + + </sect1> + + <sect1 id="shared-folders"> + + <title>Shared Folders</title> + + <para> + Shared folders enable you to easily exchange data between a + virtual machine and your host. This feature requires that the + &product-name; Guest Additions be installed in a virtual machine + and is described in detail in <xref linkend="sharedfolders" />. + </para> + + </sect1> + + <sect1 id="user-interface"> + + <title>User Interface</title> + + <para> + The <emphasis role="bold">User Interface</emphasis> section + enables you to change certain aspects of the user interface of + this VM. + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Menu Bar:</emphasis> This widget enables + you to disable menus by clicking on the menu to release it, + menu entries by deselecting the check box of the entry to + disable it and the complete menu bar by deselecting the + rightmost check box. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Mini ToolBar:</emphasis> In full screen + or seamless mode, &product-name; can display a small toolbar + that contains some of the items that are normally available + from the virtual machine's menu bar. This toolbar reduces + itself to a small gray line unless you move the mouse over it. + With the toolbar, you can return from full screen or seamless + mode, control machine execution or enable certain devices. If + you do not want to see the toolbar, disable this setting. + </para> + + <para> + The second setting enables you to show the toolbar at the top + of the screen, instead of showing it at the bottom. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Status Bar:</emphasis> This widget + enables you to disable icons on the status bar by deselecting + the check box of an icon to disable it, to rearrange icons by + dragging and dropping the icon, and to disable the complete + status bar by deselecting the leftmost check box. + </para> + </listitem> + + </itemizedlist> + + </sect1> + + <sect1 id="efi"> + + <title>Alternative Firmware (EFI)</title> + + <para> + &product-name; includes experimental support for the Extensible + Firmware Interface (EFI), which is a new industry standard + intended to eventually replace the legacy BIOS as the primary + interface for bootstrapping computers and certain system services + later. + </para> + + <para> + By default, &product-name; uses the BIOS firmware for virtual + machines. To use EFI for a given virtual machine, you can enable + EFI in the machine's <emphasis role="bold">Settings</emphasis> + dialog. See <xref linkend="settings-motherboard"/>. Alternatively, + use the <command>VBoxManage</command> command line interface as + follows: + </para> + +<screen>VBoxManage modifyvm "VM name" --firmware efi</screen> + + <para> + To switch back to using the BIOS: + </para> + +<screen>VBoxManage modifyvm "VM name" --firmware bios</screen> + + <para> + One notable user of EFI is Apple Mac OS X. More recent Linux + versions and Windows releases, starting with Vista, also offer + special versions that can be booted using EFI. + </para> + + <para> + Another possible use of EFI in &product-name; is development and + testing of EFI applications, without booting any OS. + </para> + + <para> + Note that the &product-name; EFI support is experimental and will + be enhanced as EFI matures and becomes more widespread. Mac OS X, + Linux, and newer Windows guests are known to work fine. Windows 7 + guests are unable to boot with the &product-name; EFI + implementation. + </para> + + <sect2 id="efividmode"> + + <title>Video Modes in EFI</title> + + <para> + EFI provides two distinct video interfaces: GOP (Graphics Output + Protocol) and UGA (Universal Graphics Adapter). Modern OSes, + such as Mac OS X, generally use GOP, while some older ones still + use UGA. &product-name; provides a configuration option to + control the graphics resolution for both interfaces, making the + difference mostly irrelevant for users. + </para> + + <para> + The default resolution is 1024x768. To select a graphics + resolution for EFI, use the following + <command>VBoxManage</command> command: + </para> + +<screen>VBoxManage setextradata "VM name" VBoxInternal2/EfiGraphicsResolution HxV</screen> + + <para> + Determine the horizontal resolution H and the vertical + resolution V from the following list of default resolutions: + </para> + + <variablelist> + + <varlistentry> + <term> + VGA + </term> + + <listitem> + <para> + 640x480, 32bpp, 4:3 + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + SVGA + </term> + + <listitem> + <para> + 800x600, 32bpp, 4:3 + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + XGA + </term> + + <listitem> + <para> + 1024x768, 32bpp, 4:3 + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + XGA+ + </term> + + <listitem> + <para> + 1152x864, 32bpp, 4:3 + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + HD + </term> + + <listitem> + <para> + 1280x720, 32bpp, 16:9 + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + WXGA + </term> + + <listitem> + <para> + 1280x800, 32bpp, 16:10 + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + SXGA + </term> + + <listitem> + <para> + 1280x1024, 32bpp, 5:4 + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + SXGA+ + </term> + + <listitem> + <para> + 1400x1050, 32bpp, 4:3 + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + WXGA+ + </term> + + <listitem> + <para> + 1440x900, 32bpp, 16:10 + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + HD+ + </term> + + <listitem> + <para> + 1600x900, 32bpp, 16:9 + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + UXGA + </term> + + <listitem> + <para> + 1600x1200, 32bpp, 4:3 + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + WSXGA+ + </term> + + <listitem> + <para> + 1680x1050, 32bpp, 16:10 + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + Full HD + </term> + + <listitem> + <para> + 1920x1080, 32bpp, 16:9 + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + WUXGA + </term> + + <listitem> + <para> + 1920x1200, 32bpp, 16:10 + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + DCI 2K + </term> + + <listitem> + <para> + 2048x1080, 32bpp, 19:10 + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + Full HD+ + </term> + + <listitem> + <para> + 2160x1440, 32bpp, 3:2 + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + Unnamed + </term> + + <listitem> + <para> + 2304x1440, 32bpp, 16:10 + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + QHD + </term> + + <listitem> + <para> + 2560x1440, 32bpp, 16:9 + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + WQXGA + </term> + + <listitem> + <para> + 2560x1600, 32bpp, 16:10 + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + QWXGA+ + </term> + + <listitem> + <para> + 2880x1800, 32bpp, 16:10 + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + QHD+ + </term> + + <listitem> + <para> + 3200x1800, 32bpp, 16:9 + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + WQSXGA + </term> + + <listitem> + <para> + 3200x2048, 32bpp, 16:10 + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + 4K UHD + </term> + + <listitem> + <para> + 3840x2160, 32bpp, 16:9 + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + WQUXGA + </term> + + <listitem> + <para> + 3840x2400, 32bpp, 16:10 + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + DCI 4K + </term> + + <listitem> + <para> + 4096x2160, 32bpp, 19:10 + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + HXGA + </term> + + <listitem> + <para> + 4096x3072, 32bpp, 4:3 + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + UHD+ + </term> + + <listitem> + <para> + 5120x2880, 32bpp, 16:9 + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + WHXGA + </term> + + <listitem> + <para> + 5120x3200, 32bpp, 16:10 + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + WHSXGA + </term> + + <listitem> + <para> + 6400x4096, 32bpp, 16:10 + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + HUXGA + </term> + + <listitem> + <para> + 6400x4800, 32bpp, 4:3 + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + 8K UHD2 + </term> + + <listitem> + <para> + 7680x4320, 32bpp, 16:9 + </para> + </listitem> + </varlistentry> + + </variablelist> + + <para> + If this list of default resolution does not cover your needs, + see <xref linkend="customvesa" />. Note that the color depth + value specified in a custom video mode must be specified. Color + depths of 8, 16, 24, and 32 are accepted. EFI assumes a color + depth of 32 by default. + </para> + + <para> + The EFI default video resolution settings can only be changed + when the VM is powered off. + </para> + + </sect2> + + <sect2 id="efibootargs"> + + <title>Specifying Boot Arguments</title> + + <para> + It is currently not possible to manipulate EFI variables from + within a running guest. For example, setting the "boot-args" + variable by running the <computeroutput>nvram</computeroutput> + tool in a Mac OS X guest will not work. As an alternative way, + "VBoxInternal2/EfiBootArgs" extradata can be passed to a VM in + order to set the "boot-args" variable. To change the "boot-args" + EFI variable, use the following command: + </para> + +<screen>VBoxManage setextradata "VM name" VBoxInternal2/EfiBootArgs <value></screen> + + </sect2> + + </sect1> + +</chapter> diff --git a/doc/manual/en_US/user_ChangeLog.xml b/doc/manual/en_US/user_ChangeLog.xml new file mode 100644 index 00000000..daddaafc --- /dev/null +++ b/doc/manual/en_US/user_ChangeLog.xml @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" + "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"[ +<!ENTITY % all.entities SYSTEM "all-entities.ent"> +%all.entities; +]> +<chapter id="ChangeLog"> + + <title>Change Log</title> + + <para> + This section summarizes the changes between &product-name; versions. + Note that this change log is not exhaustive and not all changes are + listed. + </para> + + <para> + &product-name; version numbers consist of three numbers separated by + dots where the first and second number represent the major version + and the third number the minor version. Minor version numbers of + official releases are always even. An odd minor version number + represents an internal development or test build. In addition, each + build contains a revision number. + </para> + + <xi:include href="user_ChangeLogImpl.xml" xpointer="xpointer(/chapter/*)" + xmlns:xi="http://www.w3.org/2001/XInclude" /> + + <sect1 id="change-log-older"> + + <title>Change Logs for Legacy Versions</title> + + <para> + To view the change log for a legacy version of VirtualBox see the + documentation for the relevant &product-name; release. + </para> + + <para> + Change logs are also available at: + </para> + + <para> + <ulink url="https://www.virtualbox.org/wiki/Changelog">https://www.virtualbox.org/wiki/Changelog</ulink>. + </para> + + </sect1> + +</chapter> diff --git a/doc/manual/en_US/user_Frontends.xml b/doc/manual/en_US/user_Frontends.xml new file mode 100644 index 00000000..18bfb51d --- /dev/null +++ b/doc/manual/en_US/user_Frontends.xml @@ -0,0 +1,1242 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" +"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"[ +<!ENTITY % all.entities SYSTEM "all-entities.ent"> +%all.entities; +]> +<chapter id="remotevm"> + + <title>Remote Virtual Machines</title> + + <sect1 id="vrde"> + + <title>Remote Display (VRDP Support)</title> + + <para> + &product-name; can display virtual machines remotely, meaning that + a virtual machine can execute on one computer even though the + machine will be displayed on a second computer, and the machine + will be controlled from there as well, as if the virtual machine + was running on that second computer. + </para> + + <para> + For maximum flexibility, &product-name; implements remote machine + display through a generic extension interface called the + VirtualBox Remote Desktop Extension (VRDE). The base open source + &product-name; package only provides this interface, while + implementations can be supplied by third parties with + &product-name; extension packages, which must be installed + separately from the base package. See + <xref linkend="intro-installing" />. + </para> + + <para> + Oracle provides support for the VirtualBox Remote Display Protocol + (VRDP) in such an &product-name; extension package. When this + package is installed, &product-name; versions 4.0 and later + support VRDP the same way as binary, non-open source, versions of + &product-name; before 4.0 did. + </para> + + <para> + VRDP is a backwards-compatible extension to Microsoft's Remote + Desktop Protocol (RDP). As a result, you can use any standard RDP + client to control the remote VM. + </para> + + <para> + Even when the extension is installed, the VRDP server is disabled + by default. It can easily be enabled on a per-VM basis either in + the VirtualBox Manager in the + <emphasis role="bold">Display</emphasis> settings, see + <xref linkend="settings-display" />, or with the + <command>VBoxManage</command> command, as follows: + </para> + +<screen>VBoxManage modifyvm "VM name" --vrde on</screen> + + <para> + By default, the VRDP server uses TCP port + <computeroutput>3389</computeroutput>. You will need to change the + default port if you run more than one VRDP server, since the port + can only be used by one server at a time. You might also need to + change it on Windows hosts since the default port might already be + used by the RDP server that is built into Windows itself. Ports + 5000 through 5050 are typically not used and might be a good + choice. + </para> + + <para> + The port can be changed either in the + <emphasis role="bold">Display</emphasis> settings of the graphical + user interface or with the <option>--vrdeport</option> option of + the <command>VBoxManage modifyvm</command> command. You can + specify a comma-separated list of ports or ranges of ports. Use a + dash between two port numbers to specify a range. The VRDP server + will bind to <emphasis>one</emphasis> of the available ports from + the specified list. For example, <computeroutput>VBoxManage + modifyvm "VM name" --vrdeport 5000,5010-5012</computeroutput> will + configure the server to bind to one of the ports 5000, 5010, 5011, + or 5012. See <xref linkend="vboxmanage-modifyvm-vrde" />. + </para> + + <para> + The actual port used by a running VM can be either queried with + the <command>VBoxManage showvminfo</command> command or seen in + the GUI on the <emphasis role="bold">Runtime</emphasis> tab of the + <emphasis role="bold">Session Information</emphasis> dialog, which + is accessible from the <emphasis role="bold">Machine</emphasis> + menu of the VM window. + </para> + + <para> + Support for IPv6 has been implemented in &product-name; 4.3. If + the host OS supports IPv6 the VRDP server will automatically + listen for IPv6 connections in addition to IPv4. + </para> + + <sect2 id="rdp-viewers"> + + <title>Common Third-Party RDP Viewers</title> + + <para> + Since VRDP is backwards-compatible to RDP, you can use any + standard RDP viewer to connect to such a remote virtual machine. + For this to work, you must specify the IP address of your + <emphasis>host</emphasis> system, not of the virtual machine, as + the server address to connect to. You must also specify the port + number that the VRDP server is using. + </para> + + <para> + The following examples are for the most common RDP viewers: + </para> + + <itemizedlist> + + <listitem> + <para> + On Windows, you can use the Microsoft Terminal Services + Connector, <command>mstsc.exe</command>, that is included + with Windows. Press the Windows key + R, to display the + <emphasis role="bold">Run</emphasis> dialog. Enter + <command>mstsc</command> to start the program. You can also + find the program in <emphasis role="bold">Start</emphasis>, + <emphasis role="bold">All Programs</emphasis>, + <emphasis role="bold">Accessories</emphasis>, + <emphasis role="bold">Remote Desktop Connection</emphasis>. + If you use the <emphasis role="bold">Run</emphasis> dialog, + you can enter options directly. For example: + </para> + +<screen>mstsc 1.2.3.4:3389</screen> + + <para> + Replace <computeroutput>1.2.3.4</computeroutput> with the + host IP address, and <computeroutput>3389</computeroutput> + with a different port, if necessary. + </para> + + <note> + <itemizedlist> + + <listitem> + <para> + IPv6 addresses must be enclosed in square brackets to + specify a port. For example: <computeroutput>mstsc + [fe80::1:2:3:4]:3389</computeroutput> + </para> + </listitem> + + <listitem> + <para> + When connecting to localhost in order to test the + connection, the addresses + <computeroutput>localhost</computeroutput> and + <computeroutput>127.0.0.1</computeroutput> might not + work using <command>mstsc.exe</command>. Instead, the + address + <computeroutput>127.0.0.2[:3389]</computeroutput> has + to be used. + </para> + </listitem> + + </itemizedlist> + </note> + </listitem> + + <listitem> + <para> + On other systems, you can use the standard open source + <command>rdesktop</command> program. This ships with most + Linux distributions, but &product-name; also comes with a + modified variant of <command>rdesktop</command> for remote + USB support. See <xref linkend="usb-over-rdp" />. + </para> + + <para> + With <command>rdesktop</command>, use a command line such as + the following: + </para> + +<screen>rdesktop -a 16 -N 1.2.3.4:3389</screen> + + <para> + Replace <computeroutput>1.2.3.4</computeroutput> with the + host IP address, and <computeroutput>3389</computeroutput> + with a different port, if necessary. The <computeroutput>-a + 16</computeroutput> option requests a color depth of 16 bits + per pixel, which we recommend. For best performance, after + installation of the guest operating system, you should set + its display color depth to the same value. The + <computeroutput>-N</computeroutput> option enables use of + the NumPad keys. + </para> + </listitem> + + <listitem> + <para> + You can use the Remmina remote desktop client with VRDP. + This application is included with some Linux distributions, + such as Debian and Ubuntu. + </para> + </listitem> + + <listitem> + <para> + If you run the KDE desktop, you can use + <computeroutput>krdc</computeroutput>, the KDE RDP viewer. A + typical command line is as follows: + </para> + +<screen>krdc rdp://1.2.3.4:3389</screen> + + <para> + Replace <computeroutput>1.2.3.4</computeroutput> with the + host IP address, and <computeroutput>3389</computeroutput> + with a different port, if necessary. The "rdp://" prefix is + required with krdc to switch it into RDP mode. + </para> + </listitem> + + <listitem> + <para> + With Sun Ray thin clients you can use + <command>uttsc</command>, which is part of the Sun Ray + Windows Connector package. See the Sun Ray documentation for + details. + </para> + </listitem> + + </itemizedlist> + + </sect2> + + <sect2 id="vboxheadless"> + + <title>VBoxHeadless, the Remote Desktop Server</title> + + <para> + While any VM started from the VirtualBox Manager is capable of + running virtual machines remotely, it is not convenient to have + to run the full-fledged GUI if you never want to have VMs + displayed locally in the first place. In particular, if you are + running server hardware whose only purpose is to host VMs, and + all your VMs are supposed to run remotely over VRDP, then it is + pointless to have a graphical user interface on the server at + all. This is especially true for Linux or Oracle Solaris hosts, + as the VirtualBox Manager comes with dependencies on the Qt and + SDL libraries. This is inconvenient if you would rather not have + the X Window system on your server at all. + </para> + + <para> + &product-name; therefore comes with a front-end called + <computeroutput>VBoxHeadless</computeroutput>, which produces no + visible output on the host at all, but still can deliver VRDP + data. This front-end has no dependencies on the X Window system + on Linux and Oracle Solaris hosts. + </para> + + <note> + <para> + Before &product-name; 1.6, the headless server was called + <computeroutput>VBoxVRDP</computeroutput>. For the sake of + backwards compatibility, the &product-name; installation still + installs an executable with that name as well. + </para> + </note> + + <para> + To start a virtual machine with + <computeroutput>VBoxHeadless</computeroutput>, you have the + following options: + </para> + + <itemizedlist> + + <listitem> + <para> + Use the <command>VBoxManage</command> command, as follows: + </para> + +<screen>VBoxManage startvm "VM name" --type headless</screen> + + <para> + The <computeroutput>--type</computeroutput> option causes + &product-name; to use + <computeroutput>VBoxHeadless</computeroutput> as the + front-end to the internal virtualization engine, instead of + the Qt front-end. + </para> + </listitem> + + <listitem> + <para> + Use the <command>VBoxHeadless</command> command, as follows: + </para> + +<screen>VBoxHeadless --startvm <uuid|name></screen> + + <para> + This way of starting the VM helps troubleshooting problems + reported by <command>VBoxManage startvm</command>, because + you can sometimes see more detailed error messages, + especially for early failures before the VM execution is + started. In normal situations <command>VBoxManage + startvm</command> is preferred, since it runs the VM + directly as a background process which has to be done + explicitly when directly starting with + <computeroutput>VBoxHeadless</computeroutput>. + </para> + </listitem> + + <listitem> + <para> + Start <computeroutput>VBoxHeadless</computeroutput> from the + VirtualBox Manager GUI, by pressing the Shift key when + starting a virtual machine or by selecting + <emphasis role="bold">Headless Start</emphasis> from the + <emphasis role="bold">Machine</emphasis> menu. + </para> + </listitem> + + </itemizedlist> + + <para> + When you use the <computeroutput>VBoxHeadless</computeroutput> + command to start a VM, the VRDP server will be enabled according + to the VM configuration. You can override the VM's setting using + <computeroutput>--vrde</computeroutput> command line parameter. + To enable the VRDP server, start the VM as follows: + </para> + +<screen>VBoxHeadless --startvm <uuid|name> --vrde on</screen> + + <para> + To disable the VRDP server: + </para> + +<screen>VBoxHeadless --startvm <uuid|name> --vrde off</screen> + + <para> + To have the VRDP server enabled depending on the VM + configuration, as for other front-ends: + </para> + +<screen>VBoxHeadless --startvm <uuid|name> --vrde config</screen> + + <para> + This command is the same as the following: + </para> + +<screen>VBoxHeadless --startvm <uuid|name></screen> + + <para> + If you start the VM with <command>VBoxManage startvm</command> + then the configuration settings of the VM are always used. + </para> + + </sect2> + + <sect2 id="headless-vm-steps"> + + <title>Step by Step: Creating a Virtual Machine on a Headless Server</title> + + <para> + The following instructions describe how to create a virtual + machine on a headless server over a network connection. This + example creates a virtual machine, establishes an RDP connection + and installs a guest operating system. All of these tasks are + done without having to touch the headless server. You need the + following prerequisites: + </para> + + <itemizedlist> + + <listitem> + <para> + &product-name; on a server machine with a supported host + operating system. The &product-name; Extension Pack for the + VRDP server must be installed, see <xref linkend="vrde"/>. + The procedures assume a Linux server is used. + </para> + </listitem> + + <listitem> + <para> + An ISO file accessible from the server, containing the + installation data for the guest operating system to install. + Windows XP is used in the example. + </para> + </listitem> + + <listitem> + <para> + A terminal connection to that host through which you can + access a command line, such as + <computeroutput>ssh</computeroutput>. + </para> + </listitem> + + <listitem> + <para> + An RDP viewer on the remote client. See + <xref linkend="rdp-viewers" /> for examples. + </para> + </listitem> + + </itemizedlist> + + <para> + Note that on the server machine, since we will only use the + headless server, Qt and the X Window system are not required. + </para> + + <orderedlist> + + <listitem> + <para> + On the headless server, create a new virtual machine. For + example: + </para> + +<screen>VBoxManage createvm --name "Windows XP" --ostype WindowsXP --register</screen> + + <para> + If you do not specify + <computeroutput>--register</computeroutput>, you will have + to manually use the <command>registervm</command> command + later. + </para> + + <para> + You do not need to specify + <computeroutput>--ostype</computeroutput>, but doing so + selects some sensible default values for certain VM + parameters. For example, the RAM size and the type of the + virtual network device. To get a complete list of supported + operating systems you can use the following command: + </para> + +<screen>VBoxManage list ostypes</screen> + </listitem> + + <listitem> + <para> + Make sure the settings for the VM are appropriate for the + guest operating system that we will install. For example: + </para> + +<screen>VBoxManage modifyvm "Windows XP" --memory 256 --acpi on --boot1 dvd --nic1 nat</screen> + </listitem> + + <listitem> + <para> + Create a virtual hard disk for the VM. For example, to + create a 10 GB virtual hard disk: + </para> + +<screen>VBoxManage createhd --filename "WinXP.vdi" --size 10000</screen> + </listitem> + + <listitem> + <para> + Add an IDE Controller to the new VM. For example: + </para> + +<screen>VBoxManage storagectl "Windows XP" --name "IDE Controller" + --add ide --controller PIIX4</screen> + </listitem> + + <listitem> + <para> + Set the VDI file you created as the first virtual hard disk + of the new VM. For example: + </para> + +<screen>VBoxManage storageattach "Windows XP" --storagectl "IDE Controller" + --port 0 --device 0 --type hdd --medium "WinXP.vdi"</screen> + </listitem> + + <listitem> + <para> + Attach the ISO file that contains the operating system + installation that you want to install later to the virtual + machine. This is done so that the VM can boot from it. + </para> + +<screen>VBoxManage storageattach "Windows XP" --storagectl "IDE Controller" + --port 0 --device 1 --type dvddrive --medium /full/path/to/iso.iso</screen> + </listitem> + + <listitem> + <para> + Enable the VirtualBox Remote Desktop Extension, the VRDP + server, as follows: + </para> + +<screen>VBoxManage modifyvm "Windows XP" --vrde on</screen> + </listitem> + + <listitem> + <para> + Start the virtual machine using the + <command>VBoxHeadless</command> command: + </para> + +<screen>VBoxHeadless --startvm "Windows XP"</screen> + + <para> + If the configuration steps worked, you should see a + copyright notice. If you are returned to the command line, + then something did not work correctly. + </para> + </listitem> + + <listitem> + <para> + On the client machine, start the RDP viewer and connect to + the server. See <xref linkend="rdp-viewers" /> for details + of how to use various common RDP viewers. + </para> + + <para> + The installation routine of your guest operating system + should be displayed in the RDP viewer. + </para> + </listitem> + + </orderedlist> + + </sect2> + + <sect2 id="usb-over-rdp"> + + <title>Remote USB</title> + + <para> + As a special feature additional to the VRDP support, + &product-name; also supports remote USB devices over the wire. + That is, an &product-name; guest that runs on one computer can + access the USB devices of the remote computer on which the VRDP + data is being displayed the same way as USB devices that are + connected to the actual host. This enables running of virtual + machines on an &product-name; host that acts as a server, where + a client can connect from elsewhere that needs only a network + adapter and a display capable of running an RDP viewer. When USB + devices are plugged into the client, the remote &product-name; + server can access them. + </para> + + <para> + For these remote USB devices, the same filter rules apply as for + other USB devices. See <xref linkend="settings-usb" />. All you + have to do is specify Remote, or Any, when setting up these + rules. + </para> + + <para> + Accessing remote USB devices is only possible if the RDP client + supports this extension. On Linux and Oracle Solaris hosts, the + &product-name; installation provides a suitable VRDP client + called <command>rdesktop-vrdp</command>. Recent versions of + <command>uttsc</command>, a client tailored for the use with Sun + Ray thin clients, also support accessing remote USB devices. RDP + clients for other platforms will be provided in future + &product-name; versions. + </para> + + <para> + To make a remote USB device available to a VM, + <command>rdesktop-vrdp</command> should be started as follows: + </para> + +<screen>rdesktop-vrdp -r usb -a 16 -N my.host.address</screen> + + <para> + See <xref linkend="ts_usb-linux" /> for further details on how + to properly set up the permissions for USB devices. Furthermore + it is advisable to disable automatic loading of any host driver + on the remote host which might work on USB devices to ensure + that the devices are accessible by the RDP client. If the setup + was properly done on the remote host, plug and unplug events are + visible in the VBox.log file of the VM. + </para> + + </sect2> + + <sect2 id="vbox-auth"> + + <title>RDP Authentication</title> + + <para> + For each virtual machine that is remotely accessible using RDP, + you can individually determine if and how client connections are + authenticated. For this, use the <command>VBoxManage + modifyvm</command> command with the + <option>--vrdeauthtype</option> option. See + <xref linkend="vboxmanage-modifyvm" />. The following methods of + authentication are available: + </para> + + <itemizedlist> + + <listitem> + <para> + The <emphasis role="bold">null</emphasis> method means that + there is no authentication at all. Any client can connect to + the VRDP server and thus the virtual machine. This is very + insecure and only to be recommended for private networks. + </para> + </listitem> + + <listitem> + <para> + The <emphasis role="bold">external</emphasis> method + provides external authentication through a special + authentication library. &product-name; ships with two + special authentication libraries: + </para> + + <orderedlist> + + <listitem> + <para> + The default authentication library, + <computeroutput>VBoxAuth</computeroutput>, authenticates + against user credentials of the hosts. Depending on the + host platform, this means the following: + </para> + + <itemizedlist> + + <listitem> + <para> + On Linux hosts, + <computeroutput>VBoxAuth.so</computeroutput> + authenticates users against the host's PAM system. + </para> + </listitem> + + <listitem> + <para> + On Windows hosts, + <computeroutput>VBoxAuth.dll</computeroutput> + authenticates users against the host's WinLogon + system. + </para> + </listitem> + + <listitem> + <para> + On Mac OS X hosts, + <computeroutput>VBoxAuth.dylib</computeroutput> + authenticates users against the host's directory + service. + </para> + </listitem> + + </itemizedlist> + + <para> + In other words, the external method by default performs + authentication with the user accounts that exist on the + host system. Any user with valid authentication + credentials is accepted. For example, the username does + not have to correspond to the user running the VM. + </para> + </listitem> + + <listitem> + <para> + An additional library called + <computeroutput>VBoxAuthSimple</computeroutput> performs + authentication against credentials configured in the + "extradata" section of a virtual machine's XML settings + file. This is probably the simplest way to get + authentication that does not depend on a running and + supported guest. The following steps are required: + </para> + + <orderedlist> + + <listitem> + <para> + Enable + <computeroutput>VBoxAuthSimple</computeroutput> with + the following command: + </para> + +<screen>VBoxManage setproperty vrdeauthlibrary "VBoxAuthSimple"</screen> + </listitem> + + <listitem> + <para> + To enable the library for a particular VM, you must + switch authentication to external, as follows: + </para> + +<screen>VBoxManage modifyvm "VM name" --vrdeauthtype external</screen> + + <para> + Replace <computeroutput><vm></computeroutput> + with the VM name or UUID. + </para> + </listitem> + + <listitem> + <para> + You then need to configure users and passwords by + writing items into the machine's extradata. Since + the XML machine settings file, into whose + <computeroutput>extradata</computeroutput> section + the password needs to be written, is a plain text + file, &product-name; uses hashes to encrypt + passwords. The following command must be used: + </para> + +<screen>VBoxManage setextradata "VM name" "VBoxAuthSimple/users/<user>" <hash></screen> + + <para> + Replace <computeroutput><vm></computeroutput> + with the VM name or UUID, + <computeroutput><user></computeroutput> with + the user name who should be allowed to log in and + <computeroutput><hash></computeroutput> with + the encrypted password. As an example, to obtain the + hash value for the password + <computeroutput>secret</computeroutput>, you can use + the following command: + </para> + +<screen>VBoxManage internalcommands passwordhash "secret"</screen> + + <para> + This command will generate output similar to the + following: + </para> + +<screen>2bb80d537b1da3e38bd30361aa855686bde0eacd7162fef6a25fe97bf527a25b</screen> + + <para> + You then use <command>VBoxManage + setextradata</command> to store this value in the + machine's <computeroutput>extradata</computeroutput> + section. + </para> + + <para> + As a combined example, to set the password for the + user <computeroutput>john</computeroutput> and the + machine <computeroutput>My VM</computeroutput> to + <computeroutput>secret</computeroutput>, use this + command: + </para> + +<screen>VBoxManage setextradata "My VM" "VBoxAuthSimple/users/john" + 2bb80d537b1da3e38bd30361aa855686bde0eacd7162fef6a25fe97bf527a25b</screen> + </listitem> + + </orderedlist> + </listitem> + + </orderedlist> + </listitem> + + <listitem> + <para> + The <emphasis role="bold">guest</emphasis> authentication + method performs authentication with a special component that + comes with the Guest Additions. As a result, authentication + is not performed on the host, but with the guest user + accounts. + </para> + + <para> + This method is currently still in testing and not yet + supported. + </para> + </listitem> + + </itemizedlist> + + <para> + In addition to the methods described above, you can replace the + default external authentication module with any other module. + For this, &product-name; provides a well-defined interface that + enables you to write your own authentication module. This is + described in detail in the &product-name; Software Development + Kit (SDK) reference. See <xref linkend="VirtualBoxAPI" />. + </para> + + </sect2> + + <sect2 id="vrde-crypt"> + + <title>RDP Encryption</title> + + <para> + RDP features data stream encryption, which is based on the RC4 + symmetric cipher, with keys up to 128-bit. The RC4 keys are + replaced at regular intervals, every 4096 packets. + </para> + + <para> + RDP provides the following different authentication methods: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">RDP4</emphasis> authentication was + used historically. With RDP4, the RDP client does not + perform any checks in order to verify the identity of the + server it connects to. Since user credentials can be + obtained using a man in the middle (MITM) attack, RDP4 + authentication is insecure and should generally not be used. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">RDP5.1</emphasis> authentication + employs a server certificate for which the client possesses + the public key. This way it is guaranteed that the server + possess the corresponding private key. However, as this + hard-coded private key became public some years ago, RDP5.1 + authentication is also insecure. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">RDP5.2</emphasis> authentication uses + Enhanced RDP Security, which means that an external security + protocol is used to secure the connection. RDP4 and RDP5.1 + use Standard RDP Security. The VRDP server supports Enhanced + RDP Security with TLS protocol and, as a part of TLS + handshake, sends the server certificate to the client. + </para> + + <para> + The <computeroutput>Security/Method</computeroutput> VRDE + property sets the desired security method, which is used for + a connection. Valid values are as follows: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Negotiate.</emphasis> Both + Enhanced (TLS) and Standard RDP Security connections are + allowed. The security method is negotiated with the + client. This is the default setting. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">RDP.</emphasis> Only Standard RDP + Security is accepted. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">TLS.</emphasis> Only Enhanced RDP + Security is accepted. The client must support TLS. + </para> + + <para> + The OpenSSL library version determines which versions of + TLS are supported. The &product-name; clients include at + least Version 1.1.0 of the OpenSSL library. This library + supports TLS versions 1.0, 1.1, and 1.2. Some clients + might include newer versions of the OpenSSL library and + thus support additional TLS versions. + </para> + </listitem> + + </itemizedlist> + + <para> + For example, the following command enables a client to use + either Standard or Enhanced RDP Security connection: + </para> + +<screen>vboxmanage modifyvm "VM name" --vrdeproperty "Security/Method=negotiate"</screen> + + <para> + If the <computeroutput>Security/Method</computeroutput> + property is set to either Negotiate or TLS, the TLS protocol + will be automatically used by the server, if the client + supports TLS. However, in order to use TLS the server must + possess the Server Certificate, the Server Private Key and + the Certificate Authority (CA) Certificate. The following + example shows how to generate a server certificate. + </para> + + <orderedlist> + + <listitem> + <para> + Create a CA self signed certificate. + </para> + +<screen>openssl req -new -x509 -days 365 -extensions v3_ca \ + -keyout ca_key_private.pem -out ca_cert.pem</screen> + </listitem> + + <listitem> + <para> + Generate a server private key and a request for signing. + </para> + +<screen>openssl genrsa -out server_key_private.pem +openssl req -new -key server_key_private.pem -out server_req.pem</screen> + </listitem> + + <listitem> + <para> + Generate the server certificate. + </para> + +<screen>openssl x509 -req -days 365 -in server_req.pem \ + -CA ca_cert.pem -CAkey ca_key_private.pem -set_serial 01 -out server_cert.pem</screen> + </listitem> + + </orderedlist> + + <para> + The server must be configured to access the required files. + For example: + </para> + +<screen>vboxmanage modifyvm "VM name" \ + --vrdeproperty "Security/CACertificate=path/ca_cert.pem"</screen> + +<screen>vboxmanage modifyvm "VM name" \ + --vrdeproperty "Security/ServerCertificate=path/server_cert.pem"</screen> + +<screen>vboxmanage modifyvm "VM name" \ + --vrdeproperty "Security/ServerPrivateKey=path/server_key_private.pem"</screen> + </listitem> + + </itemizedlist> + + <para> + As the client that connects to the server determines what type + of encryption will be used, with <command>rdesktop</command>, + the Linux RDP viewer, use the + <computeroutput>-4</computeroutput> or + <computeroutput>-5</computeroutput> options. + </para> + + </sect2> + + <sect2 id="vrde-multiconnection"> + + <title>Multiple Connections to the VRDP Server</title> + + <para> + The VRDP server of &product-name; supports multiple simultaneous + connections to the same running VM from different clients. All + connected clients see the same screen output and share a mouse + pointer and keyboard focus. This is similar to several people + using the same computer at the same time, taking turns at the + keyboard. + </para> + + <para> + The following command enables multiple connection mode: + </para> + +<screen>VBoxManage modifyvm "VM name" --vrdemulticon on</screen> + + </sect2> + + <sect2 id="vrde-multimonitor"> + + <title>Multiple Remote Monitors</title> + + <para> + To access two or more remote VM displays you have to enable the + VRDP multiconnection mode. See + <xref linkend="vrde-multiconnection"/>. + </para> + + <para> + The RDP client can select the virtual monitor number to connect + to using the <computeroutput>domain</computeroutput> login + parameter (<computeroutput>-d</computeroutput>). If the + parameter ends with <computeroutput>@</computeroutput> followed + by a number, &product-name; interprets this number as the screen + index. The primary guest screen is selected with + <computeroutput>@1</computeroutput>, the first secondary screen + is <computeroutput>@2</computeroutput>, and so on. + </para> + + <para> + The Microsoft RDP6 client does not let you specify a separate + domain name. Instead, enter + <computeroutput>domain\username</computeroutput> in the + <emphasis role="bold">Username</emphasis> field. For example, + <computeroutput>@2\name</computeroutput>. + <computeroutput>name</computeroutput> must be supplied, and must + be the name used to log in if the VRDP server is set up to + require credentials. If it is not, you may use any text as the + username. + </para> + + </sect2> + + <sect2 id="vrde-videochannel"> + + <title>VRDP Video Redirection</title> + + <para> + The VRDP server can redirect video streams from the guest to the + RDP client. Video frames are compressed using the JPEG algorithm + allowing a higher compression ratio than standard RDP bitmap + compression methods. It is possible to increase the compression + ratio by lowering the video quality. + </para> + + <para> + The VRDP server automatically detects video streams in a guest + as frequently updated rectangular areas. As a result, this + method works with any guest operating system without having to + install additional software in the guest. In particular, the + Guest Additions are not required. + </para> + + <para> + On the client side, however, currently only the Windows 7 Remote + Desktop Connection client supports this feature. If a client + does not support video redirection, the VRDP server falls back + to regular bitmap updates. + </para> + + <para> + The following command enables video redirection: + </para> + +<screen>VBoxManage modifyvm "VM name" --vrdevideochannel on</screen> + + <para> + The quality of the video is defined as a value from 10 to 100 + percent, representing a JPEG compression level, where lower + numbers mean lower quality but higher compression. The quality + can be changed using the following command: + </para> + +<screen>VBoxManage modifyvm "VM name" --vrdevideochannelquality 75</screen> + + </sect2> + + <sect2 id="vrde-customization"> + + <title>VRDP Customization</title> + + <para> + With &product-name; it is possible to disable display output, + mouse and keyboard input, audio, remote USB, or clipboard + individually in the VRDP server. + </para> + + <para> + The following commands change the corresponding server settings: + </para> + +<screen>VBoxManage modifyvm "VM name" --vrdeproperty Client/DisableDisplay=1 +VBoxManage modifyvm "VM name" --vrdeproperty Client/DisableInput=1 +VBoxManage modifyvm "VM name" --vrdeproperty Client/DisableUSB=1 +VBoxManage modifyvm "VM name" --vrdeproperty Client/DisableAudio=1 +VBoxManage modifyvm "VM name" --vrdeproperty Client/DisableClipboard=1 +VBoxManage modifyvm "VM name" --vrdeproperty Client/DisableUpstreamAudio=1</screen> + + <para> + To reenable a feature, use a similar command without the + trailing 1. For example: + </para> + +<screen>VBoxManage modifyvm "VM name" --vrdeproperty Client/DisableDisplay=</screen> + + </sect2> + + </sect1> + + <sect1 id="teleporting"> + + <title>Teleporting</title> + + <para> + &product-name; supports <emphasis>teleporting</emphasis>. + Teleporting is moving a virtual machine over a network from one + &product-name; host to another, while the virtual machine is + running. This works regardless of the host operating system that + is running on the hosts. You can teleport virtual machines between + Oracle Solaris and Mac OS X hosts, for example. + </para> + + <para> + Teleporting requires that a machine be currently running on one + host, which is called the <emphasis>source</emphasis>. The host to + which the virtual machine will be teleported is called the + <emphasis>target</emphasis>. The machine on the target is then + configured to wait for the source to contact the target. The + machine's running state will then be transferred from the source + to the target with minimal downtime. + </para> + + <para> + Teleporting happens over any TCP/IP network. The source and the + target only need to agree on a TCP/IP port which is specified in + the teleporting settings. + </para> + + <para> + At this time, there are a few prerequisites for this to work, as + follows: + </para> + + <itemizedlist> + + <listitem> + <para> + On the target host, you must configure a virtual machine in + &product-name; with exactly the same hardware settings as the + machine on the source that you want to teleport. This does not + apply to settings which are merely descriptive, such as the VM + name, but obviously for teleporting to work, the target + machine must have the same amount of memory and other hardware + settings. Otherwise teleporting will fail with an error + message. + </para> + </listitem> + + <listitem> + <para> + The two virtual machines on the source and the target must + share the same storage, hard disks as well as floppy disks and + CD/DVD images. This means that they either use the same iSCSI + targets or that the storage resides somewhere on the network + and both hosts have access to it using NFS or SMB/CIFS. + </para> + + <para> + This also means that neither the source nor the target machine + can have any snapshots. + </para> + </listitem> + + </itemizedlist> + + <para> + To configure teleporting, perform the following steps: + </para> + + <orderedlist> + + <listitem> + <para> + On the <emphasis>target</emphasis> host, configure the virtual + machine to wait for a teleport request to arrive when it is + started, instead of actually attempting to start the machine. + This is done with the following <command>VBoxManage</command> + command: + </para> + +<screen>VBoxManage modifyvm <targetvmname> --teleporter on --teleporterport <port></screen> + + <para> + where <computeroutput><targetvmname></computeroutput> is + the name of the virtual machine on the target host and + <computeroutput><port></computeroutput> is a TCP/IP port + number to be used on both the source and the target hosts. For + example, use 6000. See + <xref linkend="vboxmanage-modifyvm-teleport" />. + </para> + </listitem> + + <listitem> + <para> + Start the VM on the target host. Instead of running, the VM + shows a progress dialog, indicating that it is waiting for a + teleport request to arrive. + </para> + </listitem> + + <listitem> + <para> + Start the VM on the <emphasis>source</emphasis> host as usual. + When it is running and you want it to be teleported, issue the + following command on the source host: + </para> + +<screen>VBoxManage controlvm <sourcevmname> teleport --host <targethost> --port <port></screen> + + <para> + where <computeroutput><sourcevmname></computeroutput> is + the name of the virtual machine on the source host, which is + the machine that is currently running. + <computeroutput><targethost></computeroutput> is the + host or IP name of the target host on which the machine is + waiting for the teleport request, and + <computeroutput><port></computeroutput> must be the same + number as specified in the command on the target host. See + <xref linkend="vboxmanage-controlvm" />. + </para> + </listitem> + + </orderedlist> + + <para> + For testing, you can also teleport machines on the same host. In + that case, use localhost as the hostname on both the source and + the target host. + </para> + + <note> + <para> + In rare cases, if the CPUs of the source and the target are very + different, teleporting can fail with an error message, or the + target may hang. This may happen especially if the VM is running + application software that is highly optimized to run on a + particular CPU without correctly checking that certain CPU + features are actually present. &product-name; filters what CPU + capabilities are presented to the guest operating system. + Advanced users can attempt to restrict these virtual CPU + capabilities with the <computeroutput>VBoxManage modifyvm + --cpuid</computeroutput> command. See + <xref linkend="vboxmanage-modifyvm-teleport" />. + </para> + </note> + + </sect1> + +</chapter> diff --git a/doc/manual/en_US/user_Glossary.xml b/doc/manual/en_US/user_Glossary.xml new file mode 100644 index 00000000..223e5401 --- /dev/null +++ b/doc/manual/en_US/user_Glossary.xml @@ -0,0 +1,702 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glossary PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" +"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"[ +<!ENTITY % all.entities SYSTEM "all-entities.ent"> +%all.entities; +]> +<glossary id="Glossary"> + + <glossdiv> + + <title>A</title> + + <glossentry><glossterm>ACPI</glossterm> + + <glossdef> + + <para> + Advanced Configuration and Power Interface, an industry + specification for BIOS and hardware extensions to configure PC + hardware and perform power management. Windows 2000 and later, + as well as Linux 2.4 and later support ACPI. Windows can only + enable or disable ACPI support at installation time. + </para> + + </glossdef> + + </glossentry> + + <glossentry><glossterm>AHCI</glossterm> + + <glossdef> + + <para> + Advanced Host Controller Interface, the interface that + supports SATA devices such as hard disks. See + <xref + linkend="harddiskcontrollers" />. + </para> + + </glossdef> + + </glossentry> + + <glossentry><glossterm>AMD-V</glossterm> + + <glossdef> + + <para> + The hardware virtualization features built into modern AMD + processors. See <xref linkend="hwvirt" />. + </para> + + </glossdef> + + </glossentry> + + <glossentry><glossterm>API</glossterm> + + <glossdef> + + <para> + Application Programming Interface. + </para> + + </glossdef> + + </glossentry> + + <glossentry><glossterm>APIC</glossterm> + + <glossdef> + + <para> + Advanced Programmable Interrupt Controller, a newer version of + the original PC PIC (programmable interrupt controller). Most + modern CPUs contain an on-chip APIC, called a local APIC. Many + systems also contain an I/O APIC (input output APIC) as a + separate chip which provides more than 16 IRQs. Windows 2000 + and later use a different kernel if they detect an I/O APIC + during installation. Therefore, an I/O APIC must not be + removed after installation. + </para> + + </glossdef> + + </glossentry> + + <glossentry><glossterm>ATA</glossterm> + + <glossdef> + + <para> + Advanced Technology Attachment, an industry standard for hard + disk interfaces which is synonymous with IDE. See + <xref + linkend="harddiskcontrollers" />. + </para> + + </glossdef> + + </glossentry> + + </glossdiv> + + <glossdiv> + + <title>B</title> + + <glossentry><glossterm>BIOS</glossterm> + + <glossdef> + + <para> + Basic Input/Output System, the firmware built into most + personal computers which is responsible of initializing the + hardware after the computer has been turned on and then + booting an operating system. &product-name; ships with its own + virtual BIOS that runs when a virtual machine is started. + </para> + + </glossdef> + + </glossentry> + + </glossdiv> + + <glossdiv> + + <title>C</title> + + <glossentry><glossterm>COM</glossterm> + + <glossdef> + + <para> + Microsoft Component Object Model, a programming infrastructure + for modular software. COM enables applications to provide + application programming interfaces which can be accessed from + various other programming languages and applications. + &product-name; makes use of COM both internally and externally to + provide a comprehensive API to 3rd party developers. + </para> + + </glossdef> + + </glossentry> + + </glossdiv> + + <glossdiv> + + <title>D</title> + + <glossentry><glossterm>DHCP</glossterm> + + <glossdef> + + <para> + Dynamic Host Configuration Protocol. This enables a networking + device in a network to acquire its IP address and other + networking details automatically, in order to avoid having to + configure all devices in a network with fixed IP addresses. + &product-name; has a built-in DHCP server that delivers an IP + addresses to a virtual machine when networking is configured + to NAT. See <xref + linkend="networkingdetails" />. + </para> + + </glossdef> + + </glossentry> + + </glossdiv> + + <glossdiv> + + <title>E</title> + + <glossentry><glossterm>EFI</glossterm> + + <glossdef> + + <para> + Extensible Firmware Interface, a firmware built into computers + which is designed to replace the aging BIOS. Originally + designed by Intel, most modern operating systems can now boot + on computers which have EFI instead of a BIOS built into them. + See <xref + linkend="efi" />. + </para> + + </glossdef> + + </glossentry> + + <glossentry><glossterm>EHCI</glossterm> + + <glossdef> + + <para> + Enhanced Host Controller Interface, the interface that + implements the USB 2.0 standard. + </para> + + </glossdef> + + </glossentry> + + </glossdiv> + + <glossdiv> + + <title>G</title> + + <glossentry><glossterm>GUI</glossterm> + + <glossdef> + + <para> + Graphical User Interface. Commonly used as an antonym to a + "command line interface". In the context of &product-name;, we + sometimes refer to the main graphical + <computeroutput>VirtualBox</computeroutput> program as the + "GUI", to differentiate it from the + <command>VBoxManage</command> interface. + </para> + + </glossdef> + + </glossentry> + + <glossentry><glossterm>GUID</glossterm> + + <glossdef> + + <para> + See UUID. + </para> + + </glossdef> + + </glossentry> + + </glossdiv> + + <glossdiv> + + <title>I</title> + + <glossentry><glossterm>IDE</glossterm> + + <glossdef> + + <para> + Integrated Drive Electronics, an industry standard for hard + disk interfaces. See <xref linkend="harddiskcontrollers" />. + </para> + + </glossdef> + + </glossentry> + + <glossentry><glossterm>I/O APIC</glossterm> + + <glossdef> + + <para> + See APIC. + </para> + + </glossdef> + + </glossentry> + + <glossentry><glossterm>iSCSI</glossterm> + + <glossdef> + + <para> + Internet SCSI. See <xref linkend="storage-iscsi" />. + </para> + + </glossdef> + + </glossentry> + + </glossdiv> + + <glossdiv> + + <title>M</title> + + <glossentry><glossterm>MAC</glossterm> + + <glossdef> + + <para> + Media Access Control, a part of an Ethernet network card. A + MAC address is a 6-byte number which identifies a network + card. It is typically written in hexadecimal notation where + the bytes are separated by colons, such as + <computeroutput>00:17:3A:5E:CB:08</computeroutput>. + </para> + + </glossdef> + + </glossentry> + + <glossentry><glossterm>MSI</glossterm> + + <glossdef> + + <para> + Message Signaled Interrupts, as supported by modern chipsets + such as the ICH9. See <xref linkend="settings-motherboard" />. + As opposed to traditional pin-based interrupts, with MSI, a + small amount of data can accompany the actual interrupt + message. This reduces the amount of hardware pins required and + allows for more interrupts and better performance. + </para> + + </glossdef> + + </glossentry> + + </glossdiv> + + <glossdiv> + + <title>N</title> + + <glossentry><glossterm>NAT</glossterm> + + <glossdef> + + <para> + Network Address Translation. A technique to share networking + interfaces by which an interface modifies the source and/or + target IP addresses of network packets according to specific + rules. Commonly employed by routers and firewalls to shield an + internal network from the Internet, &product-name; can use NAT to + easily share a host's physical networking hardware with its + virtual machines. See <xref + linkend="network_nat" />. + </para> + + </glossdef> + + </glossentry> + + </glossdiv> + + <glossdiv> + + <title>O</title> + + <glossentry><glossterm>OVF</glossterm> + + <glossdef> + + <para> + Open Virtualization Format, a cross-platform industry standard + to exchange virtual appliances between virtualization + products. See <xref linkend="ovf" />. + </para> + + </glossdef> + + </glossentry> + + </glossdiv> + + <glossdiv> + + <title>P</title> + + <glossentry><glossterm>PAE</glossterm> + + <glossdef> + + <para> + Physical Address Extension. This enables access to more than 4 + GB of RAM, even in 32-bit environments. See + <xref + linkend="settings-general-advanced" />. + </para> + + </glossdef> + + </glossentry> + + <glossentry><glossterm>PIC</glossterm> + + <glossdef> + + <para> + See APIC. + </para> + + </glossdef> + + </glossentry> + + <glossentry><glossterm>PXE</glossterm> + + <glossdef> + + <para> + Preboot Execution Environment, an industry standard for + booting PC systems from remote network locations. It includes + DHCP for IP configuration and TFTP for file transfer. Using + UNDI, a hardware independent driver stack for accessing the + network card from bootstrap code is available. + </para> + + </glossdef> + + </glossentry> + + </glossdiv> + + <glossdiv> + + <title>R</title> + + <glossentry><glossterm>RDP</glossterm> + + <glossdef> + + <para> + Remote Desktop Protocol, a protocol developed by Microsoft as + an extension to the ITU T.128 and T.124 video conferencing + protocol. With RDP, a PC system can be controlled from a + remote location using a network connection over which data is + transferred in both directions. Typically graphics updates and + audio are sent from the remote machine and keyboard and mouse + input events are sent from the client. An &product-name; extension + package by Oracle provides VRDP, an enhanced implementation of + the relevant standards which is largely compatible with + Microsoft's RDP implementation. See <xref linkend="vrde" /> + for details. + </para> + + </glossdef> + + </glossentry> + + </glossdiv> + + <glossdiv> + + <title>S</title> + + <glossentry><glossterm>SAS</glossterm> + + <glossdef> + + <para> + Serial Attached SCSI, an industry standard for hard disk + interfaces. See <xref linkend="harddiskcontrollers" />. + </para> + + </glossdef> + + </glossentry> + + <glossentry><glossterm>SATA</glossterm> + + <glossdef> + + <para> + Serial ATA, an industry standard for hard disk interfaces. See + <xref linkend="harddiskcontrollers" />. + </para> + + </glossdef> + + </glossentry> + + <glossentry><glossterm>SCSI</glossterm> + + <glossdef> + + <para> + Small Computer System Interface. An industry standard for data + transfer between devices, especially for storage. See + <xref + linkend="harddiskcontrollers" />. + </para> + + </glossdef> + + </glossentry> + + <glossentry><glossterm>SMP</glossterm> + + <glossdef> + + <para> + Symmetrical Multiprocessing, meaning that the resources of a + computer are shared between several processors. These can + either be several processor chips or, as is more common with + modern hardware, multiple CPU cores in one processor. + </para> + + </glossdef> + + </glossentry> + + <glossentry><glossterm>SSD</glossterm> + + <glossdef> + + <para> + Solid-state drive, uses microchips for storing data in a + computer system. Compared to classical hard-disks they are + having no mechanical components like spinning disks. + </para> + + </glossdef> + + </glossentry> + + </glossdiv> + + <glossdiv> + + <title>T</title> + + <glossentry><glossterm>TAR</glossterm> + + <glossdef> + + <para> + A widely used file format for archiving. Originally, this + stood for Tape ARchive and was already supported by very early + UNIX versions for backing up data on tape. The file format is + still widely used today. For example, with OVF archives using + an <computeroutput>.ova</computeroutput> file extension. See + <xref + linkend="ovf" />. + </para> + + </glossdef> + + </glossentry> + + </glossdiv> + + <glossdiv> + + <title>U</title> + + <glossentry><glossterm>UUID</glossterm> + + <glossdef> + + <para> + A Universally Unique Identifier, often also called GUID + (Globally Unique Identifier). A UUID is a string of numbers + and letters which can be computed dynamically and is + guaranteed to be unique. Generally, it is used as a global + handle to identify entities. &product-name; makes use of UUIDs to + identify VMs, Virtual Disk Images (VDI files), and other + entities. + </para> + + </glossdef> + + </glossentry> + + </glossdiv> + + <glossdiv> + + <title>V</title> + + <glossentry><glossterm>VM</glossterm> + + <glossdef> + + <para> + Virtual Machine. A virtual computer that &product-name; enables + you to run on top of your actual hardware. See + <xref + linkend="virtintro" /> for details. + </para> + + </glossdef> + + </glossentry> + + <glossentry><glossterm>VMM</glossterm> + + <glossdef> + + <para> + Virtual Machine Manager. The component of &product-name; that + controls VM execution. See + <xref linkend="technical-components" /> for a list of + &product-name; components. + </para> + + </glossdef> + + </glossentry> + + <glossentry><glossterm>VRDE</glossterm> + + <glossdef> + + <para> + VirtualBox Remote Desktop Extension. This interface is built + into &product-name; to allow &product-name; extension packages to + supply remote access to virtual machines. An &product-name; + extension package by Oracle provides VRDP support. See + <xref linkend="vrde" />. + </para> + + </glossdef> + + </glossentry> + + <glossentry><glossterm>VRDP</glossterm> + + <glossdef> + + <para> + See RDP. + </para> + + </glossdef> + + </glossentry> + + <glossentry><glossterm>VT-x</glossterm> + + <glossdef> + + <para> + The hardware virtualization features built into modern Intel + processors. See <xref linkend="hwvirt" />. + </para> + + </glossdef> + + </glossentry> + + </glossdiv> + + <glossdiv> + + <title>X</title> + + <glossentry><glossterm>xHCI</glossterm> + + <glossdef> + + <para> + eXtended Host Controller Interface, the interface that + implements the USB 3.0 standard. + </para> + + </glossdef> + + </glossentry> + + <glossentry><glossterm>XML</glossterm> + + <glossdef> + + <para> + The eXtensible Markup Language, a metastandard for all kinds + of textual information. XML only specifies how data in the + document is organized generally and does not prescribe how to + semantically organize content. + </para> + + </glossdef> + + </glossentry> + + <glossentry><glossterm>XPCOM</glossterm> + + <glossdef> + + <para> + Mozilla Cross Platform Component Object Model, a programming + infrastructure developed by the Mozilla browser project which + is similar to Microsoft COM and enables applications to + provide a modular programming interface. &product-name; makes use + of XPCOM on Linux both internally and externally to provide a + comprehensive API to third-party developers. + </para> + + </glossdef> + + </glossentry> + + </glossdiv> + +</glossary> diff --git a/doc/manual/en_US/user_GuestAdditions.xml b/doc/manual/en_US/user_GuestAdditions.xml new file mode 100644 index 00000000..71a7946e --- /dev/null +++ b/doc/manual/en_US/user_GuestAdditions.xml @@ -0,0 +1,2434 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" +"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"[ +<!ENTITY % all.entities SYSTEM "all-entities.ent"> +%all.entities; +]> +<chapter id="guestadditions"> + + <title>Guest Additions</title> + + <para> + The previous chapter covered getting started with &product-name; and + installing operating systems in a virtual machine. For any serious + and interactive use, the &product-name; Guest Additions will make + your life much easier by providing closer integration between host + and guest and improving the interactive performance of guest + systems. This chapter describes the Guest Additions in detail. + </para> + + <sect1 id="guestadd-intro"> + + <title>Introduction to Guest Additions</title> + + <para> + As mentioned in <xref linkend="virtintro" />, the Guest Additions + are designed to be installed <emphasis>inside</emphasis> a virtual + machine after the guest operating system has been installed. They + consist of device drivers and system applications that optimize + the guest operating system for better performance and usability. + See <xref linkend="guestossupport" /> for details on what guest + operating systems are fully supported with Guest Additions by + &product-name;. + </para> + + <para> + The &product-name; Guest Additions for all supported guest + operating systems are provided as a single CD-ROM image file which + is called <computeroutput>VBoxGuestAdditions.iso</computeroutput>. + This image file is located in the installation directory of + &product-name;. To install the Guest Additions for a particular + VM, you mount this ISO file in your VM as a virtual CD-ROM and + install from there. + </para> + + <para> + The Guest Additions offer the following features: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Mouse pointer integration</emphasis>. To + overcome the limitations for mouse support described in + <xref linkend="keyb_mouse_normal" />, this feature provides + you with seamless mouse support. You will only have one mouse + pointer and pressing the Host key is no longer required to + "free" the mouse from being captured by the guest OS. To make + this work, a special mouse driver is installed in the guest + that communicates with the "real" mouse driver on your host + and moves the guest mouse pointer accordingly. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Shared folders.</emphasis> These provide + an easy way to exchange files between the host and the guest. + Much like ordinary Windows network shares, you can tell + &product-name; to treat a certain host directory as a shared + folder, and &product-name; will make it available to the guest + operating system as a network share, irrespective of whether + guest actually has a network. See + <xref + linkend="sharedfolders" />. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Better video support.</emphasis> While + the virtual graphics card which &product-name; emulates for + any guest operating system provides all the basic features, + the custom video drivers that are installed with the Guest + Additions provide you with extra high and non-standard video + modes, as well as accelerated video performance. + </para> + + <para> + In addition, with Windows, Linux, and Oracle Solaris guests, + you can resize the virtual machine's window if the Guest + Additions are installed. The video resolution in the guest + will be automatically adjusted, as if you had manually entered + an arbitrary resolution in the guest's + <emphasis role="bold">Display</emphasis> settings. See + <xref linkend="intro-resize-window" />. + </para> + + <para> + If the Guest Additions are installed, 3D graphics and 2D video + for guest applications can be accelerated. See + <xref linkend="guestadd-video" />. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Seamless windows.</emphasis> With this + feature, the individual windows that are displayed on the + desktop of the virtual machine can be mapped on the host's + desktop, as if the underlying application was actually running + on the host. See <xref linkend="seamlesswindows" />. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Generic host/guest communication + channels.</emphasis> The Guest Additions enable you to control + and monitor guest execution. The "guest properties" provide a + generic string-based mechanism to exchange data bits between a + guest and a host, some of which have special meanings for + controlling and monitoring the guest. See + <xref linkend="guestadd-guestprops" />. + </para> + + <para> + Additionally, applications can be started in a guest from the + host. See <xref linkend="guestadd-guestcontrol" />. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Time synchronization.</emphasis> With + the Guest Additions installed, &product-name; can ensure that + the guest's system time is better synchronized with that of + the host. + </para> + + <para> + For various reasons, the time in the guest might run at a + slightly different rate than the time on the host. The host + could be receiving updates through NTP and its own time might + not run linearly. A VM could also be paused, which stops the + flow of time in the guest for a shorter or longer period of + time. When the wall clock time between the guest and host only + differs slightly, the time synchronization service attempts to + gradually and smoothly adjust the guest time in small + increments to either "catch up" or "lose" time. When the + difference is too great, for example if a VM paused for hours + or restored from saved state, the guest time is changed + immediately, without a gradual adjustment. + </para> + + <para> + The Guest Additions will resynchronize the time regularly. See + <xref linkend="changetimesync" /> for how to configure the + parameters of the time synchronization mechanism. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Shared clipboard.</emphasis> With the + Guest Additions installed, the clipboard of the guest + operating system can optionally be shared with your host + operating system. See <xref linkend="generalsettings" />. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Automated logins.</emphasis> Also called + credentials passing. See <xref linkend="autologon" />. + </para> + </listitem> + + </itemizedlist> + + <para> + Each version of &product-name;, even minor releases, ship with + their own version of the Guest Additions. While the interfaces + through which the &product-name; core communicates with the Guest + Additions are kept stable so that Guest Additions already + installed in a VM should continue to work when &product-name; is + upgraded on the host, for best results, it is recommended to keep + the Guest Additions at the same version. + </para> + + <para> + The Windows and Linux Guest Additions therefore check + automatically whether they have to be updated. If the host is + running a newer &product-name; version than the Guest Additions, a + notification with further instructions is displayed in the guest. + </para> + + <para> + To disable this update check for the Guest Additions of a given + virtual machine, set the value of its + <computeroutput>/VirtualBox/GuestAdd/CheckHostVersion</computeroutput> + guest property to <computeroutput>0</computeroutput>. See + <xref + linkend="guestadd-guestprops" />. + </para> + + </sect1> + + <sect1 id="guestadd-install"> + + <title>Installing and Maintaining Guest Additions</title> + + <para> + Guest Additions are available for virtual machines running + Windows, Linux, Oracle Solaris, or OS/2. The following sections + describe the specifics of each variant in detail. + </para> + + <sect2 id="additions-windows"> + + <title>Guest Additions for Windows</title> + + <para> + The &product-name; Windows Guest Additions are designed to be + installed in a virtual machine running a Windows operating + system. The following versions of Windows guests are supported: + </para> + + <itemizedlist> + + <listitem> + <para> + Microsoft Windows NT 4.0 (any service pack) + </para> + </listitem> + + <listitem> + <para> + Microsoft Windows 2000 (any service pack) + </para> + </listitem> + + <listitem> + <para> + Microsoft Windows XP (any service pack) + </para> + </listitem> + + <listitem> + <para> + Microsoft Windows Server 2003 (any service pack) + </para> + </listitem> + + <listitem> + <para> + Microsoft Windows Server 2008 + </para> + </listitem> + + <listitem> + <para> + Microsoft Windows Vista (all editions) + </para> + </listitem> + + <listitem> + <para> + Microsoft Windows 7 (all editions) + </para> + </listitem> + + <listitem> + <para> + Microsoft Windows 8 (all editions) + </para> + </listitem> + + <listitem> + <para> + Microsoft Windows 10 RTM build 10240 + </para> + </listitem> + + <listitem> + <para> + Microsoft Windows Server 2012 + </para> + </listitem> + + </itemizedlist> + + <sect3 id="mountingadditionsiso"> + + <title>Installing the Windows Guest Additions</title> + + <para> + In the <emphasis role="bold">Devices</emphasis> menu in the + virtual machine's menu bar, &product-name; has a menu item + <emphasis role="bold">Insert Guest Additions CD + Image</emphasis>, which mounts the Guest Additions ISO file + inside your virtual machine. A Windows guest should then + automatically start the Guest Additions installer, which + installs the Guest Additions on your Windows guest. + </para> + + <para> + For other guest operating systems, or if automatic start of + software on a CD is disabled, you need to do a manual start of + the installer. + </para> + + <note> + <para> + For the basic Direct3D acceleration to work in a Windows + guest, you have to install the WDDM video driver available + for Windows Vista or later. + </para> + + <para> + For Windows 8 and later, only the WDDM Direct3D video driver + is available. For basic Direct3D acceleration to work in + Windows XP guests, you have to install the Guest Additions + in Safe Mode. See <xref linkend="KnownIssues" /> for + details. + </para> + </note> + + <para> + If you prefer to mount the Guest Additions manually, you can + perform the following steps: + </para> + + <orderedlist> + + <listitem> + <para> + Start the virtual machine in which you have installed + Windows. + </para> + </listitem> + + <listitem> + <para> + Select <emphasis role="bold">Mount CD/DVD-ROM</emphasis> + from the <emphasis role="bold">Devices</emphasis> menu in + the virtual machine's menu bar and then + <emphasis role="bold">CD/DVD-ROM Image</emphasis>. This + displays the Virtual Media Manager, described in + <xref + linkend="vdis" />. + </para> + </listitem> + + <listitem> + <para> + In the Virtual Media Manager, click + <emphasis role="bold">Add</emphasis> and browse your host + file system for the + <computeroutput>VBoxGuestAdditions.iso</computeroutput> + file. + </para> + + <itemizedlist> + + <listitem> + <para> + On a Windows host, this file is in the &product-name; + installation directory, usually in + <computeroutput>C:\Program + files\Oracle\VirtualBox</computeroutput>. + </para> + </listitem> + + <listitem> + <para> + On Mac OS X hosts, this file is in the application + bundle of &product-name;. Right-click on the + &product-name; icon in Finder and choose + <emphasis role="bold">Show Package + Contents</emphasis>. The file is located in the + <computeroutput>Contents/MacOS</computeroutput> + folder. + </para> + </listitem> + + <listitem> + <para> + On a Linux host, this file is in the + <computeroutput>additions</computeroutput> folder + where you installed &product-name;, usually + <computeroutput>/opt/VirtualBox/</computeroutput>. + </para> + </listitem> + + <listitem> + <para> + On Oracle Solaris hosts, this file is in the + <computeroutput>additions</computeroutput> folder + where you installed &product-name;, usually + <computeroutput>/opt/VirtualBox</computeroutput>. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + In the Virtual Media Manager, select the ISO file and + click <emphasis role="bold">Select</emphasis> button. This + mounts the ISO file and presents it to your Windows guest + as a CD-ROM. + </para> + </listitem> + + </orderedlist> + + <para> + Unless you have the Autostart feature disabled in your Windows + guest, Windows will now autostart the &product-name; Guest + Additions installation program from the Additions ISO. If the + Autostart feature has been turned off, choose + <computeroutput>VBoxWindowsAdditions.exe</computeroutput> from + the CD/DVD drive inside the guest to start the installer. + </para> + + <para> + The installer will add several device drivers to the Windows + driver database and then invoke the hardware detection wizard. + </para> + + <para> + Depending on your configuration, it might display warnings + that the drivers are not digitally signed. You must confirm + these in order to continue the installation and properly + install the Additions. + </para> + + <para> + After installation, reboot your guest operating system to + activate the Additions. + </para> + + </sect3> + + <sect3 id="additions-windows-updating"> + + <title>Updating the Windows Guest Additions</title> + + <para> + Windows Guest Additions can be updated by running the + installation program again. This replaces the previous + Additions drivers with updated versions. + </para> + + <para> + Alternatively, you can also open the Windows Device Manager + and select <emphasis role="bold">Update Driver...</emphasis> + for the following devices: + </para> + + <orderedlist> + + <listitem> + <para> + &product-name; Graphics Adapter + </para> + </listitem> + + <listitem> + <para> + &product-name; System Device + </para> + </listitem> + + </orderedlist> + + <para> + For each, choose the option to provide your own driver, click + <emphasis role="bold">Have Disk</emphasis> and navigate to the + CD-ROM drive with the Guest Additions. + </para> + + </sect3> + + <sect3 id="additions-windows-install-unattended"> + + <title>Unattended Installation</title> + + <para> + To avoid popups when performing an unattended installation of + the &product-name; Guest Additions, the code signing + certificates used to sign the drivers needs to be installed in + the correct certificate stores on the guest operating system. + Failure to do this will cause a typical Windows installation + to display multiple dialogs asking whether you want to install + a particular driver. + </para> + + <note> + <para> + On some Windows versions, such as Windows 2000 and Windows + XP, the user intervention popups mentioned above are always + displayed, even after importing the Oracle certificates. + </para> + </note> + + <para> + Installing the code signing certificates on a Windows guest + can be done automatically. Use the + <computeroutput>VBoxCertUtil.exe</computeroutput> utility from + the <computeroutput>cert</computeroutput> folder on the Guest + Additions installation CD. + </para> + + <para> + Use the following steps: + </para> + + <orderedlist> + + <listitem> + <para> + Log in as Administrator on the guest. + </para> + </listitem> + + <listitem> + <para> + Mount the &product-name; Guest Additions .ISO. + </para> + </listitem> + + <listitem> + <para> + Open a command line window on the guest and change to the + <computeroutput>cert</computeroutput> folder on the + &product-name; Guest Additions CD. + </para> + </listitem> + + <listitem> + <para> + Run the following command: + </para> + +<screen>VBoxCertUtil.exe add-trusted-publisher vbox*.cer --root vbox*.cer</screen> + + <para> + This command installs the certificates to the certificate + store. When installing the same certificate more than + once, an appropriate error will be displayed. + </para> + </listitem> + + </orderedlist> + + <para> + To allow for completely unattended guest installations, you + can specify a command line parameter to the install launcher: + </para> + +<screen>VBoxWindowsAdditions.exe /S</screen> + + <para> + This automatically installs the right files and drivers for + the corresponding platform, either 32-bit or 64-bit. + </para> + + <note> + <para> + By default on an unattended installation on a Vista or + Windows 7 guest, there will be the XPDM graphics driver + installed. This graphics driver does not support Windows + Aero / Direct3D on the guest. Instead, the WDDM graphics + driver needs to be installed. To select this driver by + default, add the command line parameter + <computeroutput>/with_wddm</computeroutput> when invoking + the Windows Guest Additions installer. This is only required + for Vista and Windows 7. + </para> + </note> + + <note> + <para> + For Windows Aero to run correctly on a guest, the guest's + VRAM size needs to be configured to at least 128 MB. + </para> + </note> + + <para> + For more options regarding unattended guest installations, + consult the command line help by using the command: + </para> + +<screen>VBoxWindowsAdditions.exe /?</screen> + + </sect3> + + <sect3 id="windows-guest-file-extraction"> + + <title>Manual File Extraction</title> + + <para> + If you would like to install the files and drivers manually, + you can extract the files from the Windows Guest Additions + setup as follows: + </para> + +<screen>VBoxWindowsAdditions.exe /extract</screen> + + <para> + To explicitly extract the Windows Guest Additions for another + platform than the current running one, such as 64-bit files on + a 32-bit system, you must use the appropriate platform + installer. Use + <computeroutput>VBoxWindowsAdditions-x86.exe</computeroutput> + or + <computeroutput>VBoxWindowsAdditions-amd64.exe</computeroutput> + with the <computeroutput>/extract</computeroutput> parameter. + </para> + + </sect3> + + </sect2> + + <sect2 id="additions-linux"> + + <title>Guest Additions for Linux</title> + + <para> + Like the Windows Guest Additions, the &product-name; Guest + Additions for Linux are a set of device drivers and system + applications which may be installed in the guest operating + system. + </para> + + <para> + The following Linux distributions are officially supported: + </para> + + <itemizedlist> + + <listitem> + <para> + Oracle Linux as of version 5, including UEK kernels + </para> + </listitem> + + <listitem> + <para> + Fedora as of Fedora Core 4 + </para> + </listitem> + + <listitem> + <para> + Redhat Enterprise Linux as of version 3 + </para> + </listitem> + + <listitem> + <para> + SUSE and openSUSE Linux as of version 9 + </para> + </listitem> + + <listitem> + <para> + Ubuntu as of version 5.10 + </para> + </listitem> + + </itemizedlist> + + <para> + Many other distributions are known to work with the Guest + Additions. + </para> + + <para> + The version of the Linux kernel supplied by default in SUSE and + openSUSE 10.2, Ubuntu 6.10 (all versions) and Ubuntu 6.06 + (server edition) contains a bug which can cause it to crash + during startup when it is run in a virtual machine. The Guest + Additions work in those distributions. + </para> + + <para> + Note that some Linux distributions already come with all or part + of the &product-name; Guest Additions. You may choose to keep + the distribution's version of the Guest Additions but these are + often not up to date and limited in functionality, so we + recommend replacing them with the Guest Additions that come with + &product-name;. The &product-name; Linux Guest Additions + installer tries to detect an existing installation and replace + them but depending on how the distribution integrates the Guest + Additions, this may require some manual interaction. It is + highly recommended to take a snapshot of the virtual machine + before replacing preinstalled Guest Additions. + </para> + + <sect3 id="additions-linux-install"> + + <title>Installing the Linux Guest Additions</title> + + <para> + The &product-name; Guest Additions for Linux are provided on + the same virtual CD-ROM file as the Guest Additions for + Windows. See <xref linkend="mountingadditionsiso"/>. They also + come with an installation program that guides you through the + setup process. However, due to the significant differences + between Linux distributions, installation may be slightly more + complex when compared to Windows. + </para> + + <para> + Installation generally involves the following steps: + </para> + + <orderedlist> + + <listitem> + <para> + Before installing the Guest Additions, you prepare your + guest system for building external kernel modules. This + works as described in + <xref linkend="externalkernelmodules" />, except that this + step must be performed in your Linux + <emphasis>guest</emphasis> instead of on a Linux host + system. + </para> + + <para> + If you suspect that something has gone wrong, check that + your guest is set up correctly and run the following + command as root: + </para> + +<screen>rcvboxadd setup</screen> + </listitem> + + <listitem> + <para> + Insert the + <computeroutput>VBoxGuestAdditions.iso</computeroutput> CD + file into your Linux guest's virtual CD-ROM drive, as + described for a Windows guest in + <xref linkend="mountingadditionsiso" />. + </para> + </listitem> + + <listitem> + <para> + Change to the directory where your CD-ROM drive is mounted + and run the following command as root: + </para> + +<screen>sh ./VBoxLinuxAdditions.run</screen> + </listitem> + + </orderedlist> + + </sect3> + + <sect3 id="additions-linux-graphics-mouse"> + + <title>Graphics and Mouse Integration</title> + + <para> + In Linux and Oracle Solaris guests, &product-name; graphics + and mouse integration goes through the X Window System. + &product-name; can use the X.Org variant of the system, or + XFree86 version 4.3 which is identical to the first X.Org + release. During the installation process, the X.Org display + server will be set up to use the graphics and mouse drivers + which come with the Guest Additions. + </para> + + <para> + After installing the Guest Additions into a fresh installation + of a supported Linux distribution or Oracle Solaris system, + many unsupported systems will work correctly too, the guest's + graphics mode will change to fit the size of the + &product-name; window on the host when it is resized. You can + also ask the guest system to switch to a particular resolution + by sending a video mode hint using the + <command>VBoxManage</command> tool. + </para> + + <para> + Multiple guest monitors are supported in guests using the + X.Org server version 1.3, which is part of release 7.3 of the + X Window System version 11, or a later version. The layout of + the guest screens can be adjusted as needed using the tools + which come with the guest operating system. + </para> + + <para> + If you want to understand more about the details of how the + X.Org drivers are set up, in particular if you wish to use + them in a setting which our installer does not handle + correctly, see <xref linkend="guestxorgsetup" />. + </para> + + </sect3> + + <sect3 id="additions-linux-updating"> + + <title>Updating the Linux Guest Additions</title> + + <para> + The Guest Additions can simply be updated by going through the + installation procedure again with an updated CD-ROM image. + This will replace the drivers with updated versions. You + should reboot after updating the Guest Additions. + </para> + + </sect3> + + <sect3 id="additions-linux-uninstall"> + + <title>Uninstalling the Linux Guest Additions</title> + + <para> + If you have a version of the Guest Additions installed on your + virtual machine and wish to remove it without installing new + ones, you can do so by inserting the Guest Additions CD image + into the virtual CD-ROM drive as described above. Then run the + installer for the current Guest Additions with the + <computeroutput>uninstall</computeroutput> parameter from the + path that the CD image is mounted on in the guest, as follows: + </para> + +<screen>sh ./VBoxLinuxAdditions.run uninstall</screen> + + <para> + While this will normally work without issues, you may need to + do some manual cleanup of the guest in some cases, especially + of the XFree86Config or xorg.conf file. In particular, if the + Additions version installed or the guest operating system were + very old, or if you made your own changes to the Guest + Additions setup after you installed them. + </para> + + <para> + You can uninstall the Additions as follows: + </para> + +<screen>/opt/VBoxGuestAdditions-<replaceable>version</replaceable>/uninstall.sh</screen> + + <para> + Replace + <computeroutput>/opt/VBoxGuestAdditions-<replaceable>version</replaceable></computeroutput> + with the correct Guest Additions installation directory. + </para> + + </sect3> + + </sect2> + + <sect2 id="additions-solaris"> + + <title>Guest Additions for Oracle Solaris</title> + + <para> + Like the Windows Guest Additions, the &product-name; Guest + Additions for Oracle Solaris take the form of a set of device + drivers and system applications which may be installed in the + guest operating system. + </para> + + <para> + The following Oracle Solaris distributions are officially + supported: + </para> + + <itemizedlist> + + <listitem> + <para> + Oracle Solaris 11, including Oracle Solaris 11 Express + </para> + </listitem> + + <listitem> + <para> + Oracle Solaris 10 4/08 and later + </para> + </listitem> + + </itemizedlist> + + <para> + Other distributions may work if they are based on comparable + software releases. + </para> + + <sect3 id="additions-solaris-install"> + + <title>Installing the Oracle Solaris Guest Additions</title> + + <para> + The &product-name; Guest Additions for Oracle Solaris are + provided on the same ISO CD-ROM as the Additions for Windows + and Linux. They come with an installation program that guides + you through the setup process. + </para> + + <para> + Installation involves the following steps: + </para> + + <orderedlist> + + <listitem> + <para> + Mount the + <computeroutput>VBoxGuestAdditions.iso</computeroutput> + file as your Oracle Solaris guest's virtual CD-ROM drive, + exactly the same way as described for a Windows guest in + <xref + linkend="mountingadditionsiso" />. + </para> + + <para> + If the CD-ROM drive on the guest does not get mounted, as + seen with some versions of Oracle Solaris 10, run the + following command as root: + </para> + +<screen>svcadm restart volfs</screen> + </listitem> + + <listitem> + <para> + Change to the directory where your CD-ROM drive is mounted + and run the following command as root: + </para> + +<screen>pkgadd -G -d ./VBoxSolarisAdditions.pkg</screen> + </listitem> + + <listitem> + <para> + Choose <emphasis role="bold">1</emphasis> and confirm + installation of the Guest Additions package. After the + installation is complete, log out and log in to X server + on your guest, to activate the X11 Guest Additions. + </para> + </listitem> + + </orderedlist> + + </sect3> + + <sect3 id="additions-solaris-uninstall"> + + <title>Uninstalling the Oracle Solaris Guest Additions</title> + + <para> + The Oracle Solaris Guest Additions can be safely removed by + removing the package from the guest. Open a root terminal + session and run the following command: + </para> + +<screen>pkgrm SUNWvboxguest</screen> + + </sect3> + + <sect3 id="additions-solaris-updating"> + + <title>Updating the Oracle Solaris Guest Additions</title> + + <para> + The Guest Additions should be updated by first uninstalling + the existing Guest Additions and then installing the new ones. + Attempting to install new Guest Additions without removing the + existing ones is not possible. + </para> + + </sect3> + + </sect2> + + <sect2 id="additions-os2"> + + <title>Guest Additions for OS/2</title> + + <para> + &product-name; also ships with a set of drivers that improve + running OS/2 in a virtual machine. Due to restrictions of OS/2 + itself, this variant of the Guest Additions has a limited + feature set. See <xref + linkend="KnownIssues" /> for + details. + </para> + + <para> + The OS/2 Guest Additions are provided on the same ISO CD-ROM as + those for the other platforms. Mount the ISO in OS/2 as + described previously. The OS/2 Guest Additions are located in + the directory <computeroutput>\OS2</computeroutput>. + </para> + + <para> + We do not provide an automatic installer at this time. See the + <computeroutput>readme.txt</computeroutput> file in the CD-ROM + directory, which describes how to install the OS/2 Guest + Additions manually. + </para> + + </sect2> + + </sect1> + + <sect1 id="sharedfolders"> + + <title>Shared Folders</title> + + <para> + With the <emphasis>shared folders</emphasis> feature of + &product-name;, you can access files of your host system from + within the guest system. This is similar to how you would use + network shares in Windows networks, except that shared folders do + not require networking, only the Guest Additions. Shared folders + are supported with Windows 2000 or later, Linux, and Oracle + Solaris guests. &product-name; release 6.0 includes experimental + support for Mac OS X and OS/2 guests. + </para> + + <para> + Shared folders physically reside on the <emphasis>host</emphasis> + and are then shared with the guest, which uses a special file + system driver in the Guest Additions to talk to the host. For + Windows guests, shared folders are implemented as a pseudo-network + redirector. For Linux and Oracle Solaris guests, the Guest + Additions provide a virtual file system. + </para> + + <para> + To share a host folder with a virtual machine in &product-name;, + you must specify the path of the folder and choose a + <emphasis>share name</emphasis> that the guest can use to access + the shared folder. This happens on the host. In the guest you can + then use the share name to connect to it and access files. + </para> + + <para> + There are several ways in which shared folders can be set up for a + virtual machine: + </para> + + <itemizedlist> + + <listitem> + <para> + In the window of a running VM, you select + <emphasis role="bold">Shared Folders</emphasis> from the + <emphasis role="bold">Devices</emphasis> menu, or click on the + folder icon on the status bar in the bottom right corner. + </para> + </listitem> + + <listitem> + <para> + If a VM is not currently running, you can configure shared + folders in the virtual machine's + <emphasis role="bold">Settings</emphasis> dialog. + </para> + </listitem> + + <listitem> + <para> + From the command line, you can create shared folders using + <command>VBoxManage</command>, as follows: + </para> + +<screen>VBoxManage sharedfolder add "VM name" --name "sharename" --hostpath "C:\test"</screen> + + <para> + See <xref linkend="vboxmanage-sharedfolder" />. + </para> + </listitem> + + </itemizedlist> + + <para> + There are two types of shares: + </para> + + <itemizedlist> + + <listitem> + <para> + Permanent shares, that are saved with the VM settings. + </para> + </listitem> + + <listitem> + <para> + Transient shares, that are added at runtime and disappear when + the VM is powered off. These can be created using a checkbox + in the VirtualBox Manager, or by using the + <computeroutput>--transient</computeroutput> option of the + <command>VBoxManage sharedfolder add</command> command. + </para> + </listitem> + + </itemizedlist> + + <para> + Shared folders can either be read-write or read-only. This means + that the guest is either allowed to both read and write, or just + read files on the host. By default, shared folders are read-write. + Read-only folders can be created using a checkbox in the + VirtualBox Manager, or with the + <computeroutput>--readonly</computeroutput> option of the + <command>VBoxManage sharedfolder add</command> command. + </para> + + <para> + &product-name; shared folders also support symbolic links, also + called <emphasis>symlinks</emphasis>, under the following + conditions: + </para> + + <itemizedlist> + + <listitem> + <para> + The host operating system must support symlinks. For example, + a Mac OS X, Linux, or Oracle Solaris host is required. + </para> + </listitem> + + <listitem> + <para> + Currently only Linux and Oracle Solaris Guest Additions + support symlinks. + </para> + </listitem> + + <listitem> + <para> + For security reasons the guest OS is not allowed to create + symlinks by default. If you trust the guest OS to not abuse + the functionality, you can enable creation of symlinks for a + shared folder as follows: + </para> + +<screen>VBoxManage setextradata "VM name" VBoxInternal2/SharedFoldersEnableSymlinksCreate/<replaceable>sharename</replaceable> 1</screen> + </listitem> + + </itemizedlist> + + <sect2 id="sf_mount_manual"> + + <title>Manual Mounting</title> + + <para> + You can mount the shared folder from inside a VM, in the same + way as you would mount an ordinary network share: + </para> + + <itemizedlist> + + <listitem> + <para> + In a Windows guest, shared folders are browseable and + therefore visible in Windows Explorer. To attach the host's + shared folder to your Windows guest, open Windows Explorer + and look for the folder in <emphasis role="bold">My + Networking Place</emphasis>s, <emphasis role="bold">Entire + Network</emphasis>, <emphasis role="bold">&product-name; + Shared Folders</emphasis>. By right-clicking on a shared + folder and selecting <emphasis role="bold">Map Network + Drive</emphasis> from the menu that pops up, you can assign + a drive letter to that shared folder. + </para> + + <para> + Alternatively, on the Windows command line, use the + following command: + </para> + +<screen>net use x: \\vboxsvr\sharename</screen> + + <para> + While <computeroutput>vboxsvr</computeroutput> is a fixed + name, note that <computeroutput>vboxsrv</computeroutput> + would also work, replace <replaceable>x:</replaceable> with + the drive letter that you want to use for the share, and + <replaceable>sharename</replaceable> with the share name + specified with <command>VBoxManage</command>. + </para> + </listitem> + + <listitem> + <para> + In a Linux guest, use the following command: + </para> + +<screen>mount -t vboxsf [-o OPTIONS] sharename mountpoint</screen> + + <para> + To mount a shared folder during boot, add the following + entry to <computeroutput>/etc/fstab</computeroutput>: + </para> + +<screen>sharename mountpoint vboxsf defaults 0 0</screen> + </listitem> + + <listitem> + <para> + In a Oracle Solaris guest, use the following command: + </para> + +<screen>mount -F vboxfs [-o OPTIONS] sharename mountpoint</screen> + + <para> + Replace <replaceable>sharename</replaceable>, use a + lowercase string, with the share name specified with + <command>VBoxManage</command> or the GUI. Replace + <replaceable>mountpoint</replaceable> with the path where + you want the share to be mounted on the guest, such as + <computeroutput>/mnt/share</computeroutput>. The usual mount + rules apply. For example, create this directory first if it + does not exist yet. + </para> + + <para> + Here is an example of mounting the shared folder for the + user jack on Oracle Solaris: + </para> + +<screen>$ id +uid=5000(jack) gid=1(other) +$ mkdir /export/home/jack/mount +$ pfexec mount -F vboxfs -o uid=5000,gid=1 jackshare /export/home/jack/mount +$ cd ~/mount +$ ls +sharedfile1.mp3 sharedfile2.txt +$</screen> + + <para> + Beyond the standard options supplied by the + <command>mount</command> command, the following are + available: + </para> + +<screen>iocharset CHARSET</screen> + + <para> + This option sets the character set used for I/O operations. + Note that on Linux guests, if the + <computeroutput>iocharset</computeroutput> option is not + specified, then the Guest Additions driver will attempt to + use the character set specified by the CONFIG_NLS_DEFAULT + kernel option. If this option is not set either, then UTF-8 + is used. + </para> + +<screen>convertcp CHARSET</screen> + + <para> + This option specifies the character set used for the shared + folder name. This is UTF-8 by default. + </para> + + <para> + The generic mount options, documented in the + <computeroutput>mount</computeroutput> manual page, apply + also. Especially useful are the options + <computeroutput>uid</computeroutput>, + <computeroutput>gid</computeroutput> and + <computeroutput>mode</computeroutput>, as they can allow + access by normal users in read/write mode, depending on the + settings, even if root has mounted the filesystem. + </para> + </listitem> + + <listitem> + <para> + In an OS/2 guest, use the <command>VBoxControl</command> + command to manage shared folders. For example: + </para> + +<screen>VBoxControl sharedfolder use D: MyShareName +VBoxControl sharedfolder unuse D: +VBoxControl sharedfolder list</screen> + + <para> + As with Windows guests, shared folders can also be accessed + via UNC using <computeroutput>\\VBoxSF\</computeroutput>, + <computeroutput>\\VBoxSvr\</computeroutput> or + <computeroutput>\\VBoxSrv\</computeroutput> as the server + name and the shared folder name as + <replaceable>sharename</replaceable>. + </para> + </listitem> + + </itemizedlist> + + </sect2> + + <sect2 id="sf_mount_auto"> + + <title>Automatic Mounting</title> + + <para> + &product-name; provides the option to mount shared folders + automatically. When automatic mounting is enabled for a shared + folder, the Guest Additions service will mount it for you + automatically. For Windows or OS/2, a preferred drive letter can + also be specified. For Linux or Oracle Solaris, a mount point + directory can also be specified. + </para> + + <para> + If a drive letter or mount point is not specified, or is in use + already, an alternative location is found by the Guest Additions + service. The service searches for an alternative location + depending on the guest OS, as follows: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Windows and OS/2 guests.</emphasis> + Search for a free drive letter, starting at + <computeroutput>Z:</computeroutput>. If all drive letters + are assigned, the folder is not mounted. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Linux and Oracle Solaris + guests.</emphasis> Folders are mounted under the + <computeroutput>/media</computeroutput> directory. The + folder name is normalized (no spaces, slashes or colons) and + is prefixed with <computeroutput>sf_</computeroutput>. + </para> + + <para> + For example, if you have a shared folder called + <computeroutput>myfiles</computeroutput>, it will appear as + <computeroutput>/media/sf_myfiles</computeroutput> in the + guest. + </para> + + <para> + The guest properties + <computeroutput>/VirtualBox/GuestAdd/SharedFolders/MountDir</computeroutput> + and the more generic + <computeroutput>/VirtualBox/GuestAdd/SharedFolders/MountPrefix</computeroutput> + can be used to override the automatic mount directory and + prefix. See <xref linkend="guestadd-guestprops" />. + </para> + </listitem> + + </itemizedlist> + + <para> + Access to an automatically mounted shared folder is granted to + everyone in a Windows guest, including the guest user. For Linux + and Oracle Solaris guests, access is restricted to members of + the group <computeroutput>vboxsf</computeroutput> and the + <computeroutput>root</computeroutput> user. + </para> + + </sect2> + + </sect1> + + <sect1 id="guestadd-dnd"> + + <title>Drag and Drop</title> + + <para> + &product-name; enables you to drag and drop content from the host + to the guest, and vice versa. For this to work the latest Guest + Additions must be installed on the guest. + </para> + + <para> + Drag and drop transparently allows copying or opening files, + directories, and even certain clipboard formats from one end to + the other. For example, from the host to the guest or from the + guest to the host. You then can perform drag and drop operations + between the host and a VM, as it would be a native drag and drop + operation on the host OS. + </para> + + <para> + At the moment drag and drop is implemented for Windows-based and + X-Windows-based systems, both on the host and guest side. As + X-Windows supports many different drag and drop protocols only the + most common one, XDND, is supported for now. Applications using + other protocols, such as Motif or OffiX, will not be recognized by + &product-name;. + </para> + + <para> + In the context of using drag and drop, the origin of the data is + called the <emphasis>source</emphasis>. That is, where the actual + data comes from and is specified. The <emphasis>target</emphasis> + specifies where the data from the source should go to. + Transferring data from the source to the target can be done in + various ways, such as copying, moving, or linking. + </para> + + <note> + <para> + At the moment only copying of data is supported. Moving or + linking is not yet implemented. + </para> + </note> + + <para> + When transferring data from the host to the guest OS, the host in + this case is the source, whereas the guest OS is the target. + However, when transferring data from the guest OS to the host, the + guest OS this time became the source and the host is the target. + </para> + + <para> + For security reasons drag and drop can be configured at runtime on + a per-VM basis either using the <emphasis role="bold">Drag and + Drop</emphasis> menu item in the + <emphasis role="bold">Devices</emphasis> menu of the virtual + machine, as shown below, or the <command>VBoxManage</command> + command. + </para> + + <figure id="fig-drag-drop-options"> + <title>Drag and Drop Menu Options</title> + <mediaobject> + <imageobject> + <imagedata align="center" fileref="images/dnd-modes.png" + width="10cm" /> + </imageobject> + </mediaobject> + </figure> + + <para> + The following drag and drop modes are available: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Disabled.</emphasis> Disables the drag + and drop feature entirely. This is the default when creating a + new VM. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Host To Guest.</emphasis> Enables drag + and drop operations from the host to the guest only. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Guest To Host.</emphasis> Enables drag + and drop operations from the guest to the host only. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Bidirectional.</emphasis> Enables drag + and drop operations in both directions: from the host to the + guest, and from the guest to the host. + </para> + </listitem> + + </itemizedlist> + + <note> + <para> + Drag and drop support depends on the frontend being used. At the + moment, only the VirtualBox Manager frontend provides this + functionality. + </para> + </note> + + <para> + To use the <command>VBoxManage</command> command to control the + current drag and drop mode, see <xref linkend="vboxmanage" />. The + <command>modifyvm</command> and <command>controlvm</command> + commands enable setting of a VM's current drag and drop mode from + the command line. + </para> + + <sect2 id="guestadd-dnd-formats"> + + <title>Supported Formats</title> + + <para> + As &product-name; can run on a variety of host operating systems + and also supports a wide range of guests, certain data formats + must be translated after transfer. This is so that the target + operating system, which receiving the data, is able to handle + them in an appropriate manner. + </para> + + <note> + <para> + When dragging files no data conversion is done in any way. For + example, when transferring a file from a Linux guest to a + Windows host the Linux-specific line endings are not converted + to Windows line endings. + </para> + </note> + + <para> + The following formats are handled by the &product-name; drag and + drop service: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Plain text:</emphasis> From + applications such as text editors, internet browsers and + terminal windows. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Files:</emphasis> From file managers + such as Windows Explorer, Nautilus, and Finder. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Directories:</emphasis> For + directories, the same formats apply as for files. + </para> + </listitem> + + </itemizedlist> + + </sect2> + + <sect2 id="guestadd-dnd-limitations"> + + <title>Known Limitations</title> + + <para> + The following limitations are known for drag and drop: + </para> + + <para> + On Windows hosts, dragging and dropping content between + UAC-elevated (User Account Control) programs and + non-UAC-elevated programs is not allowed. If you start + &product-name; with Administrator privileges then drag and drop + will not work with Windows Explorer, which runs with regular + user privileges by default. + </para> + + </sect2> + + </sect1> + + <sect1 id="guestadd-video"> + + <title>Hardware-Accelerated Graphics</title> + + <sect2 id="guestadd-3d"> + + <title>Hardware 3D Acceleration (OpenGL and Direct3D 8/9)</title> + + <para> + The &product-name; Guest Additions contain experimental hardware + 3D support for Windows, Linux, and Oracle Solaris guests. + </para> + + <para> + With this feature, if an application inside your virtual machine + uses 3D features through the OpenGL or Direct3D 8/9 programming + interfaces, instead of emulating them in software, which would + be slow, &product-name; will attempt to use your host's 3D + hardware. This works for all supported host platforms, provided + that your host operating system can make use of your accelerated + 3D hardware in the first place. + </para> + + <para> + The 3D acceleration feature currently has the following + preconditions: + </para> + + <itemizedlist> + + <listitem> + <para> + It is only available for certain Windows, Linux, and Oracle + Solaris guests. In particular: + </para> + + <itemizedlist> + + <listitem> + <para> + 3D acceleration with Windows guests requires Windows + 2000, Windows XP, Vista, or Windows 7. Apart from on + Windows 2000 guests, both OpenGL and Direct3D 8/9 are + supported on an experimental basis. + </para> + </listitem> + + <listitem> + <para> + OpenGL on Linux requires kernel 2.6.27 or later, as well + as X.org server version 1.5 or later. Ubuntu 10.10 and + Fedora 14 have been tested and confirmed as working. + </para> + </listitem> + + <listitem> + <para> + OpenGL on Oracle Solaris guests requires X.org server + version 1.5 or later. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + The Guest Additions must be installed. + </para> + + <note> + <para> + For the basic Direct3D acceleration to work in a Windows + Guest, &product-name; needs to replace Windows system + files in the virtual machine. As a result, the Guest + Additions installation program offers Direct3D + acceleration as an option that must be explicitly enabled. + Also, you must install the Guest Additions in Safe Mode. + This does <emphasis>not</emphasis> apply to the WDDM + Direct3D video driver available for Windows Vista and + later. See <xref linkend="KnownIssues" /> for details. + </para> + </note> + </listitem> + + <listitem> + <para> + Because 3D support is still experimental at this time, it is + disabled by default and must be <emphasis>manually + enabled</emphasis> in the VM settings. See + <xref linkend="settings-display" />. + </para> + + <note> + <para> + Untrusted guest systems should not be allowed to use the + 3D acceleration features of &product-name;, just as + untrusted host software should not be allowed to use 3D + acceleration. Drivers for 3D hardware are generally too + complex to be made properly secure and any software which + is allowed to access them may be able to compromise the + operating system running them. In addition, enabling 3D + acceleration gives the guest direct access to a large body + of additional program code in the &product-name; host + process which it might conceivably be able to use to crash + the virtual machine. + </para> + </note> + </listitem> + + </itemizedlist> + + <para> + To enable Aero theme support, the &product-name; WDDM video + driver must be installed, which is available with the Guest + Additions installation. The WDDM driver is not installed by + default for Vista and Windows 7 guest and must be + <emphasis>manually selected</emphasis> in the Guest Additions + installer by clicking <emphasis role="bold">No</emphasis> in the + <emphasis role="bold">Would You Like to Install Basic Direct3D + Support</emphasis> dialog displayed when the Direct3D feature is + selected. + </para> + + <para> + The Aero theme is not enabled by default. To enable it, do the + following: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Windows Vista guests:</emphasis> + Right-click on the desktop and select + <emphasis role="bold">Personalize</emphasis>, then select + <emphasis role="bold">Windows Color and + Appearance</emphasis> in the + <emphasis role="bold">Personalization</emphasis> window. In + the <emphasis role="bold">Appearance Settings</emphasis> + dialog, select <emphasis role="bold">Windows Aero</emphasis> + and click <emphasis role="bold">OK</emphasis>. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Windows 7 guests:</emphasis> + Right-click on the desktop and select + <emphasis role="bold">Personalize</emphasis>. Select any + Aero theme in the + <emphasis role="bold">Personalization</emphasis> window. + </para> + </listitem> + + </itemizedlist> + + <para> + Technically, &product-name; implements this by installing an + additional hardware 3D driver inside your guest when the Guest + Additions are installed. This driver acts as a hardware 3D + driver and reports to the guest operating system that the + virtual hardware is capable of 3D hardware acceleration. When an + application in the guest then requests hardware acceleration + through the OpenGL or Direct3D programming interfaces, these are + sent to the host through a special communication tunnel + implemented by &product-name;, and then the + <emphasis>host</emphasis> performs the requested 3D operation + using the host's programming interfaces. + </para> + + </sect2> + + <sect2 id="guestadd-2d"> + + <title>Hardware 2D Video Acceleration for Windows Guests</title> + + <para> + The &product-name; Guest Additions contain experimental hardware + 2D video acceleration support for Windows guests. + </para> + + <para> + With this feature, if an application such as a video player + inside your Windows VM uses 2D video overlays to play a movie + clip, then &product-name; will attempt to use your host's video + acceleration hardware instead of performing overlay stretching + and color conversion in software, which would be slow. This + currently works for Windows, Linux and Mac OS X host platforms, + provided that your host operating system can make use of 2D + video acceleration in the first place. + </para> + + <para> + Hardware 2D video acceleration currently has the following + preconditions: + </para> + + <itemizedlist> + + <listitem> + <para> + Only available for Windows guests, running Windows XP or + later. + </para> + </listitem> + + <listitem> + <para> + Guest Additions must be installed. + </para> + </listitem> + + <listitem> + <para> + Because 2D support is still experimental at this time, it is + disabled by default and must be <emphasis>manually + enabled</emphasis> in the VM settings. See + <xref linkend="settings-display" />. + </para> + </listitem> + + </itemizedlist> + + <para> + Technically, &product-name; implements this by exposing video + overlay DirectDraw capabilities in the Guest Additions video + driver. The driver sends all overlay commands to the host + through a special communication tunnel implemented by + &product-name;. On the host side, OpenGL is then used to + implement color space transformation and scaling + </para> + + </sect2> + + </sect1> + + <sect1 id="seamlesswindows"> + + <title>Seamless Windows</title> + + <para> + With the <emphasis>seamless windows</emphasis> feature of + &product-name;, you can have the windows that are displayed within + a virtual machine appear side by side next to the windows of your + host. This feature is supported for the following guest operating + systems, provided that the Guest Additions are installed: + </para> + + <itemizedlist> + + <listitem> + <para> + Windows guests. Support was added in &product-name; 1.5. + </para> + </listitem> + + <listitem> + <para> + Supported Linux or Oracle Solaris guests running the X Window + System. Support was added with &product-name; 1.6. + </para> + </listitem> + + </itemizedlist> + + <para> + After seamless windows are enabled, &product-name; suppresses the + display of the desktop background of your guest, allowing you to + run the windows of your guest operating system seamlessly next to + the windows of your host. + </para> + + <figure id="fig-seamless-windows"> + <title>Seamless Windows on a Host Desktop</title> + <mediaobject> + <imageobject> + <imagedata align="center" fileref="images/seamless.png" width="14cm" /> + </imageobject> + </mediaobject> + </figure> + + <para> + To enable seamless mode, after starting the virtual machine, press + the <emphasis role="bold">Host key + L</emphasis>. The Host key is + normally the right control key. This will enlarge the size of the + VM's display to the size of your host screen and mask out the + guest operating system's background. To disable seamless windows + and go back to the normal VM display, press the Host key + L + again. + </para> + + </sect1> + + <sect1 id="guestadd-guestprops"> + + <title>Guest Properties</title> + + <para> + &product-name; enables requests of some properties from a running + guest, provided that the &product-name; Guest Additions are + installed and the VM is running. This provides the following + advantages: + </para> + + <itemizedlist> + + <listitem> + <para> + A number of predefined VM characteristics are automatically + maintained by &product-name; and can be retrieved on the host. + For example, to monitor VM performance and statistics. + </para> + </listitem> + + <listitem> + <para> + Arbitrary string data can be exchanged between guest and host. + This works in both directions. + </para> + </listitem> + + </itemizedlist> + + <para> + To accomplish this, &product-name; establishes a private + communication channel between the &product-name; Guest Additions + and the host, and software on both sides can use this channel to + exchange string data for arbitrary purposes. Guest properties are + simply string keys to which a value is attached. They can be set, + or written to, by either the host and the guest. They can also be + read from both sides. + </para> + + <para> + In addition to establishing the general mechanism of reading and + writing values, a set of predefined guest properties is + automatically maintained by the &product-name; Guest Additions to + allow for retrieving interesting guest data such as the guest's + exact operating system and service pack level, the installed + version of the Guest Additions, users that are currently logged + into the guest OS, network statistics and more. These predefined + properties are all prefixed with + <computeroutput>/VirtualBox/</computeroutput> and organized into a + hierarchical tree of keys. + </para> + + <para> + Some of this runtime information is shown when you select + <emphasis role="bold">Session Information Dialog</emphasis> from a + virtual machine's <emphasis role="bold">Machine</emphasis> menu. + </para> + + <para> + A more flexible way to use this channel is with the + <command>VBoxManage guestproperty</command> command. See + <xref linkend="vboxmanage-guestproperty" />. For example, to have + <emphasis>all</emphasis> the available guest properties for a + given running VM listed with their respective values, use this + command: + </para> + +<screen>$ VBoxManage guestproperty enumerate "Windows Vista III" +VirtualBox Command Line Management Interface Version <replaceable>version-number</replaceable> +(C) 2005-2018 Oracle Corporation +All rights reserved. + +Name: /VirtualBox/GuestInfo/OS/Product, value: Windows Vista Business Edition, + timestamp: 1229098278843087000, flags: +Name: /VirtualBox/GuestInfo/OS/Release, value: 6.0.6001, + timestamp: 1229098278950553000, flags: +Name: /VirtualBox/GuestInfo/OS/ServicePack, value: 1, + timestamp: 1229098279122627000, flags: +Name: /VirtualBox/GuestAdd/InstallDir, + value: C:/Program Files/Oracle/VirtualBox + Guest Additions, timestamp: 1229098279269739000, flags: +Name: /VirtualBox/GuestAdd/Revision, value: 40720, + timestamp: 1229098279345664000, flags: +Name: /VirtualBox/GuestAdd/Version, value: <replaceable>version-number</replaceable>, + timestamp: 1229098279479515000, flags: +Name: /VirtualBox/GuestAdd/Components/VBoxControl.exe, value: <replaceable>version-number</replaceable>r40720, + timestamp: 1229098279651731000, flags: +Name: /VirtualBox/GuestAdd/Components/VBoxHook.dll, value: <replaceable>version-number</replaceable>r40720, + timestamp: 1229098279804835000, flags: +Name: /VirtualBox/GuestAdd/Components/VBoxDisp.dll, value: <replaceable>version-number</replaceable>r40720, + timestamp: 1229098279880611000, flags: +Name: /VirtualBox/GuestAdd/Components/VBoxMRXNP.dll, value: <replaceable>version-number</replaceable>r40720, + timestamp: 1229098279882618000, flags: +Name: /VirtualBox/GuestAdd/Components/VBoxService.exe, value: <replaceable>version-number</replaceable>r40720, + timestamp: 1229098279883195000, flags: +Name: /VirtualBox/GuestAdd/Components/VBoxTray.exe, value: <replaceable>version-number</replaceable>r40720, + timestamp: 1229098279885027000, flags: +Name: /VirtualBox/GuestAdd/Components/VBoxGuest.sys, value: <replaceable>version-number</replaceable>r40720, + timestamp: 1229098279886838000, flags: +Name: /VirtualBox/GuestAdd/Components/VBoxMouse.sys, value: <replaceable>version-number</replaceable>r40720, + timestamp: 1229098279890600000, flags: +Name: /VirtualBox/GuestAdd/Components/VBoxSF.sys, value: <replaceable>version-number</replaceable>r40720, + timestamp: 1229098279893056000, flags: +Name: /VirtualBox/GuestAdd/Components/VBoxVideo.sys, value: <replaceable>version-number</replaceable>r40720, + timestamp: 1229098279895767000, flags: +Name: /VirtualBox/GuestInfo/OS/LoggedInUsers, value: 1, + timestamp: 1229099826317660000, flags: +Name: /VirtualBox/GuestInfo/OS/NoLoggedInUsers, value: false, + timestamp: 1229098455580553000, flags: +Name: /VirtualBox/GuestInfo/Net/Count, value: 1, + timestamp: 1229099826299785000, flags: +Name: /VirtualBox/HostInfo/GUI/LanguageID, value: C, + timestamp: 1229098151272771000, flags: +Name: /VirtualBox/GuestInfo/Net/0/V4/IP, value: 192.168.2.102, + timestamp: 1229099826300088000, flags: +Name: /VirtualBox/GuestInfo/Net/0/V4/Broadcast, value: 255.255.255.255, + timestamp: 1229099826300220000, flags: +Name: /VirtualBox/GuestInfo/Net/0/V4/Netmask, value: 255.255.255.0, + timestamp: 1229099826300350000, flags: +Name: /VirtualBox/GuestInfo/Net/0/Status, value: Up, + timestamp: 1229099826300524000, flags: +Name: /VirtualBox/GuestInfo/OS/LoggedInUsersList, value: username, + timestamp: 1229099826317386000, flags:</screen> + + <para> + To query the value of a single property, use the + <computeroutput>get</computeroutput> subcommand as follows: + </para> + +<screen>$ VBoxManage guestproperty get "Windows Vista III" "/VirtualBox/GuestInfo/OS/Product" +VirtualBox Command Line Management Interface Version <replaceable>version-number</replaceable> +(C) 2005-2018 Oracle Corporation +All rights reserved. + +Value: Windows Vista Business Edition</screen> + + <para> + To add or change guest properties from the guest, use the tool + <computeroutput>VBoxControl</computeroutput>. This tool is + included in the Guest Additions of &product-name; 2.2 or later. + When started from a Linux guest, this tool requires root + privileges for security reasons: + </para> + +<screen>$ sudo VBoxControl guestproperty enumerate +VirtualBox Guest Additions Command Line Management Interface Version <replaceable>version-number</replaceable> +(C) 2005-2018 Oracle Corporation +All rights reserved. + +Name: /VirtualBox/GuestInfo/OS/Release, value: 2.6.28-18-generic, + timestamp: 1265813265835667000, flags: <NULL> +Name: /VirtualBox/GuestInfo/OS/Version, value: #59-Ubuntu SMP Thu Jan 28 01:23:03 UTC 2010, + timestamp: 1265813265836305000, flags: <NULL> + ...</screen> + + <para> + For more complex needs, you can use the &product-name; programming + interfaces. See <xref linkend="VirtualBoxAPI" />. + </para> + + <sect2 id="guestadd-guestprops-waits"> + + <title>Using Guest Properties to Wait on VM Events</title> + + <para> + The properties + <computeroutput>/VirtualBox/HostInfo/VBoxVer</computeroutput>, + <computeroutput>/VirtualBox/HostInfo/VBoxVerExt</computeroutput> + or <computeroutput>/VirtualBox/HostInfo/VBoxRev</computeroutput> + can be waited on to detect that the VM state was restored from + saved state or snapshot: + </para> + +<screen>$ VBoxControl guestproperty wait /VirtualBox/HostInfo/VBoxVer</screen> + + <para> + Similarly the + <computeroutput>/VirtualBox/HostInfo/ResumeCounter</computeroutput> + can be used to detect that a VM was resumed from the paused + state or saved state. + </para> + + </sect2> + + </sect1> + + <sect1 id="guestadd-gc-file-manager"> + + <title>Guest Control File Manager</title> + + <para> + The Guest Control File Manager is a feature of the Guest Additions + that enables easy copying and moving of files between a guest and + the host system. Other file management operations provide support + to create new folders and to rename or delete files. + </para> + + <figure id="fig-guest-control-fm"> + <title>Guest Control File Manager</title> + <mediaobject> + <imageobject> + <imagedata align="center" fileref="images/guest-fm.png" + width="12cm" /> + </imageobject> + </mediaobject> + </figure> + + <para> + The Guest Control File Manager works by mounting the host file + system. Guest users must authenticate and create a guest session + before they can transfer files. + </para> + + <sect2 id="guestadd-gc-file-manager-using"> + + <title>Using the Guest Control File Manager</title> + + <para> + The following steps describe how to use the Guest Control File + Manager. + </para> + + <orderedlist> + + <listitem> + <para> + Open the Guest Control File Manager. + </para> + + <para> + In the guest VM, select + <emphasis role="bold">Machine</emphasis>, + <emphasis role="bold">File Manager</emphasis>. + </para> + + <para> + The left pane shows the files on the host system. + </para> + </listitem> + + <listitem> + <para> + Create a guest session. + </para> + + <para> + At the bottom of the Guest Control File Manager, enter + authentication credentials for a user on the guest system. + </para> + + <para> + Click <emphasis role="bold">Create Session</emphasis>. + </para> + + <para> + The contents of the guest VM file system appears in the + right pane of the Guest Control File Manager. + </para> + </listitem> + + <listitem> + <para> + Transfer files between the guest and the host system by + using the move and copy file transfer icons. + </para> + + <para> + You can copy and move files from a guest to the host system + or from the host system to the guest. + </para> + </listitem> + + <listitem> + <para> + Close the Guest Control File Manager. + </para> + + <para> + Click <emphasis role="bold">Close</emphasis> to end the + guest session. + </para> + </listitem> + + </orderedlist> + + </sect2> + + </sect1> + + <sect1 id="guestadd-guestcontrol"> + + <title>Guest Control of Applications</title> + + <para> + The Guest Additions enable starting of applications inside a VM + from the host system. + </para> + + <para> + For this to work, the application needs to be installed inside the + guest. No additional software needs to be installed on the host. + Additionally, text mode output to stdout and stderr can be shown + on the host for further processing. There are options to specify + user credentials and a timeout value, in milliseconds, to limit + the time the application is able to run. + </para> + + <para> + This feature can be used to automate deployment of software within + the guest. + </para> + + <para> + The Guest Additions for Windows allow for automatic updating. This + applies for already installed Guest Additions version 4.0 or + later. Also, copying files from host to the guest as well as + remotely creating guest directories is available. + </para> + + <para> + To use these features, use the &product-name; command line. See + <xref linkend="vboxmanage-guestcontrol" />. + </para> + + </sect1> + + <sect1 id="guestadd-memory-usage"> + + <title>Memory Overcommitment</title> + + <para> + In server environments with many VMs, the Guest Additions can be + used to share physical host memory between several VMs. This + reduces the total amount of memory in use by the VMs. If memory + usage is the limiting factor and CPU resources are still + available, this can help with running more VMs on each host. + </para> + + <sect2 id="guestadd-balloon"> + + <title>Memory Ballooning</title> + + <para> + The Guest Additions can change the amount of host memory that a + VM uses, while the machine is running. Because of how this is + implemented, this feature is called <emphasis>memory + ballooning</emphasis>. + </para> + + <note> + <itemizedlist> + + <listitem> + <para> + &product-name; supports memory ballooning only on 64-bit + hosts. It is not supported on Mac OS X hosts. + </para> + </listitem> + + <listitem> + <para> + Memory ballooning does not work with large pages enabled. + To turn off large pages support for a VM, run + <computeroutput>VBoxManage modifyvm <VM name> + --largepages off</computeroutput> + </para> + </listitem> + + </itemizedlist> + </note> + + <para> + Normally, to change the amount of memory allocated to a virtual + machine, you have to shut down the virtual machine entirely and + modify its settings. With memory ballooning, memory that was + allocated for a virtual machine can be given to another virtual + machine without having to shut the machine down. + </para> + + <para> + When memory ballooning is requested, the &product-name; Guest + Additions, which run inside the guest, allocate physical memory + from the guest operating system on the kernel level and lock + this memory down in the guest. This ensures that the guest will + not use that memory any longer. No guest applications can + allocate it, and the guest kernel will not use it either. + &product-name; can then reuse this memory and give it to another + virtual machine. + </para> + + <para> + The memory made available through the ballooning mechanism is + only available for reuse by &product-name;. It is + <emphasis>not</emphasis> returned as free memory to the host. + Requesting balloon memory from a running guest will therefore + not increase the amount of free, unallocated memory on the host. + Effectively, memory ballooning is therefore a memory + overcommitment mechanism for multiple virtual machines while + they are running. This can be useful to temporarily start + another machine, or in more complicated environments, for + sophisticated memory management of many virtual machines that + may be running in parallel depending on how memory is used by + the guests. + </para> + + <para> + At this time, memory ballooning is only supported through + <command>VBoxManage</command>. Use the following command to + increase or decrease the size of the memory balloon within a + running virtual machine that has Guest Additions installed: + </para> + +<screen>VBoxManage controlvm "VM name" guestmemoryballoon n</screen> + + <para> + where <replaceable>VM name</replaceable> is the name or UUID of + the virtual machine in question and <replaceable>n</replaceable> + is the amount of memory to allocate from the guest in megabytes. + See <xref + linkend="vboxmanage-controlvm" />. + </para> + + <para> + You can also set a default balloon that will automatically be + requested from the VM every time after it has started up with + the following command: + </para> + +<screen>VBoxManage modifyvm "VM name" --guestmemoryballoon n</screen> + + <para> + By default, no balloon memory is allocated. This is a VM + setting, like other <computeroutput>modifyvm</computeroutput> + settings, and therefore can only be set while the machine is + shut down. See <xref + linkend="vboxmanage-modifyvm" />. + </para> + + </sect2> + + <sect2 id="guestadd-pagefusion"> + + <title>Page Fusion</title> + + <para> + Whereas memory ballooning simply reduces the amount of RAM that + is available to a VM, Page Fusion works differently. It avoids + memory duplication between several similar running VMs. + </para> + + <para> + In a server environment running several similar VMs on the same + host, lots of memory pages are identical. For example, if the + VMs are using identical operating systems. &product-name;'s Page + Fusion technology can efficiently identify these identical + memory pages and share them between multiple VMs. + </para> + + <note> + <para> + &product-name; supports Page Fusion only on 64-bit hosts, and + it is not supported on Mac OS X hosts. Page Fusion currently + works only with Windows 2000 and later guests. + </para> + </note> + + <para> + The more similar the VMs on a given host are, the more + efficiently Page Fusion can reduce the amount of host memory + that is in use. It therefore works best if all VMs on a host run + identical operating systems, such as Windows XP Service Pack 2. + Instead of having a complete copy of each operating system in + each VM, Page Fusion identifies the identical memory pages in + use by these operating systems and eliminates the duplicates, + sharing host memory between several machines. This is called + <emphasis>deduplication</emphasis>. If a VM tries to modify a + page that has been shared with other VMs, a new page is + allocated again for that VM with a copy of the shared page. This + is called <emphasis>copy on write</emphasis>. All this is fully + transparent to the virtual machine. + </para> + + <para> + You may be familiar with this kind of memory overcommitment from + other hypervisor products, which call this feature + <emphasis>page sharing</emphasis> or <emphasis>same page + merging</emphasis>. However, Page Fusion differs significantly + from those other solutions, whose approaches have several + drawbacks: + </para> + + <itemizedlist> + + <listitem> + <para> + Traditional hypervisors scan <emphasis>all</emphasis> guest + memory and compute checksums, also called hashes, for every + single memory page. Then, they look for pages with identical + hashes and compare the entire content of those pages. If two + pages produce the same hash, it is very likely that the + pages are identical in content. This process can take rather + long, especially if the system is not idling. As a result, + the additional memory only becomes available after a + significant amount of time, such as hours or sometimes days. + Even worse, this kind of page sharing algorithm generally + consumes significant CPU resources and increases the + virtualization overhead by 10 to 20%. + </para> + + <para> + Page Fusion in &product-name; uses logic in the + &product-name; Guest Additions to quickly identify memory + cells that are most likely identical across VMs. It can + therefore achieve most of the possible savings of page + sharing almost immediately and with almost no overhead. + </para> + </listitem> + + <listitem> + <para> + Page Fusion is also much less likely to be confused by + identical memory that it will eliminate, just to learn + seconds later that the memory will now change and having to + perform a highly expensive and often service-disrupting + reallocation. + </para> + </listitem> + + </itemizedlist> + + <para> + At this time, Page Fusion can only be controlled with + <command>VBoxManage</command>, and only while a VM is shut down. + To enable Page Fusion for a VM, use the following command: + </para> + +<screen>VBoxManage modifyvm "VM name" --pagefusion on</screen> + + <para> + You can observe Page Fusion operation using some metrics. + <computeroutput>RAM/VMM/Shared</computeroutput> shows the total + amount of fused pages, whereas the per-VM metric + <computeroutput>Guest/RAM/Usage/Shared</computeroutput> will + return the amount of fused memory for a given VM. See + <xref + linkend="vboxmanage-metrics" /> for information on + how to query metrics. + </para> + + <note> + <para> + Enabling Page Fusion might indirectly increase the chances for + malicious guests to successfully attack other VMs running on + the same host. See <xref linkend="pot-insecure"/>. + </para> + </note> + + </sect2> + + </sect1> + +</chapter> diff --git a/doc/manual/en_US/user_Installation.xml b/doc/manual/en_US/user_Installation.xml new file mode 100644 index 00000000..e62924d9 --- /dev/null +++ b/doc/manual/en_US/user_Installation.xml @@ -0,0 +1,1364 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" +"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"[ +<!ENTITY % all.entities SYSTEM "all-entities.ent"> +%all.entities; +]> +<chapter id="installation"> + + <title>Installation Details</title> + + <para> + As installation of &product-name; varies depending on your host + operating system, the following sections provide installation + instructions for Windows, Mac OS X, Linux, and Oracle Solaris. + </para> + + <sect1 id="installation_windows"> + + <title>Installing on Windows Hosts</title> + + <sect2 id="install-win-prereq"> + + <title>Prerequisites</title> + + <para> + For the various versions of Windows that are supported as host + operating systems, please refer to + <xref + linkend="hostossupport" />. + </para> + + <para> + In addition, Windows Installer 1.1 or later must be present on + your system. This should be the case if you have all recent + Windows updates installed. + </para> + + </sect2> + + <sect2 id="install-win-performing"> + + <title>Performing the Installation</title> + + <para> + The &product-name; installation can be started in either of the + following ways: + </para> + + <itemizedlist> + + <listitem> + <para> + By double-clicking on the executable file, which contains + both 32-bit and 64-bit architectures. + </para> + </listitem> + + <listitem> + <para> + By entering the following command: + </para> + +<screen>VirtualBox-<version>-<revision>-Win.exe -extract</screen> + + <para> + This will extract both installers into a temporary + directory, along with .MSI files. Run the following command + to to perform the installation: + </para> + +<screen>msiexec /i VirtualBox-<version>-<revision>-MultiArch_<x86|amd64>.msi</screen> + </listitem> + + </itemizedlist> + + <para> + Using either way displays the installation + <emphasis role="bold">Welcome</emphasis> dialog and enables you + to choose where to install &product-name;, and which components + to install. In addition to the &product-name; application, the + following components are available: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">USB support.</emphasis> This package + contains special drivers for your Windows host that + &product-name; requires to fully support USB devices inside + your virtual machines. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Networking.</emphasis> This package + contains extra networking drivers for your Windows host that + &product-name; needs to support Bridged Networking. This + enables your VM's virtual network cards to be accessed from + other machines on your physical network. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Python support.</emphasis> This + package contains Python scripting support for the + &product-name; API, see <xref linkend="VirtualBoxAPI" />. + For this to work, an already working Windows Python + installation on the system is required. + </para> + + <para> + See, for example: + <ulink + url="http://www.python.org/download/windows/">http://www.python.org/download/windows/</ulink>. + </para> + + <note> + <para> + Python version at least 2.6 is required. Since + &product-name; 5.1, Python 3 is also supported. + </para> + </note> + </listitem> + + </itemizedlist> + + <para> + Depending on your Windows configuration, you may see warnings + about unsigned drivers, or similar. Click + <emphasis role="bold">Continue</emphasis> for these warnings, as + otherwise &product-name; might not function correctly after + installation. + </para> + + <para> + The installer will create a &product-name; group in the Windows + <emphasis role="bold">Start</emphasis> menu, which enables you + to launch the application and access its documentation. + </para> + + <para> + With standard settings, &product-name; will be installed for all + users on the local system. If this is not wanted, you must + invoke the installer by first extracting as follows: + </para> + +<screen>VirtualBox.exe -extract</screen> + + <para> + Then, run either of the following commands on the extracted .MSI + files. This will install &product-name; only for the current + user. + </para> + +<screen>VirtualBox.exe -msiparams ALLUSERS=2</screen> + +<screen>msiexec /i VirtualBox-<version>-MultiArch_<x86|amd64>.msi ALLUSERS=2</screen> + + <para> + If you do not want to install all features of &product-name;, + you can set the optional + <computeroutput>ADDLOCAL</computeroutput> parameter to + explicitly name the features to be installed. The following + features are available: + </para> + + <variablelist> + + <varlistentry> + <term> + VBoxApplication + </term> + + <listitem> + <para> + Main binaries of &product-name;. + </para> + + <note> + <para> + This feature must not be absent, since it contains the + minimum set of files to have working &product-name; + installation. + </para> + </note> + </listitem> + </varlistentry> + + <varlistentry> + <term> + VBoxUSB + </term> + + <listitem> + <para> + USB support. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + VBoxNetwork + </term> + + <listitem> + <para> + All networking support. This includes the VBoxNetworkFlt + and VBoxNetworkAdp features. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + VBoxNetworkFlt + </term> + + <listitem> + <para> + Bridged networking support. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + VBoxNetworkAdp + </term> + + <listitem> + <para> + Host-only networking support + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + VBoxPython + </term> + + <listitem> + <para> + Python support + </para> + + <note> + <para> + Python version at least 2.6 is required. Since + &product-name; 5.1, Python 3 is also supported. + </para> + </note> + </listitem> + </varlistentry> + + </variablelist> + + <para> + For example, to only install USB support along with the main + binaries, run either of the following commands: + </para> + +<screen>VirtualBox.exe -msiparams ADDLOCAL=VBoxApplication,VBoxUSB</screen> + +<screen>msiexec /i VirtualBox-<version>-MultiArch_<x86|amd64>.msi ADDLOCAL=VBoxApplication,VBoxUSB</screen> + + <para> + The user is able to choose between NDIS5 and NDIS6 host network + filter drivers during the installation. This is done using a + command line parameter, + <computeroutput>NETWORKTYPE</computeroutput>. The NDIS6 driver + is default for Windows Vista and later. For older Windows + versions, the installer will automatically select the NDIS5 + driver and this cannot be changed. For Windows Vista and later + the user can force an install of the legacy NDIS5 host network + filter driver by using + <computeroutput>NETWORKTYPE=NDIS5</computeroutput>. For example, + to install the NDIS5 driver on Windows 7 use either of the + following commands: + </para> + +<screen>VirtualBox.exe -msiparams NETWORKTYPE=NDIS5</screen> + +<screen>msiexec /i VirtualBox-<version>-MultiArch_<x86|amd64>.msi NETWORKTYPE=NDIS5</screen> + + </sect2> + + <sect2 id="install-win-uninstall"> + + <title>Uninstallation</title> + + <para> + As &product-name; uses the standard Microsoft Windows installer, + &product-name; can be safely uninstalled at any time. Click the + program entry in the <emphasis role="bold">Add/Remove + Programs</emphasis> list in the Windows Control Panel. + </para> + + </sect2> + + <sect2 id="install-win-unattended"> + + <title>Unattended Installation</title> + + <para> + Unattended installations can be performed using the standard MSI + support. + </para> + + </sect2> + + <sect2 id="install-win-public-props"> + + <title>Public Properties</title> + + <para> + Public properties can be specified with the MSI API, to control + additional behavior and features of the Windows host installer. + Use either of the following commands: + </para> + +<screen>VirtualBox.exe -msiparams NAME=VALUE [...]</screen> + +<screen>msiexec /i VirtualBox-<version>-MultiArch_<x86|amd64>.msi NAME=VALUE [...]</screen> + + <para> + The following public properties are available. + </para> + + <itemizedlist> + + <listitem> + <para> + VBOX_INSTALLDESKTOPSHORTCUT + </para> + + <para> + Specifies whether or not an &product-name; icon on the + desktop should be created. + </para> + + <para> + Set to <computeroutput>1</computeroutput> to enable, + <computeroutput>0</computeroutput> to disable. Default is 1. + </para> + </listitem> + + <listitem> + <para> + VBOX_INSTALLQUICKLAUNCHSHORTCUT + </para> + + <para> + Specifies whether or not an &product-name; icon in the Quick + Launch Bar should be created. + </para> + + <para> + Set to <computeroutput>1</computeroutput> to enable, + <computeroutput>0</computeroutput> to disable. Default is 1. + </para> + </listitem> + + <listitem> + <para> + VBOX_REGISTERFILEEXTENSIONS + </para> + + <para> + Specifies whether or not the file extensions .vbox, + .vbox-extpack, .ovf, .ova, .vdi, .vmdk, .vhd and .vdd should + be associated with &product-name;. Files of these types then + will be opened with &product-name;. + </para> + + <para> + Set to <computeroutput>1</computeroutput> to enable, + <computeroutput>0</computeroutput> to disable. Default is 1. + </para> + </listitem> + + <listitem> + <para> + VBOX_START + </para> + + <para> + Specifies whether to start &product-name; right after + successful installation. + </para> + + <para> + Set to <computeroutput>1</computeroutput> to enable, + <computeroutput>0</computeroutput> to disable. Default is 1. + </para> + </listitem> + + </itemizedlist> + + </sect2> + + </sect1> + + <sect1 id="installation-mac"> + + <title>Installing on Mac OS X Hosts</title> + + <sect2 id="install-mac-performing"> + + <title>Performing the Installation</title> + + <para> + For Mac OS X hosts, &product-name; ships in a + <computeroutput>dmg</computeroutput> disk image file. Perform + the following steps to install on a Mac OS X host: + </para> + + <orderedlist> + + <listitem> + <para> + Double-click on the <computeroutput>dmg</computeroutput> + file, to mount the contents. + </para> + </listitem> + + <listitem> + <para> + A window opens, prompting you to double-click on the + <computeroutput>VirtualBox.pkg</computeroutput> installer + file displayed in that window. + </para> + </listitem> + + <listitem> + <para> + This will start the installer, which enables you to select + where to install &product-name;. + </para> + </listitem> + + </orderedlist> + + <para> + After installation, you can find an &product-name; icon in the + "Applications" folder in the Finder. + </para> + + </sect2> + + <sect2 id="install-mac-uninstall"> + + <title>Uninstallation</title> + + <para> + To uninstall &product-name;, open the disk image + <computeroutput>dmg</computeroutput> file and double-click on + the uninstall icon shown. + </para> + + </sect2> + + <sect2 id="install-mac-unattended"> + + <title>Unattended Installation</title> + + <para> + To perform a non-interactive installation of &product-name; you + can use the command line version of the installer application. + </para> + + <para> + Mount the <computeroutput>dmg</computeroutput> disk image file, + as described in the installation procedure, or use the following + command line: + </para> + +<screen>hdiutil attach /path/to/VirtualBox-xyz.dmg</screen> + + <para> + Open a terminal session and run the following command: + </para> + +<screen>sudo installer -pkg /Volumes/VirtualBox/VirtualBox.pkg -target /Volumes/Macintosh\ HD</screen> + + </sect2> + + </sect1> + + <sect1 id="install-linux-host"> + + <title>Installing on Linux Hosts</title> + + <sect2 id="install-linux-prereq"> + + <title>Prerequisites</title> + + <para> + For the various versions of Linux that are supported as host + operating systems, see <xref + linkend="hostossupport" />. + </para> + + <para> + You will need to install the following packages on your Linux + system before starting the installation. Some systems will do + this for you automatically when you install &product-name;. + </para> + + <itemizedlist> + + <listitem> + <para> + Qt 5.3.2 or later. Qt 5.6.2 or later is recommended. + </para> + </listitem> + + <listitem> + <para> + SDL 1.2.7 or later. This graphics library is typically + called <computeroutput>libsdl</computeroutput> or similar. + </para> + </listitem> + + </itemizedlist> + + <note> + <para> + These packages are only required if you want to run the + &product-name; graphical user interfaces. In particular, + <computeroutput>VirtualBox</computeroutput>, the graphical + VirtualBox Manager, requires both Qt and SDL. If you only want + to run <command>VBoxHeadless</command>, neither Qt nor SDL are + required. + </para> + </note> + + </sect2> + + <sect2 id="externalkernelmodules"> + + <title>The &product-name; Driver Modules</title> + + <para> + In order to run other operating systems in virtual machines + alongside your main operating system, &product-name; needs to + integrate very tightly into the system. To do this it installs a + driver module called <computeroutput>vboxdrv</computeroutput> + which does a lot of that work into the system kernel, which is + the part of the operating system which controls your processor + and physical hardware. Without this kernel module, you can still + use the VirtualBox Manager to configure virtual machines, but + they will not start. It also installs network drivers called + <computeroutput>vboxnetflt</computeroutput> and + <computeroutput>vboxnetadp</computeroutput> which enable virtual + machines to make more use of your computer's network + capabilities and are needed for any virtual machine networking + beyond the basic NAT mode. + </para> + + <para> + Since distributing driver modules separately from the kernel is + not something which Linux supports well, the install process + creates the modules on the system where they will be used. This + usually means first installing software packages from the + distribution which are needed for the build process. Normally, + these will be the GNU compiler (GCC), GNU Make (make) and + packages containing header files for your kernel, as well as + making sure that all system updates are installed and that the + system is running the most up-to-date kernel included in the + distribution. <emphasis>The running kernel and the header files + must be updated to matching versions</emphasis>. The following + list includes some instructions for common distributions. For + most of them you may want to start by finding the version name + of your kernel, using the command <command>uname -r</command> in + a terminal. The instructions assume that you have not changed + too much from the original installation, particularly not + installed a different kernel type. If you have, then you will + need to determine yourself what to set up. + </para> + + <itemizedlist> + + <listitem> + <para> + With Debian and Ubuntu-based distributions, you must install + the correct version of the + <computeroutput>linux-headers</computeroutput>, usually + whichever of + <computeroutput>linux-headers-generic</computeroutput>, + <computeroutput>linux-headers-amd64</computeroutput>, + <computeroutput>linux-headers-i686</computeroutput> or + <computeroutput>linux-headers-i686-pae</computeroutput> best + matches the kernel version name. Also, the + <computeroutput>linux-kbuild</computeroutput> package if it + exists. Basic Ubuntu releases should have the correct + packages installed by default. + </para> + </listitem> + + <listitem> + <para> + On Fedora, Redhat, Oracle Linux and many other RPM-based + systems, the kernel version sometimes has a code of letters + or a word close to the end of the version name. For example + "uek" for the Oracle Enterprise kernel or "default" or + "desktop" for the standard SUSE kernels. In this case, the + package name is + <computeroutput>kernel-uek-devel</computeroutput> or + equivalent. If there is no such code, it is usually + <computeroutput>kernel-devel</computeroutput>. + </para> + </listitem> + + <listitem> + <para> + On older SUSE and openSUSE Linux, you must install the + <computeroutput>kernel-source</computeroutput> and + <computeroutput>kernel-syms</computeroutput> packages. + </para> + </listitem> + + </itemizedlist> + + <para> + If you suspect that something has gone wrong with module + installation, check that your system is set up as described + above and try running the following command, as root: + </para> + +<screen>rcvboxdrv setup</screen> + + </sect2> + + <sect2 id="install-linux-performing"> + + <title>Performing the Installation</title> + + <para> + &product-name; is available in a number of package formats + native to various common Linux distributions. See + <xref linkend="hostossupport"/>. In addition, there is an + alternative generic installer (.run) which should work on most + Linux distributions. The generic installer packages are built on + EL5 systems and thus require reasonably old versions of glibc, + such as version 2.5, and other system libraries. + </para> + + <sect3 id="install-linux-debian-ubuntu"> + + <title>Installing &product-name; from a Debian/Ubuntu Package</title> + + <para> + Download the appropriate package for your distribution. The + following examples assume that you are installing to a 32-bit + Ubuntu Wily system. Use <computeroutput>dpkg</computeroutput> + to install the Debian package,as follows: + </para> + +<screen>sudo dpkg -i virtualbox-5.0_<replaceable>version-number</replaceable>_Ubuntu_wily_i386.deb</screen> + + <para> + The installer will also try to build kernel modules suitable + for the current running kernel. If the build process is not + successful you will be shown a warning and the package will be + left unconfigured. Look at + <computeroutput>/var/log/vbox-install.log</computeroutput> to + find out why the compilation failed. You may have to install + the appropriate Linux kernel headers, see + <xref + linkend="externalkernelmodules" />. After + correcting any problems, run the following command: + </para> + +<screen>sudo rcvboxdrv setup</screen> + + <para> + This will start a second attempt to build the module. + </para> + + <para> + If a suitable kernel module was found in the package or the + module was successfully built, the installation script will + attempt to load that module. If this fails, please see + <xref + linkend="ts_linux-kernelmodule-fails-to-load" /> + for further information. + </para> + + <para> + Once &product-name; has been successfully installed and + configured, you can start it by clicking + <emphasis role="bold">VirtualBox</emphasis> in your + <emphasis role="bold">Start</emphasis> menu or from the + command line. See <xref linkend="startingvboxonlinux" />. + </para> + + </sect3> + + <sect3 id="install-linux-alt-installer"> + + <title>Using the Alternative Generic Installer (VirtualBox.run)</title> + + <para> + The alternative generic installer performs the following + steps: + </para> + + <itemizedlist> + + <listitem> + <para> + Unpacks the application files to the target directory + <computeroutput>/opt/VirtualBox/</computeroutput>, which + cannot be changed. + </para> + </listitem> + + <listitem> + <para> + Builds and installs the &product-name; kernel modules: + <computeroutput>vboxdrv</computeroutput>, + <computeroutput>vboxnetflt</computeroutput>, and + <computeroutput>vboxnetadp</computeroutput>. + </para> + </listitem> + + <listitem> + <para> + Creates <computeroutput>/sbin/rcvboxdrv</computeroutput>, + an init script to start the &product-name; kernel module. + </para> + </listitem> + + <listitem> + <para> + Creates a new system group called + <computeroutput>vboxusers</computeroutput>. + </para> + </listitem> + + <listitem> + <para> + Creates symbolic links in + <computeroutput>/usr/bin</computeroutput> to a shell + script + <computeroutput>/opt/VirtualBox/VBox</computeroutput> + which does some sanity checks and dispatches to the actual + executables: <command>VirtualBox</command>, + <command>VBoxVRDP</command>, + <command>VBoxHeadless</command> and + <command>VBoxManage</command>. + </para> + </listitem> + + <listitem> + <para> + Creates + <computeroutput>/etc/udev/rules.d/60-vboxdrv.rules</computeroutput>, + a description file for udev, if that is present, which + makes the USB devices accessible to all users in the + <computeroutput>vboxusers</computeroutput> group. + </para> + </listitem> + + <listitem> + <para> + Writes the installation directory to + <computeroutput>/etc/vbox/vbox.cfg</computeroutput>. + </para> + </listitem> + + </itemizedlist> + + <para> + The installer must be executed as root with either + <computeroutput>install</computeroutput> or + <computeroutput>uninstall</computeroutput> as the first + parameter. For example: + </para> + +<screen>sudo ./VirtualBox.run install</screen> + + <para> + Or if you do not have the <command>sudo</command> command + available, run the following as root instead: + </para> + +<screen>./VirtualBox.run install</screen> + + <para> + Add every user who needs to access USB devices from a + VirtualBox guests to the group + <computeroutput>vboxusers</computeroutput>. Either use the GUI + user management tools or run the following command as root: + </para> + +<screen>sudo usermod -a -G vboxusers username</screen> + + <note> + <para> + The <command>usermod</command> command of some older Linux + distributions does not support the <option>-a</option> + option, which adds the user to the given group without + affecting membership of other groups. In this case, find out + the current group memberships with the + <command>groups</command> command and add all these groups + in a comma-separated list to the command line after the + <option>-G</option> option. For example: + <computeroutput>usermod -G group1,group2,vboxusers + username</computeroutput>. + </para> + </note> + + </sect3> + + <sect3 id="install-linux-manual"> + + <title>Performing a Manual Installation</title> + + <para> + If you cannot use the shell script installer described in + <xref linkend="install-linux-alt-installer"/>, you can perform + a manual installation. Run the installer as follows: + </para> + +<screen>./VirtualBox.run --keep --noexec</screen> + + <para> + This will unpack all the files needed for installation in the + directory <computeroutput>install</computeroutput> under the + current directory. The &product-name; application files are + contained in + <computeroutput>VirtualBox.tar.bz2</computeroutput> which you + can unpack to any directory on your system. For example: + </para> + +<screen>sudo mkdir /opt/VirtualBox +sudo tar jxf ./install/VirtualBox.tar.bz2 -C /opt/VirtualBox</screen> + + <para> + To run the same example as root, use the following commands: + </para> + +<screen>mkdir /opt/VirtualBox +tar jxf ./install/VirtualBox.tar.bz2 -C /opt/VirtualBox</screen> + + <para> + The sources for &product-name;'s kernel module are provided in + the <computeroutput>src</computeroutput> directory. To build + the module, change to the directory and use the following + command: + </para> + +<screen>make</screen> + + <para> + If everything builds correctly, run the following command to + install the module to the appropriate module directory: + </para> + +<screen>sudo make install</screen> + + <para> + In case you do not have sudo, switch the user account to root + and run the following command: + </para> + +<screen>make install</screen> + + <para> + The &product-name; kernel module needs a device node to + operate. The above <command>make</command> command will tell + you how to create the device node, depending on your Linux + system. The procedure is slightly different for a classical + Linux setup with a <computeroutput>/dev</computeroutput> + directory, a system with the now deprecated + <command>devfs</command> and a modern Linux system with + <command>udev</command>. + </para> + + <para> + On certain Linux distributions, you might experience + difficulties building the module. You will have to analyze the + error messages from the build system to diagnose the cause of + the problems. In general, make sure that the correct Linux + kernel sources are used for the build process. + </para> + + <para> + Note that the <computeroutput>/dev/vboxdrv</computeroutput> + kernel module device node must be owned by root:root and must + be read/writable only for the user. + </para> + + <para> + Next, you install the system initialization script for the + kernel module and activate the initialization script using the + right method for your distribution, as follows: + </para> + +<screen>cp /opt/VirtualBox/vboxdrv.sh /sbin/rcvboxdrv</screen> + + <para> + This example assumes you installed &product-name; to the + <computeroutput>/opt/VirtualBox</computeroutput> directory. + </para> + + <para> + Create a configuration file for &product-name;, as follows: + </para> + +<screen>mkdir /etc/vbox +echo INSTALL_DIR=/opt/VirtualBox > /etc/vbox/vbox.cfg</screen> + + <para> + Create the following symbolic links: + </para> + +<screen>ln -sf /opt/VirtualBox/VBox.sh /usr/bin/VirtualBox +ln -sf /opt/VirtualBox/VBox.sh /usr/bin/VBoxManage +ln -sf /opt/VirtualBox/VBox.sh /usr/bin/VBoxHeadless</screen> + + </sect3> + + <sect3 id="install-linux-update-uninstall"> + + <title>Updating and Uninstalling &product-name;</title> + + <para> + Before updating or uninstalling &product-name;, you must + terminate any virtual machines which are currently running and + exit the &product-name; or VBoxSVC applications. To update + &product-name;, simply run the installer of the updated + version. To uninstall &product-name;, run the installer as + follows: + </para> + +<screen>sudo ./VirtualBox.run uninstall</screen> + + <para> + As root, you can use the following command: + </para> + +<screen>./VirtualBox.run uninstall</screen> + + <para> + You can uninstall the .run package as follows: + </para> + +<screen>/opt/VirtualBox/uninstall.sh</screen> + + <para> + To manually uninstall &product-name;, perform the manual + installation steps in reverse order. + </para> + + </sect3> + + <sect3 id="install-linux-debian-automatic"> + + <title>Automatic Installation of Debian Packages</title> + + <para> + The Debian packages will request some user feedback when + installed for the first time. The debconf system is used to + perform this task. To prevent any user interaction during + installation, default values can be defined. A file + <computeroutput>vboxconf</computeroutput> can contain the + following debconf settings: + </para> + +<screen>virtualbox virtualbox/module-compilation-allowed boolean true +virtualbox virtualbox/delete-old-modules boolean true</screen> + + <para> + The first line enables compilation of the vboxdrv kernel + module if no module was found for the current kernel. The + second line enables the package to delete any old vboxdrv + kernel modules compiled by previous installations. + </para> + + <para> + These default settings can be applied prior to the + installation of the &product-name; Debian package, as follows: + </para> + +<screen>debconf-set-selections vboxconf</screen> + + <para> + In addition there are some common configuration options that + can be set prior to the installation. See + <xref + linkend="linux_install_opts" />. + </para> + + </sect3> + + <sect3 id="install-linux-rpm-automatic"> + + <title>Automatic Installation of RPM Packages</title> + + <para> + The RPM format does not provide a configuration system + comparable to the debconf system. See + <xref + linkend="linux_install_opts" /> for how to set + some common installation options provided by &product-name;. + </para> + + </sect3> + + <sect3 id="linux_install_opts"> + + <title>Automatic Installation Options</title> + + <para> + To configure the installation process for .deb and .rpm + packages, you can create a response file named + <computeroutput>/etc/default/virtualbox</computeroutput>. The + automatic generation of the udev rule can be prevented with + the following setting: + </para> + +<screen>INSTALL_NO_UDEV=1</screen> + + <para> + The creation of the group vboxusers can be prevented as + follows: + </para> + +<screen>INSTALL_NO_GROUP=1</screen> + + <para> + If the following line is specified, the package installer will + not try to build the <computeroutput>vboxdrv</computeroutput> + kernel module if no module fitting the current kernel was + found. + </para> + +<screen>INSTALL_NO_VBOXDRV=1</screen> + + </sect3> + + </sect2> + + <sect2 id="install-linux-vboxusers"> + + <title>The vboxusers Group</title> + + <para> + The Linux installers create the system user group + <computeroutput>vboxusers</computeroutput> during installation. + Any system user who is going to use USB devices from + &product-name; guests must be a member of that group. A user can + be made a member of the group + <computeroutput>vboxusers</computeroutput> through the GUI + user/group management or using the following command: + </para> + +<screen>sudo usermod -a -G vboxusers username</screen> + + </sect2> + + <sect2 id="startingvboxonlinux"> + + <title>Starting &product-name; on Linux</title> + + <para> + The easiest way to start a &product-name; program is by running + the program of your choice (<command>VirtualBox</command>, + <command>VBoxManage</command>, or + <command>VBoxHeadless</command>) from a terminal. These are + symbolic links to <command>VBox.sh</command> that start the + required program for you. + </para> + + <para> + The following detailed instructions should only be of interest + if you wish to execute &product-name; without installing it + first. You should start by compiling the + <computeroutput>vboxdrv</computeroutput> kernel module and + inserting it into the Linux kernel. &product-name; consists of a + service daemon, <computeroutput>VBoxSVC</computeroutput>, and + several application programs. The daemon is automatically + started if necessary. All &product-name; applications will + communicate with the daemon through UNIX local domain sockets. + There can be multiple daemon instances under different user + accounts and applications can only communicate with the daemon + running under the user account as the application. The local + domain socket resides in a subdirectory of your system's + directory for temporary files called + <computeroutput>.vbox-<username>-ipc</computeroutput>. In + case of communication problems or server startup problems, you + may try to remove this directory. + </para> + + <para> + All &product-name; applications (<command>VirtualBox</command>, + <command>VBoxManage</command>, and + <command>VBoxHeadless</command>) require the &product-name; + directory to be in the library path, as follows: + </para> + +<screen>LD_LIBRARY_PATH=. ./VBoxManage showvminfo "Windows XP"</screen> + + </sect2> + + </sect1> + + <sect1 id="install-solaris-host"> + + <title>Installing on Oracle Solaris Hosts</title> + + <para> + For the specific versions of Oracle Solaris that are supported as + host operating systems, see <xref + linkend="hostossupport" />. + </para> + + <para> + If you have a previously installed instance of &product-name; on + your Oracle Solaris host, please uninstall it first before + installing a new instance. See + <xref linkend="uninstall-solaris-host" /> for uninstall + instructions. + </para> + + <sect2 id="install-solaris-performing"> + + <title>Performing the Installation</title> + + <para> + &product-name; is available as a standard Oracle Solaris + package. Download the &product-name; SunOS package which + includes the 64-bit versions of &product-name;. <emphasis>The + installation must be performed as root and from the global + zone</emphasis> as the &product-name; installer loads kernel + drivers which cannot be done from non-global zones. To verify + which zone you are currently in, execute the + <command>zonename</command> command. Execute the following + commands: + </para> + +<screen>gunzip -cd VirtualBox-<replaceable>version-number</replaceable>-SunOS.tar.gz | tar xvf -</screen> + + <para> + The &product-name; kernel package is no longer a separate + package and has been integrated into the main package. Install + the &product-name; package as follows: + </para> + +<screen>pkgadd -d VirtualBox-<replaceable>version-number</replaceable>-SunOS.pkg</screen> + + <para> + The installer will then prompt you to enter the package you wish + to install. Choose <emphasis role="bold">1</emphasis> or + <emphasis role="bold">all</emphasis> and proceed. Next the + installer will ask you if you want to allow the postinstall + script to be executed. Choose <emphasis role="bold">y</emphasis> + and proceed, as it is essential to execute this script which + installs the &product-name; kernel module. Following this + confirmation the installer will install &product-name; and + execute the postinstall setup script. + </para> + + <para> + Once the postinstall script has been executed your installation + is now complete. You may now safely delete the uncompressed + package and <computeroutput>autoresponse</computeroutput> files + from your system. &product-name; is installed in + <computeroutput>/opt/VirtualBox</computeroutput>. + </para> + + <note> + <para> + If you need to use &product-name; from non-global zones, see + <xref linkend="solaris-zones" />. + </para> + </note> + + </sect2> + + <sect2 id="install-solaris-vboxuser"> + + <title>The vboxuser Group</title> + + <para> + The installer creates the system user group + <computeroutput>vboxuser</computeroutput> during installation + for Oracle Solaris hosts that support the USB features required + by &product-name;. Any system user who is going to use USB + devices from &product-name; guests must be a member of this + group. A user can be made a member of this group through the GUI + user/group management or at the command line by executing as + root: + </para> + +<screen>usermod -G vboxuser username</screen> + + <para> + Note that adding an active user to that group will require that + user to log out and back in again. This should be done manually + after successful installation of the package. + </para> + + </sect2> + + <sect2 id="install-solaris-starting"> + + <title>Starting &product-name; on Oracle Solaris</title> + + <para> + The easiest way to start a &product-name; program is by running + the program of your choice (<command>VirtualBox</command>, + <command>VBoxManage</command>, or + <command>VBoxHeadless</command>) from a terminal. These are + symbolic links to <command>VBox.sh</command> that start the + required program for you. + </para> + + <para> + Alternatively, you can directly invoke the required programs + from <computeroutput>/opt/VirtualBox</computeroutput>. Using the + links provided is easier as you do not have to enter the full + path. + </para> + + <para> + You can configure some elements of the + <command>VirtualBox</command> Qt GUI, such as fonts and colours, + by running <command>VBoxQtconfig</command> from the terminal. + </para> + + </sect2> + + <sect2 id="uninstall-solaris-host"> + + <title>Uninstallation</title> + + <para> + Uninstallation of &product-name; on Oracle Solaris requires root + permissions. To perform the uninstallation, start a root + terminal session and run the following command: + </para> + +<screen>pkgrm SUNWvbox</screen> + + <para> + After confirmation, this will remove &product-name; from your + system. + </para> + + <para> + If you are uninstalling &product-name; version 3.0 or lower, you + need to remove the &product-name; kernel interface package, as + follows: + </para> + +<screen>pkgrm SUNWvboxkern</screen> + + </sect2> + + <sect2 id="install-solaris-unattended"> + + <title>Unattended Installation</title> + + <para> + To perform a non-interactive installation of &product-name; + there is a response file named + <computeroutput>autoresponse</computeroutput>, that the + installer will use for responses to inputs rather than ask them + from you. + </para> + + <para> + Extract the tar.gz package as described in the normal + installation instructions. Then open a root terminal session and + run the following command: + </para> + +<screen>pkgadd -d VirtualBox-<replaceable>version-number</replaceable>-SunOS-x86 -n -a autoresponse SUNWvbox</screen> + + <para> + To perform a non-interactive uninstallation, open a root + terminal session and run the following command: + </para> + +<screen>pkgrm -n -a /opt/VirtualBox/autoresponse SUNWvbox</screen> + + </sect2> + + <sect2 id="solaris-zones"> + + <title>Configuring a Zone for Running &product-name;</title> + + <para> + Assuming that &product-name; has already been installed into + your zone, you need to give the zone access to &product-name;'s + device node. This is done by performing the following steps. + Start a root terminal and run the following command: + </para> + +<screen>zonecfg -z vboxzone</screen> + + <para> + Replace "vboxzone" with the name of the zone where you intend to + run &product-name;. + </para> + + <para> + Use<computeroutput>zonecfg</computeroutput> to add the + <computeroutput>device</computeroutput> resource and + <computeroutput>match</computeroutput> properties to the zone, + as follows: + </para> + +<screen>zonecfg:vboxzone>add device +zonecfg:vboxzone:device>set match=/dev/vboxdrv +zonecfg:vboxzone:device>end +zonecfg:vboxzone>add device +zonecfg:vboxzone:device>set match=/dev/vboxdrvu +zonecfg:vboxzone:device>end +zonecfg:vboxzone>exit</screen> + + <para> + If you are running &product-name; 2.2.0 or above on Oracle + Solaris 11 or above, you may also add a device for + <computeroutput>/dev/vboxusbmon</computeroutput>, similar to + that shown above. This does not apply to Oracle Solaris 10 + hosts, due to lack of USB support. + </para> + + <para> + If you are not using sparse root zones, you will need to + loopback mount <computeroutput>/opt/VirtualBox</computeroutput> + from the global zone into the non-global zone at the same path. + This is specified below using the + <computeroutput>dir</computeroutput> attribute and the + <computeroutput>special</computeroutput> attribute. For example: + </para> + +<screen>zonecfg:vboxzone>add fs +zonecfg:vboxzone:device>set dir=/opt/VirtualBox +zonecfg:vboxzone:device>set special=/opt/VirtualBox +zonecfg:vboxzone:device>set type=lofs +zonecfg:vboxzone:device>end +zonecfg:vboxzone>exit</screen> + + <para> + Reboot the zone using <computeroutput>zoneadm</computeroutput> + and you should be able to run &product-name; from within the + configured zone. + </para> + + </sect2> + + </sect1> + +</chapter> diff --git a/doc/manual/en_US/user_Introduction.xml b/doc/manual/en_US/user_Introduction.xml new file mode 100644 index 00000000..091dff26 --- /dev/null +++ b/doc/manual/en_US/user_Introduction.xml @@ -0,0 +1,3511 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" +"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"[ +<!ENTITY % all.entities SYSTEM "all-entities.ent"> +%all.entities; +]> +<chapter id="Introduction"> + + <title>First Steps</title> + + <para> + Welcome to &product-name;. + </para> + + <para> + &product-name; is a cross-platform virtualization application. What + does that mean? For one thing, it installs on your existing Intel or + AMD-based computers, whether they are running Windows, Mac OS X, + Linux, or Oracle Solaris operating systems (OSes). Secondly, it + extends the capabilities of your existing computer so that it can + run multiple OSes, inside multiple virtual machines, at the same + time. As an example, you can run Windows and Linux on your Mac, run + Windows Server 2016 on your Linux server, run Linux on your Windows + PC, and so on, all alongside your existing applications. You can + install and run as many virtual machines as you like. The only + practical limits are disk space and memory. + </para> + + <para> + &product-name; is deceptively simple yet also very powerful. It can + run everywhere from small embedded systems or desktop class machines + all the way up to datacenter deployments and even Cloud + environments. + </para> + + <para> + The following screenshot shows how &product-name;, installed on an + Apple Mac OS X computer, is running Windows Server 2016 in a virtual + machine window. + </para> + + <figure id="fig-win2016-intro"> + <title>Windows Server 2016 Virtual Machine, Displayed on a Mac OS X Host</title> + <mediaobject> + <imageobject> + <imagedata align="center" fileref="images/vm-vista-running.png" + width="14cm" /> + </imageobject> + </mediaobject> + </figure> + + <para> + In this User Manual, we will begin simply with a quick introduction + to virtualization and how to get your first virtual machine running + with the easy-to-use &product-name; graphical user interface. + Subsequent chapters will go into much more detail covering more + powerful tools and features, but fortunately, it is not necessary to + read the entire User Manual before you can use &product-name;. + </para> + + <para> + You can find a summary of &product-name;'s capabilities in + <xref linkend="features-overview" />. For existing &product-name; + users who just want to find out what is new in this release, see the + <xref linkend="ChangeLog"/>. + </para> + + <sect1 id="virt-why-useful"> + + <title>Why is Virtualization Useful?</title> + + <para> + The techniques and features that &product-name; provides are + useful in the following scenarios: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Running multiple operating systems + simultaneously.</emphasis> &product-name; enables you to run + more than one OS at a time. This way, you can run software + written for one OS on another, such as Windows software on + Linux or a Mac, without having to reboot to use it. Since you + can configure what kinds of <emphasis>virtual</emphasis> + hardware should be presented to each such OS, you can install + an old OS such as DOS or OS/2 even if your real computer's + hardware is no longer supported by that OS. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Easier software + installations.</emphasis> Software vendors can use virtual + machines to ship entire software configurations. For example, + installing a complete mail server solution on a real machine + can be a tedious task. With &product-name;, such a complex + setup, often called an <emphasis>appliance</emphasis>, can be + packed into a virtual machine. Installing and running a mail + server becomes as easy as importing such an appliance into + &product-name;. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Testing and disaster + recovery.</emphasis> Once installed, a virtual machine and its + virtual hard disks can be considered a + <emphasis>container</emphasis> that can be arbitrarily frozen, + woken up, copied, backed up, and transported between hosts. + </para> + + <para> + On top of that, with the use of another &product-name; feature + called <emphasis>snapshots</emphasis>, one can save a + particular state of a virtual machine and revert back to that + state, if necessary. This way, one can freely experiment with + a computing environment. If something goes wrong, such as + prolems after installing software or infecting the guest with + a virus, you can easily switch back to a previous snapshot and + avoid the need of frequent backups and restores. + </para> + + <para> + Any number of snapshots can be created, allowing you to travel + back and forward in virtual machine time. You can delete + snapshots while a VM is running to reclaim disk space. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Infrastructure consolidation.</emphasis> + Virtualization can significantly reduce hardware and + electricity costs. Most of the time, computers today only use + a fraction of their potential power and run with low average + system loads. A lot of hardware resources as well as + electricity is thereby wasted. So, instead of running many + such physical computers that are only partially used, one can + pack many virtual machines onto a few powerful hosts and + balance the loads between them. + </para> + </listitem> + + </itemizedlist> + + </sect1> + + <sect1 id="virtintro"> + + <title>Some Terminology</title> + + <para> + When dealing with virtualization, and also for understanding the + following chapters of this documentation, it helps to acquaint + oneself with a bit of crucial terminology, especially the + following terms: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="strong">Host operating system (host + OS).</emphasis> This is the OS of the physical computer on + which &product-name; was installed. There are versions of + &product-name; for Windows, Mac OS X, Linux, and Oracle + Solaris hosts. See <xref linkend="hostossupport" />. + </para> + + <para> + Most of the time, this manual discusses all &product-name; + versions together. There may be platform-specific differences + which we will point out where appropriate. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="strong">Guest operating system (guest + OS).</emphasis> This is the OS that is running inside the + virtual machine. Theoretically, &product-name; can run any x86 + OS. such as DOS, Windows, OS/2, FreeBSD, and OpenBSD. But to + achieve near-native performance of the guest code on your + machine, we had to go through a lot of optimizations that are + specific to certain OSes. So while your favorite OS + <emphasis>may</emphasis> run as a guest, we officially support + and optimize for a select few, which include the most common + OSes. + </para> + + <para> + See <xref linkend="guestossupport" />. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="strong">Virtual machine (VM).</emphasis> This + is the special environment that &product-name; creates for + your guest OS while it is running. In other words, you run + your guest OS <emphasis>in</emphasis> a VM. Normally, a VM + will be shown as a window on your computer's desktop, but + depending on which of the various frontends of &product-name; + you use, it can be displayed in full screen mode or remotely + on another computer. + </para> + + <para> + In a more abstract way, internally, &product-name; thinks of a + VM as a set of parameters that determine its behavior. They + include hardware settings, such as: how much memory the VM + should have, what hard disks &product-name; should virtualize + through which container files, what CDs are mounted. They also + include state information, such as: whether the VM is + currently running, saved, if the VM has snapshots. These + settings are mirrored in the VirtualBox Manager window, as + well as the <command>VBoxManage</command> command. See + <xref linkend="vboxmanage" />. In other words, a VM is also + what you can see in its + <emphasis role="bold">Settings</emphasis> dialog. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="strong">Guest Additions.</emphasis> This + refers to special software packages which are shipped with + &product-name; but designed to be installed + <emphasis>inside</emphasis> a VM to improve performance of the + guest OS and to add extra features. See + <xref linkend="guestadditions" />. + </para> + </listitem> + + </itemizedlist> + + </sect1> + + <sect1 id="features-overview"> + + <title>Features Overview</title> + + <para> + The following is a brief outline of &product-name;'s main + features: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Portability.</emphasis> &product-name; + runs on a large number of 32-bit and 64-bit host OS. See + <xref + linkend="hostossupport" />. + </para> + + <para> + &product-name; is a so-called <emphasis>hosted</emphasis> + hypervisor, sometimes referred to as a <emphasis>type + 2</emphasis> hypervisor. Whereas a + <emphasis>bare-metal</emphasis> or <emphasis>type 1</emphasis> + hypervisor would run directly on the hardware, &product-name; + requires an existing OS to be installed. It can thus run + alongside existing applications on that host. + </para> + + <para> + To a very large degree, &product-name; is functionally + identical on all of the host platforms, and the same file and + image formats are used. This enables you to run virtual + machines created on one host on another host with a different + host OS. For example, you can create a virtual machine on + Windows and then run it under Linux. + </para> + + <para> + In addition, virtual machines can easily be imported and + exported using the Open Virtualization Format (OVF), an + industry standard created for this purpose. You can even + import OVFs that were created with a different virtualization + software. See <xref linkend="ovf" />. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">No hardware virtualization + required.</emphasis> For many scenarios, &product-name; does + not require the processor features built into newer hardware + like Intel VT-x or AMD-V. As opposed to many other + virtualization solutions, you can therefore use &product-name; + even on older hardware where these features are not present. + See <xref + linkend="hwvirt" />. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Guest Additions: shared folders, + seamless windows, 3D virtualization.</emphasis> The + &product-name; Guest Additions are software packages which can + be installed <emphasis>inside</emphasis> of supported guest + systems to improve their performance and to provide additional + integration and communication with the host system. After + installing the Guest Additions, a virtual machine will support + automatic adjustment of video resolutions, seamless windows, + accelerated 3D graphics and more. See + <xref linkend="guestadditions" />. + </para> + + <para> + In particular, Guest Additions provide for "shared folders", + which let you access files from the host system from within a + guest machine. See <xref linkend="sharedfolders" />. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Great hardware support.</emphasis> Among + others, &product-name; supports the following: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Guest multiprocessing + (SMP).</emphasis> &product-name; can present up to 32 + virtual CPUs to each virtual machine, irrespective of how + many CPU cores are physically present on your host. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">USB device support.</emphasis> + &product-name; implements a virtual USB controller and + enables you to connect arbitrary USB devices to your + virtual machines without having to install device-specific + drivers on the host. USB support is not limited to certain + device categories. See <xref linkend="settings-usb" />. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Hardware compatibility.</emphasis> + &product-name; virtualizes a vast array of virtual + devices, among them many devices that are typically + provided by other virtualization platforms. That includes + IDE, SCSI and SATA hard disk controllers, several virtual + network cards and sound cards, virtual serial and parallel + ports and an Input/Output Advanced Programmable Interrupt + Controller (I/O APIC), which is found in many modern PC + systems. This eases cloning of PC images from real + machines and importing of third-party virtual machines + into &product-name;. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Full ACPI support.</emphasis> The + Advanced Configuration and Power Interface (ACPI) is fully + supported by &product-name;. This eases cloning of PC + images from real machines or third-party virtual machines + into &product-name;. With its unique <emphasis>ACPI power + status support</emphasis>, &product-name; can even report + to ACPI-aware guest OSes the power status of the host. For + mobile systems running on battery, the guest can thus + enable energy saving and notify the user of the remaining + power, for example in full screen modes. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Multiscreen resolutions.</emphasis> + &product-name; virtual machines support screen resolutions + many times that of a physical screen, allowing them to be + spread over a large number of screens attached to the host + system. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Built-in iSCSI support.</emphasis> + This unique feature enables you to connect a virtual + machine directly to an iSCSI storage server without going + through the host system. The VM accesses the iSCSI target + directly without the extra overhead that is required for + virtualizing hard disks in container files. See + <xref linkend="storage-iscsi" />. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">PXE Network boot.</emphasis> The + integrated virtual network cards of &product-name; fully + support remote booting using the Preboot Execution + Environment (PXE). + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Multigeneration branched + snapshots.</emphasis> &product-name; can save arbitrary + snapshots of the state of the virtual machine. You can go back + in time and revert the virtual machine to any such snapshot + and start an alternative VM configuration from there, + effectively creating a whole snapshot tree. See + <xref linkend="snapshots" />. You can create and delete + snapshots while the virtual machine is running. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">VM groups.</emphasis> &product-name; + provides a groups feature that enables the user to organize + and control virtual machines collectively, as well as + individually. In addition to basic groups, it is also possible + for any VM to be in more than one group, and for groups to be + nested in a hierarchy. This means you can have groups of + groups. In general, the operations that can be performed on + groups are the same as those that can be applied to individual + VMs: Start, Pause, Reset, Close (Save state, Send Shutdown, + Poweroff), Discard Saved State, Show in File System, Sort. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Clean architecture and unprecedented + modularity.</emphasis> &product-name; has an extremely modular + design with well-defined internal programming interfaces and a + clean separation of client and server code. This makes it easy + to control it from several interfaces at once. For example, + you can start a VM simply by clicking on a button in the + &product-name; graphical user interface and then control that + machine from the command line, or even remotely. See + <xref linkend="frontends" />. + </para> + + <para> + Due to its modular architecture, &product-name; can also + expose its full functionality and configurability through a + comprehensive <emphasis role="bold">software development kit + (SDK),</emphasis> which enables integration of &product-name; + with other software systems. See + <xref linkend="VirtualBoxAPI" />. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Remote machine display.</emphasis> The + VirtualBox Remote Desktop Extension (VRDE) enables + high-performance remote access to any running virtual machine. + This extension supports the Remote Desktop Protocol (RDP) + originally built into Microsoft Windows, with special + additions for full client USB support. + </para> + + <para> + The VRDE does not rely on the RDP server that is built into + Microsoft Windows. Instead, the VRDE is plugged directly into + the virtualization layer. As a result, it works with guest + OSes other than Windows, even in text mode, and does not + require application support in the virtual machine either. The + VRDE is described in detail in <xref linkend="vrde" />. + </para> + + <para> + On top of this special capacity, &product-name; offers you + more unique features: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Extensible RDP + authentication.</emphasis> &product-name; already supports + Winlogon on Windows and PAM on Linux for RDP + authentication. In addition, it includes an easy-to-use + SDK which enables you to create arbitrary interfaces for + other methods of authentication. See + <xref linkend="vbox-auth" />. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">USB over RDP.</emphasis> Using RDP + virtual channel support, &product-name; also enables you + to connect arbitrary USB devices locally to a virtual + machine which is running remotely on a &product-name; RDP + server. See <xref linkend="usb-over-rdp" />. + </para> + </listitem> + + </itemizedlist> + </listitem> + + </itemizedlist> + + </sect1> + + <sect1 id="hostossupport"> + + <title>Supported Host Operating Systems</title> + + <para> + Currently, &product-name; runs on the following host OSes: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Windows hosts (64-bit):</emphasis> + </para> + + <itemizedlist> + + <listitem> + <para> + Windows 7 + </para> + </listitem> + + <listitem> + <para> + Windows 8 + </para> + </listitem> + + <listitem> + <para> + Windows 8.1 + </para> + </listitem> + + <listitem> + <para> + Windows 10 RTM (1507) build 10240 + </para> + </listitem> + + <listitem> + <para> + Windows 10 November Update (1511) build 10586 + </para> + </listitem> + + <listitem> + <para> + Windows 10 Anniversary Update (1607) build 14393 + </para> + </listitem> + + <listitem> + <para> + Windows 10 Creators Update (1703) build 15063 + </para> + </listitem> + + <listitem> + <para> + Windows 10 Fall Creators Update (1709) build 16299 + </para> + </listitem> + + <listitem> + <para> + Windows 10 April 2018 Update (1803) build 17134 + </para> + </listitem> + + <listitem> + <para> + Windows 10 October 2018 Update (1809) build 17763 + </para> + </listitem> + + <listitem> + <para> + Windows Server 2008 R2 + </para> + </listitem> + + <listitem> + <para> + Windows Server 2012 + </para> + </listitem> + + <listitem> + <para> + Windows Server 2012 R2 + </para> + </listitem> + + <listitem> + <para> + Windows Server 2016 + </para> + </listitem> + + <listitem> + <para> + Windows Server 2019 + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Mac OS X hosts (64-bit):</emphasis> + </para> + + <itemizedlist> + + <listitem> + <para> + 10.12 (Sierra) + </para> + </listitem> + + <listitem> + <para> + 10.13 (High Sierra) + </para> + </listitem> + + <listitem> + <para> + 10.14 (Mojave) + </para> + </listitem> + + </itemizedlist> + + <para> + Intel hardware is required. See also + <xref + linkend="KnownIssues" />. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Linux hosts (64-bit).</emphasis> + Includes the following: + </para> + + <itemizedlist> + + <listitem> + <para> + Ubuntu 16.04 LTS, 18.04 LTS and 18.10 + </para> + </listitem> + + <listitem> + <para> + Debian GNU/Linux 9 ("Stretch") + </para> + </listitem> + + <listitem> + <para> + Oracle Linux 6 and 7 + </para> + </listitem> + + <listitem> + <para> + Redhat Enterprise Linux 6 and 7 + </para> + </listitem> + + <listitem> + <para> + Fedora 28 and 29 + </para> + </listitem> + + <listitem> + <para> + Gentoo Linux + </para> + </listitem> + + <listitem> + <para> + SUSE Linux Enterprise server 12 and 15 + </para> + </listitem> + + <listitem> + <para> + openSUSE Leap 42.3 and 15.0 + </para> + </listitem> + + </itemizedlist> + + <para> + It should be possible to use &product-name; on most systems + based on Linux kernel 2.6 or 3.x using either the + &product-name; installer or by doing a manual installation. + See <xref linkend="install-linux-host" />. However, the + formally tested and supported Linux distributions are those + for which we offer a dedicated package. + </para> + + <para> + Note that Linux 2.4-based host OSes are no longer supported. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Oracle Solaris hosts (64-bit + only).</emphasis> The following versions are supported with + the restrictions listed in <xref linkend="KnownIssues" />: + </para> + + <itemizedlist> + + <listitem> + <para> + Oracle Solaris 11 + </para> + </listitem> + + </itemizedlist> + </listitem> + + </itemizedlist> + + <para> + Note that the above list is informal. Oracle support for customers + who have a support contract is limited to a subset of the listed + host OSes. Also, any feature which is marked as + <emphasis>experimental</emphasis> is not supported. Feedback and + suggestions about such features are welcome. + </para> + + </sect1> + + <sect1 id="hostcpurequirements"> + + <title>Host CPU Requirements</title> + + <para> + SSE2 is required, starting with &product-name; version 5.2.10 and + version 5.1.24. + </para> + + </sect1> + + <sect1 id="intro-installing"> + + <title>Installing &product-name; and Extension Packs</title> + + <para> + &product-name; comes in many different packages, and installation + depends on your host OS. If you have installed software before, + installation should be straightforward. On each host platform, + &product-name; uses the installation method that is most common + and easy to use. If you run into trouble or have special + requirements, see <xref linkend="installation" /> for details + about the various installation methods. + </para> + + <para> + &product-name; is split into the following components: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Base package.</emphasis> The base + package consists of all open source components and is licensed + under the GNU General Public License V2. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Extension packs.</emphasis> Additional + extension packs can be downloaded which extend the + functionality of the &product-name; base package. Currently, + Oracle provides a single extension pack, available from: + <ulink + url="http://www.virtualbox.org">http://www.virtualbox.org</ulink>. + The extension pack provides the following added functionality: + </para> + + <orderedlist> + + <listitem> + <para> + The virtual USB 2.0 (EHCI) device. See + <xref linkend="settings-usb" />. + </para> + </listitem> + + <listitem> + <para> + The virtual USB 3.0 (xHCI) device. See + <xref + linkend="settings-usb" />. + </para> + </listitem> + + <listitem> + <para> + VirtualBox Remote Desktop Protocol (VRDP) support. See + <xref linkend="vrde" />. + </para> + </listitem> + + <listitem> + <para> + Host webcam passthrough. See + <xref linkend="webcam-passthrough" />. + </para> + </listitem> + + <listitem> + <para> + Intel PXE boot ROM. + </para> + </listitem> + + <listitem> + <para> + Experimental support for PCI passthrough on Linux hosts. + See <xref linkend="pcipassthrough" />. + </para> + </listitem> + + <listitem> + <para> + Disk image encryption with AES algorithm. See + <xref linkend="diskencryption" />. + </para> + </listitem> + + </orderedlist> + + <para> + &product-name; extension packages have a + <computeroutput>.vbox-extpack</computeroutput> file name + extension. To install an extension, simply double-click on the + package file and a <emphasis role="bold">Network Operations + Manager</emphasis> window is shown to guide you through the + required steps. + </para> + + <para> + To view the extension packs that are currently installed, + start the VirtualBox Manager, as shown in + <xref linkend="intro-starting"/>. From the + <emphasis role="bold">File</emphasis> menu, select + <emphasis role="bold">Preferences</emphasis>. In the window + that displays, go to the + <emphasis role="bold">Extensions</emphasis> category. This + shows you the extensions which are currently installed, and + enables you to remove a package or add a new package. + </para> + + <para> + Alternatively, you can use the <command>VBoxManage</command> + command line. See <xref linkend="vboxmanage-extpack" />. + </para> + </listitem> + + </itemizedlist> + + </sect1> + + <sect1 id="intro-starting"> + + <title>Starting &product-name;</title> + + <para> + After installation, you can start &product-name; as follows: + </para> + + <itemizedlist> + + <listitem> + <para> + On a Windows host, in the + <emphasis role="bold">Programs</emphasis> menu, click on the + item in the <emphasis role="bold">VirtualBox</emphasis> group. + On Vista or Windows 7, you can also enter + <computeroutput>VirtualBox</computeroutput> in the search box + of the <emphasis role="bold">Start</emphasis> menu. + </para> + </listitem> + + <listitem> + <para> + On a Mac OS X host, in the Finder, double-click on the + <emphasis role="bold">VirtualBox</emphasis> item in the + Applications folder. You may want to drag this item onto your + Dock. + </para> + </listitem> + + <listitem> + <para> + On a Linux or Oracle Solaris host, depending on your desktop + environment, an &product-name; item may have been placed in + either the System or System Tools group of your + <emphasis role="bold">Applications</emphasis> menu. + Alternatively, you can enter + <computeroutput>VirtualBox</computeroutput> in a terminal + window. + </para> + </listitem> + + </itemizedlist> + + <para> + When you start &product-name; for the first time, a window like + the following is displayed: + </para> + + <figure id="fig-vbox-manager-initial"> + <title>VirtualBox Manager Window, After Initial Startup</title> + <mediaobject> + <imageobject> + <imagedata align="center" fileref="images/virtualbox-main-empty.png" + width="10cm" /> + </imageobject> + </mediaobject> + </figure> + + <para> + This window is called the <emphasis role="bold">VirtualBox + Manager</emphasis>. The left pane will later list all your virtual + machines. Since you have not yet created any virtual machines, + this list is empty. The <emphasis role="bold">Tools</emphasis> + button provides access to user tools, such as the Virtual Media + Manager. + </para> + + <para> + The pane on the right displays the properties of the currently + selected virtual machine. Since you do not have any machines yet, + the pane displays a welcome message. + </para> + + <para> + The buttons on the right pane are used to create and work with + VMs. + </para> + + <para> + The following figure gives an idea of what &product-name; might + look like after you have created some VMs. + </para> + + <figure id="fig-vbox-manager-populated"> + <title>VirtualBox Manager Window, After Creating Virtual Machines</title> + <mediaobject> + <imageobject> + <imagedata align="center" fileref="images/virtualbox-main.png" + width="12cm" /> + </imageobject> + </mediaobject> + </figure> + + </sect1> + + <sect1 id="gui-createvm"> + + <title>Creating Your First Virtual Machine</title> + + <para> + Click <emphasis role="bold">New</emphasis> in the VirtualBox + Manager window. A wizard is shown, to guide you through setting up + a new virtual machine (VM). + </para> + + <figure id="fig-new-vm-name"> + <title>Creating a New Virtual Machine: Name and Operating System</title> + <mediaobject> + <imageobject> + <imagedata align="center" fileref="images/create-vm-1.png" + width="10cm" /> + </imageobject> + </mediaobject> + </figure> + + <para> + On the following pages, the wizard will ask you for the bare + minimum of information that is needed to create a VM, in + particular: + </para> + + <orderedlist> + + <listitem> + <para> + The <emphasis role="bold">Name</emphasis> of the VM will later + be shown in the machine list of the VirtualBox Manager window, + and it will be used for the VM's files on disk. Even though + any name can be used, bear in mind that if you create a few + VMs, you will appreciate if you have given your VMs rather + informative names."My VM" would thus be less useful than + "Windows XP SP2 with OpenOffice", for example. + </para> + </listitem> + + <listitem> + <para> + The <emphasis role="bold">Machine Folder</emphasis> is the + location where VMs are stored on your computer. The default + folder location is shown. + </para> + </listitem> + + <listitem> + <para> + For <emphasis role="bold">Operating System Type</emphasis> + select the OS that you want to install later. The supported + OSes are grouped. If you want to install something very + unusual that is not listed, select + <emphasis role="bold">Other</emphasis>. Depending on your + selection, &product-name; will enable or disable certain VM + settings that your guest OS may require. This is particularly + important for 64-bit guests. See + <xref linkend="intro-64bitguests" />. It is therefore + recommended to always set it to the correct value. + </para> + </listitem> + + <listitem> + <para> + On the next page, select the <emphasis role="bold">Memory + (RAM)</emphasis> that &product-name; should allocate every + time the virtual machine is started. The amount of memory + given here will be taken away from your host machine and + presented to the guest OS, which will report this size as the + virtual computer's installed RAM. + </para> + + <caution> + <para> + Choose this setting carefully. The memory you give to the VM + will not be available to your host OS while the VM is + running, so do not specify more than you can spare. For + example, if your host machine has 1 GB of RAM and you enter + 512 MB as the amount of RAM for a particular virtual + machine, while that VM is running, you will only have 512 MB + left for all the other software on your host. If you run two + VMs at the same time, even more memory will be allocated for + the second VM, which may not even be able to start if that + memory is not available. On the other hand, you should + specify as much as your guest OS and your applications will + require to run properly. + </para> + </caution> + + <para> + A Windows XP guest will require at least a few hundred MB of + RAM to run properly, and Windows Vista will not install with + less than 512 MB. If you want to run graphics-intensive + applications in your VM, you may require even more RAM. + </para> + + <para> + As a rule of thumb, if you have 1 GB of RAM or more in your + host computer, it is usually safe to allocate 512 MB to each + VM. In any case, make sure you always have at least 256 to 512 + MB of RAM left on your host OS. Otherwise you may cause your + host OS to excessively swap out memory to your hard disk, + effectively bringing your host system to a standstill. + </para> + + <para> + As with the other settings, you can change this setting later, + after you have created the VM. + </para> + </listitem> + + <listitem> + <para> + Next, you must specify a <emphasis role="bold">Virtual Hard + Disk</emphasis> for your VM. + </para> + + <para> + There are many and potentially complicated ways in which + &product-name; can provide hard disk space to a VM, see + <xref linkend="storage" />, but the most common way is to use + a large image file on your "real" hard disk, whose contents + &product-name; presents to your VM as if it were a complete + hard disk. This file represents an entire hard disk then, so + you can even copy it to another host and use it with another + &product-name; installation. + </para> + + <para> + The wizard displays the following window: + </para> + + <figure id="fig-new-vm-hard-disk"> + <title>Creating a New Virtual Machine: Hard Disk</title> + <mediaobject> + <imageobject> + <imagedata align="center" fileref="images/create-vm-2.png" + width="10cm" /> + </imageobject> + </mediaobject> + </figure> + + <para> + At this screen, you have the following options: + </para> + + <itemizedlist> + + <listitem> + <para> + To create a new, empty virtual hard disk, click the + <emphasis role="bold">Create</emphasis> button. + </para> + </listitem> + + <listitem> + <para> + You can pick an <emphasis>existing</emphasis> disk image + file. + </para> + + <para> + The drop-down list presented in the window lists all disk + images which are currently remembered by &product-name;. + These disk images are currently attached to a virtual + machine, or have been attached to a virtual machine. + </para> + + <para> + Alternatively, click on the small + <emphasis role="bold">folder icon</emphasis> next to the + drop-down list. In the displayed file dialog, you can + click <emphasis role="bold">Add</emphasis> to select any + disk image file on your host disk. + </para> + </listitem> + + </itemizedlist> + + <para> + If you are using &product-name; for the first time, you will + want to create a new disk image. Click the + <emphasis role="bold">Create</emphasis> button. + </para> + + <para> + This displays another window, the <emphasis role="bold">Create + Virtual Hard Disk Wizard</emphasis> wizard. This wizard helps + you to create a new disk image file in the new virtual + machine's folder. + </para> + + <para> + &product-name; supports the following types of image files: + </para> + + <itemizedlist> + + <listitem> + <para> + A <emphasis role="bold">dynamically allocated + file</emphasis> will only grow in size when the guest + actually stores data on its virtual hard disk. It will + therefore initially be small on the host hard drive and + only later grow to the size specified as it is filled with + data. + </para> + </listitem> + + <listitem> + <para> + A <emphasis role="bold">fixed-size file</emphasis> will + immediately occupy the file specified, even if only a + fraction of the virtual hard disk space is actually in + use. While occupying much more space, a fixed-size file + incurs less overhead and is therefore slightly faster than + a dynamically allocated file. + </para> + </listitem> + + </itemizedlist> + + <para> + For details about the differences, see + <xref linkend="vdidetails" />. + </para> + + <para> + To prevent your physical hard disk from running full, + &product-name; limits the size of the image file. Still, it + needs to be large enough to hold the contents of your OS and + the applications you want to install. For a modern Windows or + Linux guest, you will probably need several gigabytes for any + serious use. The limit of the image file size can be changed + later, see <xref linkend="vboxmanage-modifyvdi"/>. + </para> + + <figure id="fig-new-vm-vdi"> + <title>Creating a New Virtual Machine: File Location and Size</title> + <mediaobject> + <imageobject> + <imagedata align="center" fileref="images/create-vdi-1.png" + width="10cm" /> + </imageobject> + </mediaobject> + </figure> + + <para> + After having selected or created your image file, click + <emphasis role="bold">Next</emphasis> to go to the next page. + </para> + </listitem> + + <listitem> + <para> + Click <emphasis role="bold">Create</emphasis>, to create your + new virtual machine. The virtual machine is displayed in the + list on the left side of the VirtualBox Manager window, with + the name that you entered initially. + </para> + </listitem> + + </orderedlist> + + <note> + <para> + After becoming familiar with the use of wizards, consider using + the Expert Mode available in some wizards. Where available, this + is selectable using a button, and speeds up the process of using + wizards. + </para> + </note> + + </sect1> + + <sect1 id="intro-running"> + + <title>Running Your Virtual Machine</title> + + <para> + To start a virtual machine, you have several options: + </para> + + <itemizedlist> + + <listitem> + <para> + Double-click on the VM's entry in the list in the VirtualBox + Manager window. + </para> + </listitem> + + <listitem> + <para> + Select the VM's entry in the list in the VirtualBox Manager + window, and click <emphasis role="bold">Start</emphasis> at + the top of the window. + </para> + </listitem> + + <listitem> + <para> + Go to the <computeroutput>VirtualBox VMs</computeroutput> + folder in your system user's home directory. Find the + subdirectory of the machine you want to start and double-click + on the machine settings file. This file has a + <computeroutput>.vbox</computeroutput> file extension. + </para> + </listitem> + + </itemizedlist> + + <para> + Starting a virtual machine displays a new window, and the virtual + machine which you selected will boot up. Everything which would + normally be seen on the virtual system's monitor is shown in the + window. See the screenshot image in + <xref linkend="Introduction"/>. + </para> + + <para> + In general, you can use the virtual machine as you would use a + real computer. There are couple of points worth mentioning + however. + </para> + + <sect2 id="intro-starting-vm-first-time"> + + <title>Starting a New VM for the First Time</title> + + <para> + When a VM is started for the first time, the + <emphasis role="bold">First Start Wizard</emphasis>, is + displayed. This wizard helps you to select an installation + medium. Since the VM is created empty, it would otherwise behave + just like a real computer with no OS installed. It will do + nothing and display an error message that no bootable OS was + found. + </para> + + <para> + For this reason, the wizard helps you to select a medium to + install an OS from. + </para> + + <itemizedlist> + + <listitem> + <para> + If you have physical CD or DVD media from which you want to + install your guest OS, such as a Windows installation CD or + DVD, put the media into your host's CD or DVD drive. + </para> + + <para> + In the wizard's drop-down list of installation media, select + <emphasis role="bold">Host Drive</emphasis> with the correct + drive letter. In the case of a Linux host, choose a device + file. This will allow your VM to access the media in your + host drive, and you can proceed to install from there. + </para> + </listitem> + + <listitem> + <para> + If you have downloaded installation media from the Internet + in the form of an ISO image file such as with a Linux + distribution, you would normally burn this file to an empty + CD or DVD and proceed as described above. With + &product-name; however, you can skip this step and mount the + ISO file directly. &product-name; will then present this + file as a CD or DVD-ROM drive to the virtual machine, much + like it does with virtual hard disk images. + </para> + + <para> + In this case, the wizard's drop-down list contains a list of + installation media that were previously used with + &product-name;. + </para> + + <para> + If your medium is not in the list, especially if you are + using &product-name; for the first time, click the small + folder icon next to the drop-down list to display a standard + file dialog. Here you can pick an image file on your host + disks. + </para> + </listitem> + + </itemizedlist> + + <para> + After completing the choices in the wizard, you will be able to + install your OS. + </para> + + </sect2> + + <sect2 id="keyb_mouse_normal"> + + <title>Capturing and Releasing Keyboard and Mouse</title> + + <para> + &product-name; provides a virtual USB tablet device to new + virtual machines through which mouse events are communicated to + the guest OS. If you are running a modern guest OS that can + handle such devices, mouse support may work out of the box + without the mouse being <emphasis>captured</emphasis> as + described below. See <xref linkend="settings-motherboard" />. + </para> + + <para> + Otherwise, if the virtual machine only sees standard PS/2 mouse + and keyboard devices, since the OS in the virtual machine does + not know that it is not running on a real computer, it expects + to have exclusive control over your keyboard and mouse. But + unless you are running the VM in full screen mode, your VM needs + to share keyboard and mouse with other applications and possibly + other VMs on your host. + </para> + + <para> + After installing a guest OS and before you install the Guest + Additions, described later, either your VM or the rest of your + computer can "own" the keyboard and the mouse. Both cannot own + the keyboard and mouse at the same time. You will see a + <emphasis>second</emphasis> mouse pointer which is always + confined to the limits of the VM window. You activate the VM by + clicking inside it. + </para> + + <para> + To return ownership of keyboard and mouse to your host OS, + &product-name; reserves a special key on your keyboard: the + <emphasis>Host key</emphasis>. By default, this is the + <emphasis>right Ctrl key</emphasis> on your keyboard. On a Mac + host, the default Host key is the left Command key. You can + change this default in the &product-name; Global Settings. See + <xref linkend="globalsettings" />. The current setting for the + Host key is always displayed at the bottom right of your VM + window. + </para> + + <figure id="fig-host-key"> + <title>Host Key Setting on the Virtual Machine Task Bar</title> + <mediaobject> + <imageobject> + <imagedata align="center" fileref="images/vm-hostkey.png" + width="7cm" /> + </imageobject> + </mediaobject> + </figure> + + <para> + This means the following: + </para> + + <itemizedlist> + + <listitem> + <para> + Your <emphasis role="bold">keyboard</emphasis> is owned by + the VM if the VM window on your host desktop has the + keyboard focus. If you have many windows open in your guest + OS, the window that has the focus in your VM is used. This + means that if you want to enter text within your VM, click + on the title bar of your VM window first. + </para> + + <para> + To release keyboard ownership, press the Host key. As + explained above, this is typically the right Ctrl key. + </para> + + <para> + Note that while the VM owns the keyboard, some key + sequences, such as Alt-Tab, will no longer be seen by the + host, but will go to the guest instead. After you press the + Host key to reenable the host keyboard, all key presses will + go through the host again, so that sequences such as Alt-Tab + will no longer reach the guest. For technical reasons it may + not be possible for the VM to get all keyboard input even + when it does own the keyboard. Examples of this are the + Ctrl-Alt-Del sequence on Windows hosts or single keys + grabbed by other applications on X11 hosts like the GNOME + desktop's "Control key highlights mouse pointer" + functionality. + </para> + </listitem> + + <listitem> + <para> + Your <emphasis role="bold">mouse</emphasis> is owned by the + VM only after you have clicked in the VM window. The host + mouse pointer will disappear, and your mouse will drive the + guest's pointer instead of your normal mouse pointer. + </para> + + <para> + Note that mouse ownership is independent of that of the + keyboard. Even after you have clicked on a titlebar to be + able to enter text into the VM window, your mouse is not + necessarily owned by the VM yet. + </para> + + <para> + To release ownership of your mouse by the VM, press the Host + key. + </para> + </listitem> + + </itemizedlist> + + <para> + As this behavior can be inconvenient, &product-name; provides a + set of tools and device drivers for guest systems called the + &product-name; Guest Additions which make VM keyboard and mouse + operation a lot more seamless. Most importantly, the Additions + will get rid of the second "guest" mouse pointer and make your + host mouse pointer work directly in the guest. See + <xref linkend="guestadditions" />. + </para> + + </sect2> + + <sect2 id="specialcharacters"> + + <title>Typing Special Characters</title> + + <para> + OSes expect certain key combinations to initiate certain + procedures. Some of these key combinations may be difficult to + enter into a virtual machine, as there are three candidates as + to who receives keyboard input: the host OS, &product-name;, or + the guest OS. Which of these three receives keypresses depends + on a number of factors, including the key itself. + </para> + + <itemizedlist> + + <listitem> + <para> + Host OSes reserve certain key combinations for themselves. + For example, it is impossible to enter the + <emphasis role="bold">Ctrl+Alt+Delete</emphasis> combination + if you want to reboot the guest OS in your virtual machine, + because this key combination is usually hard-wired into the + host OS, both Windows and Linux intercept this, and pressing + this key combination will therefore reboot your + <emphasis>host</emphasis>. + </para> + + <para> + On Linux and Oracle Solaris hosts, which use the X Window + System, the key combination + <emphasis role="bold">Ctrl+Alt+Backspace</emphasis> normally + resets the X server and restarts the entire graphical user + interface. As the X server intercepts this combination, + pressing it will usually restart your + <emphasis>host</emphasis> graphical user interface and kill + all running programs, including &product-name;, in the + process. + </para> + + <para> + On Linux hosts supporting virtual terminals, the key + combination <emphasis role="bold">Ctrl+Alt+Fx</emphasis>, + where Fx is one of the function keys from F1 to F12, + normally enables you to switch between virtual terminals. As + with Ctrl+Alt+Delete, these combinations are intercepted by + the host OS and therefore always switch terminals on the + <emphasis>host</emphasis>. + </para> + + <para> + If, instead, you want to send these key combinations to the + <emphasis>guest</emphasis> OS in the virtual machine, you + will need to use one of the following methods: + </para> + + <itemizedlist> + + <listitem> + <para> + Use the items in the + <emphasis role="bold">Input</emphasis>, + <emphasis role="bold">Keyboard</emphasis> menu of the + virtual machine window. This menu includes the settings + <emphasis role="bold">Insert Ctrl+Alt+Delete</emphasis> + and <emphasis role="bold">Ctrl+Alt+Backspace</emphasis>. + The latter will only have an effect with Linux or Oracle + Solaris guests, however. + </para> + + <para> + This menu also includes an option for inserting the Host + key combination. + </para> + </listitem> + + <listitem> + <para> + Use special key combinations with the Host key, normally + the right Control key. &product-name; will then + translate these key combinations for the virtual + machine: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Host key + Del</emphasis> to + send Ctrl+Alt+Del to reboot the guest. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Host key + + Backspace</emphasis> to send Ctrl+Alt+Backspace to + restart the graphical user interface of a Linux or + Oracle Solaris guest. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Host key + Function + key</emphasis>. For example, to simulate Ctrl+Alt+Fx + to switch between virtual terminals in a Linux + guest. + </para> + </listitem> + + </itemizedlist> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + For some other keyboard combinations such as + <emphasis role="bold">Alt-Tab</emphasis> to switch between + open windows, &product-name; enables you to configure + whether these combinations will affect the host or the + guest, if a virtual machine currently has the focus. This is + a global setting for all virtual machines and can be found + under <emphasis role="bold">File</emphasis>, + <emphasis role="bold">Preferences</emphasis>, + <emphasis role="bold">Input</emphasis>. + </para> + </listitem> + + </itemizedlist> + + </sect2> + + <sect2 id="intro-removable-media-changing"> + + <title>Changing Removable Media</title> + + <para> + While a virtual machine is running, you can change removable + media in the <emphasis role="bold">Devices</emphasis> menu of + the VM's window. Here you can select in detail what + &product-name; presents to your VM as a CD, DVD, or floppy + drive. + </para> + + <para> + The settings are the same as those available for the VM in the + <emphasis role="bold">Settings</emphasis> dialog of the + &product-name; main window. But as the + <emphasis role="bold">Settings</emphasis> dialog is disabled + while the VM is in the Running or Saved state, the + <emphasis role="bold">Devices</emphasis> menu saves you from + having to shut down and restart the VM every time you want to + change media. + </para> + + <para> + Using the <emphasis role="bold">Devices</emphasis> menu, you can + attach the host drive to the guest or select a floppy or DVD + image, as described in <xref linkend="settings-storage" />. + </para> + + <para> + The <emphasis role="bold">Devices</emphasis> menu also includes + an option for creating a virtual ISO (VISO) from selected files + on the host. + </para> + + </sect2> + + <sect2 id="intro-resize-window"> + + <title>Resizing the Machine's Window</title> + + <para> + You can resize the virtual machine's window when it is running. + In that case, one of the following things will happen: + </para> + + <orderedlist> + + <listitem> + <para> + If you have <emphasis role="bold">scaled mode</emphasis> + enabled, then the virtual machine's screen will be scaled to + the size of the window. This can be useful if you have many + machines running and want to have a look at one of them + while it is running in the background. Alternatively, it + might be useful to enlarge a window if the VM's output + screen is very small, for example because you are running an + old OS in it. + </para> + + <para> + To enable scaled mode, press <emphasis role="bold">Host key + + C</emphasis>, or select <emphasis role="bold">Scaled + Mode</emphasis> from the + <emphasis role="bold">View</emphasis> menu in the VM window. + To leave scaled mode, press <emphasis role="bold">Host key + + C </emphasis>again. + </para> + + <para> + The aspect ratio of the guest screen is preserved when + resizing the window. To ignore the aspect ratio, press + <emphasis role="bold">Shift</emphasis> during the resize + operation. + </para> + + <para> + See <xref linkend="KnownIssues" /> for additional remarks. + </para> + </listitem> + + <listitem> + <para> + If you have the Guest Additions installed and they support + automatic <emphasis role="bold">resizing</emphasis>, the + Guest Additions will automatically adjust the screen + resolution of the guest OS. For example, if you are running + a Windows guest with a resolution of 1024x768 pixels and you + then resize the VM window to make it 100 pixels wider, the + Guest Additions will change the Windows display resolution + to 1124x768. + </para> + + <para> + See <xref linkend="guestadditions" />. + </para> + </listitem> + + <listitem> + <para> + Otherwise, if the window is bigger than the VM's screen, the + screen will be centered. If it is smaller, then scroll bars + will be added to the machine window. + </para> + </listitem> + + </orderedlist> + + </sect2> + + <sect2 id="intro-save-machine-state"> + + <title>Saving the State of the Machine</title> + + <para> + When you click on the <emphasis role="bold">Close</emphasis> + button of your virtual machine window, at the top right of the + window, just like you would close any other window on your + system, &product-name; asks you whether you want to save or + power off the VM. As a shortcut, you can also press + <emphasis role="bold">Host key + Q</emphasis>. + </para> + + <figure id="fig-vm-close"> + <title>Closing Down a Virtual Machine</title> + <mediaobject> + <imageobject> + <imagedata align="center" fileref="images/vm-close.png" + width="10cm" /> + </imageobject> + </mediaobject> + </figure> + + <para> + The difference between the three options is crucial. They mean + the following: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Save the machine state:</emphasis> + With this option, &product-name; + <emphasis>freezes</emphasis> the virtual machine by + completely saving its state to your local disk. + </para> + + <para> + When you start the VM again later, you will find that the VM + continues exactly where it was left off. All your programs + will still be open, and your computer resumes operation. + Saving the state of a virtual machine is thus in some ways + similar to suspending a laptop computer by closing its lid. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Send the shutdown signal.</emphasis> + This will send an ACPI shutdown signal to the virtual + machine, which has the same effect as if you had pressed the + power button on a real computer. So long as the VM is + running a fairly modern OS, this should trigger a proper + shutdown mechanism from within the VM. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Power off the machine:</emphasis> With + this option, &product-name; also stops running the virtual + machine, but <emphasis>without</emphasis> saving its state. + </para> + + <warning> + <para> + This is equivalent to pulling the power plug on a real + computer without shutting it down properly. If you start + the machine again after powering it off, your OS will have + to reboot completely and may begin a lengthy check of its + virtual system disks. As a result, this should not + normally be done, since it can potentially cause data loss + or an inconsistent state of the guest system on disk. + </para> + </warning> + + <para> + As an exception, if your virtual machine has any snapshots, + see <xref linkend="snapshots"/>, you can use this option to + quickly <emphasis + role="bold">restore the current + snapshot</emphasis> of the virtual machine. In that case, + powering off the machine will not disrupt its state, but any + changes made since that snapshot was taken will be lost. + </para> + </listitem> + + </itemizedlist> + + <para> + The <emphasis role="bold">Discard</emphasis> button in the + VirtualBox Manager window discards a virtual machine's saved + state. This has the same effect as powering it off, and the same + warnings apply. + </para> + + </sect2> + + </sect1> + + <sect1 id="gui-vmgroups"> + + <title>Using VM Groups</title> + + <para> + VM groups enable the user to create ad hoc groups of VMs, and to + manage and perform functions on them collectively, as well as + individually. + </para> + + <para> + The following figure shows VM groups displayed in VirtualBox + Manager. + </para> + + <figure id="fig-vm-groups"> + <title>Groups of Virtual Machines</title> + <mediaobject> + <imageobject> + <imagedata align="center" fileref="images/vm-groups.png" + width="10cm" /> + </imageobject> + </mediaobject> + </figure> + + <para> + The following features are available for groups: + </para> + + <itemizedlist> + + <listitem> + <para> + Create a group using the VirtualBox Manager. Do one of the + following: + </para> + + <itemizedlist> + + <listitem> + <para> + Drag one VM on top of another VM. + </para> + </listitem> + + <listitem> + <para> + Select multiple VMs and select + <emphasis role="bold">Group</emphasis> from the + right-click menu. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + Create and manage a group using the command line. Do one of + the following: + </para> + + <itemizedlist> + + <listitem> + <para> + Create a group and assign a VM. For example: + </para> + +<screen>VBoxManage modifyvm "vm01" --groups "/TestGroup"</screen> + + <para> + This command creates a group "TestGroup" and attaches the + VM "vm01" to that group. + </para> + </listitem> + + <listitem> + <para> + Detach a VM from the group, and delete the group if empty. + For example: + </para> + +<screen>VBoxManage modifyvm "vm01" --groups ""</screen> + + <para> + This command detaches all groups from the VM "vm01" and + deletes the empty group. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + Create multiple groups. For example: + </para> + +<screen>VBoxManage modifyvm "vm01" --groups "/TestGroup,/TestGroup2"</screen> + + <para> + This command creates the groups "TestGroup" and "TestGroup2", + if they do not exist, and attaches the VM "vm01" to both of + them. + </para> + </listitem> + + <listitem> + <para> + Create nested groups, having a group hierarchy. For example: + </para> + +<screen>VBoxManage modifyvm "vm01" --groups "/TestGroup/TestGroup2"</screen> + + <para> + This command attaches the VM "vm01" to the subgroup + "TestGroup2" of the "TestGroup" group. + </para> + </listitem> + + <listitem> + <para> + The following is a summary of group commands: Start, Pause, + Reset, Close (save state, send shutdown signal, poweroff), + Discard Saved State, Show in File System, Sort. + </para> + </listitem> + + </itemizedlist> + + </sect1> + + <sect1 id="snapshots"> + + <title>Snapshots</title> + + <para> + With snapshots, you can save a particular state of a virtual + machine for later use. At any later time, you can revert to that + state, even though you may have changed the VM considerably since + then. A snapshot of a virtual machine is thus similar to a machine + in Saved state, but there can be many of them, and these saved + states are preserved. + </para> + + <para> + To see the snapshots of a virtual machine, click on the machine + name in VirtualBox Manager. Then click the + <emphasis role="bold">List</emphasis> icon next to the machine + name, and select <emphasis role="bold">Snapshots</emphasis>. Until + you take a snapshot of the machine, the list of snapshots will be + empty except for the <emphasis role="bold">Current + State</emphasis> item, which represents the "now" point in the + lifetime of the virtual machine. + </para> + + <sect2 id="snapshots-take-restore-delete"> + + <title>Taking, Restoring, and Deleting Snapshots</title> + + <para> + There are three operations related to snapshots, as follows: + </para> + + <orderedlist> + + <listitem> + <para> + <emphasis role="bold">Take a snapshot</emphasis>. This makes + a copy of the machine's current state, to which you can go + back at any given time later. + </para> + + <itemizedlist> + + <listitem> + <para> + If your VM is running, select <emphasis role="bold">Take + Snapshot</emphasis> from the + <emphasis role="bold">Machine</emphasis> pull-down menu + of the VM window. + </para> + </listitem> + + <listitem> + <para> + If your VM is in either the Saved or the Powered Off + state, as displayed next to the VM name in the + &product-name; main window, click the + <emphasis role="bold">List</emphasis> icon next to the + machine name and select + <emphasis role="bold">Snapshots</emphasis>. The + snapshots window is shown. Do one of the following: + </para> + + <itemizedlist> + + <listitem> + <para> + Click the <emphasis role="bold">Take</emphasis> + icon. + </para> + </listitem> + + <listitem> + <para> + Right-click on the <emphasis role="bold">Current + State </emphasis>item in the list and select + <emphasis role="bold">Take</emphasis>. + </para> + </listitem> + + </itemizedlist> + </listitem> + + </itemizedlist> + + <para> + In either case, a window is displayed prompting you for a + snapshot name. This name is purely for reference purposes to + help you remember the state of the snapshot. For example, a + useful name would be "Fresh installation from scratch, no + Guest Additions", or "Service Pack 3 just installed". You + can also add a longer text in the + <emphasis role="bold">Description</emphasis> field. + </para> + + <para> + Your new snapshot will then appear in the snapshots list. + Underneath your new snapshot, you will see an item called + <emphasis role="bold">Current State</emphasis>, signifying + that the current state of your VM is a variation based on + the snapshot you took earlier. If you later take another + snapshot, you will see that they are displayed in sequence, + and that each subsequent snapshot is derived from an earlier + one. + </para> + + <figure id="fig-snapshots-list"> + <title>Snapshots List For a Virtual Machine</title> + <mediaobject> + <imageobject> + <imagedata align="center" fileref="images/snapshots-1.png" + width="10cm" /> + </imageobject> + </mediaobject> + </figure> + + <para> + &product-name; imposes no limits on the number of snapshots + you can take. The only practical limitation is disk space on + your host. Each snapshot stores the state of the virtual + machine and thus occupies some disk space. See + <xref linkend="snapshots-contents"/> for details on what is + stored in a snapshot. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Restore a snapshot</emphasis>. In the + list of snapshots, right-click on any snapshot you have + taken and select <emphasis role="bold">Restore</emphasis>. + By restoring a snapshot, you go back or forward in time. The + current state of the machine is lost, and the machine is + restored to the exact state it was in when the snapshot was + taken. + </para> + + <note> + <para> + Restoring a snapshot will affect the virtual hard drives + that are connected to your VM, as the entire state of the + virtual hard drive will be reverted as well. This means + also that all files that have been created since the + snapshot and all other file changes <emphasis>will be + lost. </emphasis>In order to prevent such data loss while + still making use of the snapshot feature, it is possible + to add a second hard drive in + <emphasis>write-through</emphasis> mode using the + <command>VBoxManage</command> interface and use it to + store your data. As write-through hard drives are + <emphasis>not</emphasis> included in snapshots, they + remain unaltered when a machine is reverted. See + <xref linkend="hdimagewrites" />. + </para> + </note> + + <para> + To avoid losing the current state when restoring a snapshot, + you can create a new snapshot before the restore operation. + </para> + + <para> + By restoring an earlier snapshot and taking more snapshots + from there, it is even possible to create a kind of + alternate reality and to switch between these different + histories of the virtual machine. This can result in a whole + tree of virtual machine snapshots, as shown in the + screenshot above. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Delete a snapshot</emphasis>. This + does not affect the state of the virtual machine, but only + releases the files on disk that &product-name; used to store + the snapshot data, thus freeing disk space. To delete a + snapshot, right-click on the snapshot name in the snapshots + tree and select <emphasis role="bold">Delete</emphasis>. + Snapshots can be deleted even while a machine is running. + </para> + + <note> + <para> + Whereas taking and restoring snapshots are fairly quick + operations, deleting a snapshot can take a considerable + amount of time since large amounts of data may need to be + copied between several disk image files. Temporary disk + files may also need large amounts of disk space while the + operation is in progress. + </para> + </note> + + <para> + There are some situations which cannot be handled while a VM + is running, and you will get an appropriate message that you + need to perform this snapshot deletion when the VM is shut + down. + </para> + </listitem> + + </orderedlist> + + </sect2> + + <sect2 id="snapshots-contents"> + + <title>Snapshot Contents</title> + + <para> + Think of a snapshot as a point in time that you have preserved. + More formally, a snapshot consists of the following: + </para> + + <itemizedlist> + + <listitem> + <para> + The snapshot contains a complete copy of the VM settings, + including the hardware configuration, so that when you + restore a snapshot, the VM settings are restored as well. + For example, if you changed the hard disk configuration or + the VM's system settings, that change is undone when you + restore the snapshot. + </para> + + <para> + The copy of the settings is stored in the machine + configuration, an XML text file, and thus occupies very + little space. + </para> + </listitem> + + <listitem> + <para> + The complete state of all the virtual disks attached to the + machine is preserved. Going back to a snapshot means that + all changes that had been made to the machine's disks, file + by file and bit by bit, will be undone as well. Files that + were since created will disappear, files that were deleted + will be restored, changes to files will be reverted. + </para> + + <para> + Strictly speaking, this is only true for virtual hard disks + in "normal" mode. You can configure disks to behave + differently with snapshots, see + <xref linkend="hdimagewrites" />. In technical terms, it is + not the virtual disk itself that is restored when a snapshot + is restored. Instead, when a snapshot is taken, + &product-name; creates differencing images which contain + only the changes since the snapshot were taken. When the + snapshot is restored, &product-name; throws away that + differencing image, thus going back to the previous state. + This is both faster and uses less disk space. For the + details, which can be complex, see + <xref linkend="diffimages" />. + </para> + + <para> + Creating the differencing image as such does not occupy much + space on the host disk initially, since the differencing + image will initially be empty and grow dynamically later + with each write operation to the disk. The longer you use + the machine after having created the snapshot, however, the + more the differencing image will grow in size. + </para> + </listitem> + + <listitem> + <para> + If you took a snapshot while the machine was running, the + memory state of the machine is also saved in the snapshot. + This is in the same way that memory can be saved when you + close a VM window. When you restore such a snapshot, + execution resumes at exactly the point when the snapshot was + taken. + </para> + + <para> + The memory state file can be as large as the memory size of + the virtual machine and will therefore occupy quite some + disk space as well. + </para> + </listitem> + + </itemizedlist> + + </sect2> + + </sect1> + + <sect1 id="configbasics"> + + <title>Virtual Machine Configuration</title> + + <para> + When you select a virtual machine from the list in the VirtualBox + Manager window, you will see a summary of that machine's settings + on the right. + </para> + + <para> + Clicking on <emphasis role="bold">Settings</emphasis> displays a + window, where you can configure many of the properties of the + selected VM. But be careful when changing VM settings. It is + possible to change all VM settings after installing a guest OS, + but certain changes might prevent a guest OS from functioning + correctly if done after installation. + </para> + + <note> + <para> + The <emphasis role="bold">Settings</emphasis> button is disabled + while a VM is either in the Running or Saved state. This is + because the <emphasis role="bold">Settings</emphasis> dialog + enables you to change fundamental characteristics of the virtual + machine that is created for your guest OS. For example, the + guest OS may not perform well if half of its memory is taken + away. As a result, if the + <emphasis role="bold">Settings</emphasis> button is disabled, + shut down the current VM first. + </para> + </note> + + <para> + &product-name; provides a wide range of parameters that can be + changed for a virtual machine. The various settings that can be + changed in the <emphasis role="bold">Settings</emphasis> window + are described in detail in <xref linkend="BasicConcepts" />. Even + more parameters are available when using the + <command>VBoxManage</command> command line interface. See + <xref linkend="vboxmanage" />. + </para> + + </sect1> + + <sect1 id="intro-removing"> + + <title>Removing and Moving Virtual Machines</title> + + <para> + You can remove a VM from &product-name; or move the VM and its + associated files, such as disk images, to another location on the + host. + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Removing a VM.</emphasis> To remove a + VM, right-click on the VM in the VirtualBox Manager's machine + list and select <emphasis role="bold">Remove</emphasis>. + </para> + + <para> + The confirmation dialog enables you to specify whether to only + remove the VM from the list of machines or to remove the files + associated with the VM. + </para> + + <para> + Note that the <emphasis role="bold">Remove</emphasis> menu + item is disabled while a VM is running. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Moving a VM.</emphasis> To move a VM to + a new location on the host, right-click on the VM in the + VirtualBox Manager's machine list and select + <emphasis + role="bold">Move</emphasis>. + </para> + + <para> + The file dialog prompts you to specify a new location for the + VM. + </para> + + <para> + When you move a VM, &product-name; configuration files are + updated automatically to use the new location on the host. + </para> + + <para> + Note that the <emphasis role="bold">Move</emphasis> menu item + is disabled while a VM is running. + </para> + + <para> + You can also use the <command>VBoxManage movevm</command> + command to move a VM. See <xref linkend="vboxmanage-movevm"/>. + </para> + </listitem> + + </itemizedlist> + + <para> + For information about removing or moving a disk image file from + &product-name;, see <xref linkend="vdis"/>. + </para> + + </sect1> + + <sect1 id="clone"> + + <title>Cloning Virtual Machines</title> + + <para> + You can create a full copy or a linked copy of an existing VM. + This copy is called a <emphasis>clone</emphasis>. You might use a + cloned VM to experiment with a VM configuration, to test different + guest OS levels, or to back up a VM. + </para> + + <para> + The <emphasis role="bold">Clone Virtual Machine</emphasis> wizard + guides you through the cloning process. + </para> + + <figure id="fig-clone-wizard"> + <title>The Clone Virtual Machine Wizard</title> + <mediaobject> + <imageobject> + <imagedata align="center" fileref="images/clone-vm.png" + width="10cm" /> + </imageobject> + </mediaobject> + </figure> + + <para> + Start the wizard by clicking + <emphasis role="bold">Clone</emphasis> in the right-click menu of + the VirtualBox Manager's machine list or in the + <emphasis role="bold">Snapshots</emphasis> view of the selected + VM. + </para> + + <para> + Specify a new <emphasis role="bold">Name</emphasis> for the clone. + You can choose a <emphasis role="bold">Path</emphasis> for the + cloned virtual machine, otherwise &product-name; uses the default + machines folder. + </para> + + <para> + The <emphasis role="bold">Clone Type</emphasis> option specifies + whether to create a clone linked to the source VM or to create a + fully independent clone: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Full Clone:</emphasis> Copies all + dependent disk images to the new VM folder. A full clone can + operate fully without the source VM. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Linked Clone:</emphasis> Creates new + differencing disk images based on the source VM disk images. + If you select the current state of the source VM as the clone + point, &product-name; creates a new snapshot. + </para> + </listitem> + + </itemizedlist> + + <para> + The <emphasis role="bold">Snapshots</emphasis> option specifies + whether to create a clone of the current machine state only or of + everything. + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Everything:</emphasis> Clones the + current machine state and all its snapshots. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Current Machine State and All + Children:</emphasis>. Clones a VM snapshot and all its child + snapshots. + </para> + </listitem> + + </itemizedlist> + + <para> + The following clone options are available: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">MAC Address Policy:</emphasis> Specifies + how to retain network card MAC addresses when cloning the VM. + </para> + + <para> + For example, the <emphasis role="bold">Generate New MAC + Addresses For All Network Adapters</emphasis> value assigns a + new MAC address to each network card during cloning. This is + the default setting. This is the best option when both the + source VM and the cloned VM must operate on the same network. + Other values enable you to retain the existing MAC addresses + in the cloned VM. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Keep Disk Names:</emphasis> Retains the + disk image names when cloning the VM. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Keep Hardware UUIDs:</emphasis> Retains + the hardware universally unique identifiers (UUIDs) when + cloning the VM. + </para> + </listitem> + + </itemizedlist> + + <para> + The duration of the clone operation depends on the size and number + of attached disk images. In addition, the clone operation saves + all the differencing disk images of a snapshot. + </para> + + <para> + Note that the <emphasis role="bold">Clone</emphasis> menu item is + disabled while a machine is running. + </para> + + <para> + You can also use the <command>VBoxManage clonevm</command> command + to clone a VM. See <xref linkend="vboxmanage-clonevm" />. + </para> + + </sect1> + + <sect1 id="ovf"> + + <title>Importing and Exporting Virtual Machines</title> + + <para> + &product-name; can import and export virtual machines in the + following formats: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Open Virtualization Format + (OVF).</emphasis> This is the industry-standard format. See + <xref linkend="ovf-about"/>. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Cloud service formats.</emphasis> Export + to cloud services such as &oci; is supported. Import is not + supported. See <xref linkend="ovf-export-oci"/>. + </para> + </listitem> + + </itemizedlist> + + <sect2 id="ovf-about"> + + <title>About the OVF Format</title> + + <para> + OVF is a cross-platform standard supported by many + virtualization products which enables the creation of ready-made + virtual machines that can then be imported into a hypervisor + such as &product-name;. &product-name; makes OVF import and + export easy to do, using the VirtualBox Manager window or the + command-line interface. + </para> + + <para> + Using OVF enables packaging of <emphasis>virtual + appliances</emphasis>. These are disk images, together with + configuration settings that can be distributed easily. This way + one can offer complete ready-to-use software packages, including + OSes with applications, that need no configuration or + installation except for importing into &product-name;. + </para> + + <note> + <para> + The OVF standard is complex, and support in &product-name; is + an ongoing process. In particular, no guarantee is made that + &product-name; supports all appliances created by other + virtualization software. For a list of known limitations, see + <xref + linkend="KnownIssues" />. + </para> + </note> + + <para> + Appliances in OVF format can appear in the following variants: + </para> + + <itemizedlist> + + <listitem> + <para> + They can come in several files, as one or several disk + images, typically in the widely-used VMDK format. See + <xref linkend="vdidetails" />. They also include a textual + description file in an XML dialect with an + <computeroutput>.ovf</computeroutput> extension. These files + must then reside in the same directory for &product-name; to + be able to import them. + </para> + </listitem> + + <listitem> + <para> + Alternatively, the above files can be packed together into a + single archive file, typically with an + <computeroutput>.ova</computeroutput> extension. Such + archive files use a variant of the TAR archive format and + can therefore be unpacked outside of &product-name; with any + utility that can unpack standard TAR files. + </para> + </listitem> + + </itemizedlist> + + <note> + <para> + OVF cannot describe snapshots that were taken for a virtual + machine. As a result, when you export a virtual machine that + has snapshots, only the current state of the machine will be + exported. The disk images in the export will have a + <emphasis>flattened</emphasis> state identical to the current + state of the virtual machine. + </para> + </note> + + </sect2> + + <sect2 id="ovf-import-appliance"> + + <title>Importing an Appliance in OVF Format</title> + + <para> + The following steps show how to import an appliance in OVF + format. + </para> + + <orderedlist> + + <listitem> + <para> + Double-click on the OVF or OVA file. + </para> + + <para> + &product-name; creates file type associations automatically + for any OVF and OVA files on your host OS. + </para> + </listitem> + + <listitem> + <para> + Select <emphasis role="bold">File</emphasis>, + <emphasis + role="bold">Import + Appliance</emphasis> from the VirtualBox Manager window. + </para> + + <para> + From the file dialog, go to the file with either the + <computeroutput>.ovf</computeroutput> or the + <computeroutput>.ova</computeroutput> file extension. + </para> + + <para> + Click <emphasis role="bold">Import</emphasis> to open the + <emphasis role="bold">Appliance Settings</emphasis> screen. + </para> + + <figure id="fig-import-appliance"> + <title>Appliance Settings Screen for Import Appliance</title> + <mediaobject> + <imageobject> + <imagedata align="center" fileref="images/ovf-import.png" + width="12cm" /> + </imageobject> + </mediaobject> + </figure> + + <para> + This screen shows the VMs described in the OVF or OVA file + and enables you to change the VM settings. + </para> + + <para> + By default, membership of VM groups is preserved on import + for VMs that were initially exported from &product-name;. + You can change this behavior by using the + <emphasis + role="bold">Primary Group</emphasis> + setting for the VM. + </para> + + <para> + The following global settings apply to all of the VMs that + you import: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Base Folder:</emphasis> Specifies + the directory on the host in which to store the imported + VMs. + </para> + + <para> + If an appliance has multiple VMs, you can specify a + different directory for each VM by editing the + <emphasis role="bold">Base Folder</emphasis> setting for + the VM. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">MAC Address Policy:</emphasis> + Reinitializes the MAC addresses of network cards in your + VMs prior to import, by default. You can override the + default behavior and preserve the MAC addresses on + import. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Import Hard Drives as + VDI:</emphasis> Imports hard drives in the VDI format + rather that in the defalut VMDK format. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + Click <emphasis role="bold">Import</emphasis> to import the + appliance. + </para> + + <para> + &product-name; copies the disk images and creates local VMs + with the settings described on the + <emphasis role="bold">Appliance Settings</emphasis> screen. + The imported VMs are shown in the list of VMs in VirtualBox + Manager. + </para> + + <para> + Because disk images are large, the VMDK images that are + included with virtual appliances are shipped in a compressed + format that cannot be used directly by VMs. So, the images + are first unpacked and copied, which might take several + minutes. + </para> + </listitem> + + </orderedlist> + + <para> + You can use the <command>VBoxManage import</command> command to + import an appliance. See <xref linkend="vboxmanage-import" />. + </para> + + </sect2> + + <sect2 id="ovf-export-appliance"> + + <title>Exporting an Appliance in OVF Format</title> + + <para> + The following steps show how to export an appliance in OVF + format. + </para> + + <orderedlist> + + <listitem> + <para> + Select <emphasis role="bold">File</emphasis>, + <emphasis role="bold"> Export Appliance</emphasis> to open + the <emphasis role="bold">Export Virtual + Appliance</emphasis> wizard. + </para> + + <para> + From the initial window, you can combine several VMs into an + OVF appliance. + </para> + + <para> + Select one or more VMs to export, and click + <emphasis role="bold">Next</emphasis>. + </para> + </listitem> + + <listitem> + <para> + The <emphasis role="bold">Appliance Settings</emphasis> + screen enables you to select the following settings: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Format:</emphasis> Selects the + <emphasis role="bold">Open Virtualization + Format</emphasis> value for the output files. + </para> + + <para> + The <emphasis role="bold">&oci;</emphasis> value exports + export to &oci;. See <xref linkend="ovf-export-oci"/>. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">File:</emphasis> Selects the + location in which to store the exported files. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">MAC Address Policy:</emphasis> + Specifies whether to retain or reassign network card MAC + addresses on export. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Write Manifest File:</emphasis> + Enables you to include a manifest file in the exported + archive file. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Include ISO Image + Files:</emphasis> Enables you to include ISO image files + in the exported archive file. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + Click <emphasis role="bold">Next</emphasis> to show the + <emphasis role="bold">Virtual System Settings</emphasis> + screen. + </para> + + <para> + You can edit settings for the virtual appliance. For + example, you can change the name of the virtual appliance or + add product information, such as vendor details or license + text. + </para> + + <para> + Double-click the appropriate field to change its value. + </para> + </listitem> + + <listitem> + <para> + Click <emphasis role="bold">Export</emphasis> to begin the + export process. Note that this operation might take several + minutes. + </para> + </listitem> + + </orderedlist> + + <para> + You can use the <command>VBoxManage export</command> command to + export an appliance. See <xref linkend="vboxmanage-export" />. + </para> + + </sect2> + + <sect2 id="ovf-export-oci"> + + <title>Exporting an Appliance to &oci;</title> + + <para> + &product-name; supports the export of VMs to an &oci; service. + </para> + + <para> + Before you can export a VM to &oci;, ensure that you perform the + following configuration steps: + </para> + + <itemizedlist> + + <listitem> + <para> + Generate an API signing key pair that is used for API + requests to &oci;. + </para> + + <itemizedlist> + + <listitem> + <para> + The key pair is usually installed in the + <computeroutput>.oci</computeroutput> folder in your + home directory. For example, + <computeroutput>~/.oci</computeroutput> on a Linux + system. + </para> + </listitem> + + <listitem> + <para> + Upload the public key of the key pair to the cloud + service. + </para> + </listitem> + + </itemizedlist> + + <para> + For step-by-step instructions for creating and uploading an + API signing key for &oci;, see: + </para> + + <para> + <ulink url="https://docs.cloud.oracle.com/iaas/Content/API/Concepts/apisigningkey.htm#How">https://docs.cloud.oracle.com/iaas/Content/API/Concepts/apisigningkey.htm#How</ulink> + </para> + </listitem> + + <listitem> + <para> + Create a profile for your cloud account. + </para> + + <para> + The cloud profile contains resource identifiers for your + cloud account, such as your user OCID, and the fingerprint + for your public key. You can create a cloud profile in the + following ways: + </para> + + <itemizedlist> + + <listitem> + <para> + Automatically by using the <emphasis role="bold">Cloud + Profile Manager</emphasis>. See + <xref linkend="ovf-cloud-profile-manager"/>. + </para> + </listitem> + + <listitem> + <para> + Manually by creating an + <computeroutput>oci_config</computeroutput> file in your + &product-name; global configuration directory. For + example, this is + <computeroutput>$HOME/.config/VirtualBox/oci_config</computeroutput> + on a Linux host. + </para> + </listitem> + + <listitem> + <para> + Manually by creating a + <computeroutput>config</computeroutput> file in your + &oci; configuration directory. For example, this is + <computeroutput>$HOME/.oci/config</computeroutput> on a + Linux host. + </para> + + <para> + This is the same file that is used by the &oci; command + line interface. + </para> + + <para> + &product-name; automatically uses the + <computeroutput>config</computeroutput> file if no cloud + profile file is present in your global configuration + directory. Alternatively, you can import this file + manually into the Cloud Profile Manager. + </para> + </listitem> + + </itemizedlist> + + <para> + For more information about the cloud profile settings used + by &oci; see: + </para> + + <para> + <ulink url="https://docs.cloud.oracle.com/iaas/Content/API/Concepts/sdkconfig.htm">https://docs.cloud.oracle.com/iaas/Content/API/Concepts/sdkconfig.htm</ulink> + </para> + </listitem> + + <listitem> + <para> + Ensure that the subnets that are used by source VMs are + available in the target compartment on the cloud service. + </para> + </listitem> + + </itemizedlist> + + <para> + Perform the following steps to export a VM to &oci;: + </para> + + <orderedlist> + + <listitem> + <para> + Select <emphasis role="bold">File</emphasis>, + <emphasis role="bold">Export Appliance</emphasis> to open + the <emphasis role="bold">Export Virtual + Appliance</emphasis> wizard. + </para> + + <para> + Select a VM to export and click + <emphasis role="bold">Next</emphasis> to open the + <emphasis role="bold">Appliance Settings</emphasis> screen. + </para> + </listitem> + + <listitem> + <para> + From the <emphasis role="bold">Format</emphasis> drop-down + list, select <emphasis role="bold">&oci;</emphasis>. + </para> + + <para> + In the <emphasis role="bold">Account</emphasis> drop-down + list, select your &oci; account. + </para> + + <para> + You can set up &oci; accounts by using the Cloud Profile + Manager. + </para> + + <para> + The list after the <emphasis role="bold">Account</emphasis> + field shows the profile settings for your cloud account. + </para> + + <figure id="fig-export-appliance-oci"> + <title>Appliance Settings Screen, Showing Cloud Profile Settings</title> + <mediaobject> + <imageobject> + <imagedata align="center" fileref="images/export-appliance-oci.png" + width="12cm" /> + </imageobject> + </mediaobject> + </figure> + + <para> + Click <emphasis role="bold">Next</emphasis> to make an API + request to the &oci; service and open the + <emphasis + role="bold">Virtual System + Settings</emphasis> screen. + </para> + </listitem> + + <listitem> + <para> + Optionally edit settings used for the virtual machine on + &oci;. + </para> + + <para> + For example, you can edit the Disk Size and Shape used for + the VM instance. + </para> + + <para> + Click <emphasis role="bold">Export</emphasis> to export the + VMs to the cloud service. + </para> + + <para> + The VMs are uploaded to &oci;. + </para> + + <para> + Instances are created for the uploaded VMs. + </para> + + <para> + By default, the VM instance is started after upload to + &oci;. + </para> + </listitem> + + <listitem> + <para> + Monitor the export process by using the &oci; Console. + </para> + </listitem> + + </orderedlist> + + <para> + You can also use the <command>VBoxManage export</command> + command to export a VM to &oci;. See + <xref linkend="vboxmanage-export-cloud"/>. + </para> + + </sect2> + + <sect2 id="ovf-cloud-profile-manager"> + + <title>The Cloud Profile Manager</title> + + <para> + The Cloud Profile Manager is a component of &product-name; that + enables you to create, edit, and manage cloud profiles for your + cloud service accounts. + </para> + + <figure id="fig-cloud-profile-manager"> + <title>The Cloud Profile Manager</title> + <mediaobject> + <imageobject> + <imagedata align="center" fileref="images/cloud-profile-manager.png" + width="12cm" /> + </imageobject> + </mediaobject> + </figure> + + <para> + To open the Cloud Profile Manager select + <emphasis role="bold">File</emphasis>, + <emphasis role="bold">Cloud Profile Manager</emphasis> from the + VirtualBox Manager window. + </para> + + <para> + Use the Cloud Profile Manager to create a new cloud profile + automatically. Or, create a cloud profile by importing settings + from your &oci; configuration file into the Cloud Profile + Manager. + </para> + + <para> + Perform the following steps to create a new cloud profile: + </para> + + <orderedlist> + + <listitem> + <para> + Click the <emphasis role="bold">Add</emphasis> icon and + specify a <emphasis role="bold">Name</emphasis> for the + profile. + </para> + </listitem> + + <listitem> + <para> + Click <emphasis role="bold">Properties</emphasis> and + specify the following property values for the profile: + </para> + + <itemizedlist> + + <listitem> + <para> + Compartment OCID + </para> + </listitem> + + <listitem> + <para> + Fingerprint of the public key + </para> + </listitem> + + <listitem> + <para> + Location of the private key on the client device + </para> + </listitem> + + <listitem> + <para> + (Optional) Passphrase for the private key, if the key is + encrypted + </para> + </listitem> + + <listitem> + <para> + Region OCID + </para> + </listitem> + + <listitem> + <para> + Tenancy OCID + </para> + </listitem> + + <listitem> + <para> + User OCID + </para> + </listitem> + + </itemizedlist> + + <para> + Some of these are settings for your &oci; account, which you + can view from the &oci; Console. + </para> + </listitem> + + <listitem> + <para> + Click <emphasis role="bold">Apply</emphasis> to save your + changes. + </para> + + <para> + The cloud profile settings are saved in the + <computeroutput>oci_config</computeroutput> file in your + &product-name; global settings directory. + </para> + </listitem> + + </orderedlist> + + <para> + Perform the following steps to import an existing &oci; + configuration file: + </para> + + <orderedlist> + + <listitem> + <para> + Ensure that a <computeroutput>config</computeroutput> file + is present in your &oci; configuration directory. For + example, this is + <computeroutput>$HOME/.oci/config</computeroutput> on a + Linux host. + </para> + </listitem> + + <listitem> + <para> + Click the <emphasis role="bold">Import</emphasis> icon to + open a dialog that prompts you to import cloud profiles from + external files. + </para> + + <warning> + <para> + This action overwrites any cloud profiles that are in your + &product-name; global settings directory. + </para> + </warning> + </listitem> + + <listitem> + <para> + Click <emphasis role="bold">Import</emphasis>. + </para> + + <para> + Your cloud profile settings are saved to the + <computeroutput>oci_config</computeroutput> file in your + &product-name; global settings directory. + </para> + </listitem> + + <listitem> + <para> + Click <emphasis role="bold">Properties</emphasis> to show + the cloud profile settings. + </para> + + <para> + Double-click on the appropriate field to change the value. + </para> + </listitem> + + <listitem> + <para> + Click <emphasis role="bold">Apply</emphasis> to save your + changes. + </para> + </listitem> + + </orderedlist> + + </sect2> + + </sect1> + + <sect1 id="globalsettings"> + + <title>Global Settings</title> + + <para> + The <emphasis role="bold">Global Settings</emphasis> dialog can be + displayed using the <emphasis role="bold">File</emphasis> menu, by + clicking the <emphasis role="bold">Preferences</emphasis> item. + This dialog offers a selection of settings, most of which apply to + all virtual machines of the current user. The + <emphasis role="bold">Extensions</emphasis> option applies to the + entire system. + </para> + + <para> + The following settings are available: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">General.</emphasis> Enables the user to + specify the default folder/directory for VM files, and the + VRDP Authentication Library. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Input.</emphasis> Enables the user to + specify the Host key. It identifies the key that toggles + whether the cursor is in the focus of the VM or the Host OS + windows, see <xref linkend="keyb_mouse_normal"/>, and which is + also used to trigger certain VM actions, see + <xref linkend="specialcharacters"/>. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Update.</emphasis> Enables the user to + specify various settings for Automatic Updates. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Language.</emphasis> Enables the user to + specify the GUI language. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Display.</emphasis> Enables the user to + specify the screen resolution, and its width and height. A + default scale factor can be specified for all guest screens. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Network.</emphasis> Enables the user to + configure the details of Host Only Networks. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Extensions.</emphasis> Enables the user + to list and manage the installed extension packages. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Proxy.</emphasis> Enables the user to + configure a HTTP Proxy Server. + </para> + </listitem> + + </itemizedlist> + + </sect1> + + <sect1 id="frontends"> + + <title>Alternative Front-Ends</title> + + <para> + As briefly mentioned in <xref linkend="features-overview" />, + &product-name; has a very flexible internal design that enables + you to use multiple interfaces to control the same virtual + machines. For example, you can start a virtual machine with the + VirtualBox Manager window and then stop it from the command line. + With &product-name;'s support for the Remote Desktop Protocol + (RDP), you can even run virtual machines remotely on a headless + server and have all the graphical output redirected over the + network. + </para> + + <para> + The following front-ends are shipped in the standard + &product-name; package: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">VirtualBox.</emphasis> This is the + VirtualBox Manager, a graphical user interface that uses the + Qt toolkit. This interface is described throughout this + manual. While this is the simplest and easiest front-end to + use, some of the more advanced &product-name; features are not + included. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">VBoxManage.</emphasis> A command-line + interface for automated and detailed control of every aspect + of &product-name;. See + <xref + linkend="vboxmanage" />. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">VBoxHeadless.</emphasis> A front-end + that produces no visible output on the host at all, but can + act as a RDP server if the VirtualBox Remote Desktop Extension + (VRDE) is installed and enabled for the VM. As opposed to the + other graphical interfaces, the headless front-end requires no + graphics support. This is useful, for example, if you want to + host your virtual machines on a headless Linux server that has + no X Window system installed. See + <xref linkend="vboxheadless" />. + </para> + </listitem> + + </itemizedlist> + + <para> + If the above front-ends still do not satisfy your particular + needs, it is possible to create yet another front-end to the + complex virtualization engine that is the core of &product-name;, + as the &product-name; core neatly exposes all of its features in a + clean API. See <xref linkend="VirtualBoxAPI" />. + </para> + + </sect1> + +</chapter> diff --git a/doc/manual/en_US/user_KnownIssues.xml b/doc/manual/en_US/user_KnownIssues.xml new file mode 100644 index 00000000..574336e3 --- /dev/null +++ b/doc/manual/en_US/user_KnownIssues.xml @@ -0,0 +1,505 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" +"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"[ +<!ENTITY % all.entities SYSTEM "all-entities.ent"> +%all.entities; +]> +<chapter id="KnownIssues"> + + <title>Known Limitations</title> + + <sect1 id="ExperimentalFeatures"> + + <title>Experimental Features</title> + + <para> + Some &product-name; features are labeled as experimental. Such + features are provided on an "as-is" basis and are not formally + supported. However, feedback and suggestions about such features + are welcome. A comprehensive list of experimental features is as + follows: + </para> + + <itemizedlist> + + <listitem> + <para> + Hardware 3D acceleration support for Windows, Linux, and + Oracle Solaris guests + </para> + </listitem> + + <listitem> + <para> + Hardware 2D video playback acceleration support for Windows + guests + </para> + </listitem> + + <listitem> + <para> + PCI pass-through (Linux hosts only) + </para> + </listitem> + + <listitem> + <para> + Mac OS X guests (Mac OS X hosts only) + </para> + </listitem> + + <listitem> + <para> + ICH9 chipset emulation + </para> + </listitem> + + <listitem> + <para> + EFI firmware + </para> + </listitem> + + <listitem> + <para> + Host CD/DVD drive pass-through + </para> + </listitem> + + <listitem> + <para> + Support of iSCSI using internal networking + </para> + </listitem> + + <listitem> + <para> + Using &product-name; and Hyper-V on the same host + </para> + </listitem> + + </itemizedlist> + + </sect1> + + <sect1 id="KnownProblems"> + + <title>Known Issues</title> + + <para> + The following section describes known problems with this release + of &product-name;. Unless marked otherwise, these issues are + planned to be fixed in later releases. + </para> + + <itemizedlist> + + <listitem> + <para> + The following <emphasis role="bold">Guest SMP (multiprocessor) + limitations</emphasis> exist: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Poor performance</emphasis> with + 32-bit guests on AMD CPUs. This affects mainly Windows and + Oracle Solaris guests, but possibly also some Linux kernel + revisions. Partially solved in 3.0.6 for 32-bit Windows + NT, 2000, XP, and 2003 guests. Requires Guest Additions + 3.0.6 or later to be installed. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Poor performance</emphasis> with + 32-bit guests on certain Intel CPU models that do not + include virtual APIC hardware optimization support. This + affects mainly Windows and Oracle Solaris guests, but + possibly also some Linux kernel revisions. Partially + solved in 3.0.12 for 32-bit Windows NT, 2000, XP, and 2003 + guests. Requires Guest Additions 3.0.12 or later to be + installed. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + <emphasis role="bold">NX (no execute, data execution + prevention)</emphasis> only works for guests running on 64-bit + hosts or guests running on 32-bit hosts with PAE enabled and + requires that hardware virtualization be enabled. + </para> + </listitem> + + <listitem> + <para> + For <emphasis role="bold">basic Direct3D support in Windows + guests</emphasis> to work, the Guest Additions must be + installed in Windows safe mode. Press F8 when the Windows + guest is booting and select <emphasis role="bold">Safe + Mode</emphasis>, then install the Guest Additions. Otherwise + the Windows file protection mechanism will interfere with the + replacement DLLs installed by &product-name; and keep + restoring the original Windows system DLLs. + </para> + + <note> + <para> + This does <emphasis>not</emphasis> apply to the WDDM + Direct3D video driver available for Vista and Windows 7 + guests shipped with &product-name; 4.1. + </para> + </note> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Guest control.</emphasis> On Windows + guests, a process started using the guest control execute + support will not be able to display a graphical user interface + <emphasis>unless</emphasis> the user account under which it is + running is currently logged in and has a desktop session. + </para> + + <para> + Also, to use accounts without or with an empty password, the + guest's group policy must be changed. To do so, open the group + policy editor on the command line by typing + <command>gpedit.msc</command>, open the key + <computeroutput>Computer Configuration\Windows + Settings\Security Settings\Local Policies\Security + Options</computeroutput> and change the value of + <computeroutput>Accounts: Limit local account use of blank + passwords to console logon only</computeroutput> to Disabled. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Compacting virtual disk images is + limited to VDI files.</emphasis> The <command>VBoxManage + modifyhd --compact</command> command is currently only + implemented for VDI files. At the moment the only way to + optimize the size of a virtual disk images in other formats, + such as VMDK or VHD, is to clone the image and then use the + cloned image in the VM configuration. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">OVF import/export:</emphasis> + </para> + + <itemizedlist> + + <listitem> + <para> + OVF localization, with multiple languages in a single OVF + file, is not yet supported. + </para> + </listitem> + + <listitem> + <para> + Some OVF sections like StartupSection, + DeploymentOptionSection, and InstallSection are ignored. + </para> + </listitem> + + <listitem> + <para> + OVF environment documents, including their property + sections and appliance configuration with ISO images, are + not yet supported. + </para> + </listitem> + + <listitem> + <para> + Remote files using HTTP or other mechanisms are not yet + supported. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + Neither <emphasis role="bold">scale mode</emphasis> nor + <emphasis + role="bold">seamless mode</emphasis> work + correctly with guests using OpenGL 3D features, such as with + compiz-enabled window managers. + </para> + </listitem> + + <listitem> + <para> + The RDP server in the &product-name; extension pack supports + only audio streams in format 22.05kHz stereo 16 bit. If the + RDP client requests any other audio format there will be no + audio. + </para> + </listitem> + + <listitem> + <para> + Preserving the aspect ratio in scale mode works only on + Windows hosts and on Mac OS X hosts. + </para> + </listitem> + + <listitem> + <para> + On <emphasis role="bold">Mac OS X hosts,</emphasis> the + following features are not yet implemented: + </para> + + <itemizedlist> + + <listitem> + <para> + Numlock emulation + </para> + </listitem> + + <listitem> + <para> + CPU frequency metric + </para> + </listitem> + + <listitem> + <para> + Memory ballooning + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Mac OS X guests:</emphasis> + </para> + + <itemizedlist> + + <listitem> + <para> + Mac OS X guests can only run on a certain host hardware. + For details about license and host hardware limitations. + See <xref linkend="intro-macosxguests" /> and check the + Apple software license conditions. + </para> + </listitem> + + <listitem> + <para> + &product-name; does not provide Guest Additions for Mac OS + X at this time. + </para> + </listitem> + + <listitem> + <para> + The graphics resolution currently defaults to 1024x768 as + Mac OS X falls back to the built-in EFI display support. + See <xref linkend="efividmode" /> for more information on + how to change EFI video modes. + </para> + </listitem> + + <listitem> + <para> + Mac OS X guests only work with one CPU assigned to the VM. + Support for SMP will be provided in a future release. + </para> + </listitem> + + <listitem> + <para> + Depending on your system and version of Mac OS X, you + might experience guest hangs after some time. This can be + fixed by turning off energy saving. Set timeout to "Never" + in the system preferences. + </para> + </listitem> + + <listitem> + <para> + By default, the &product-name; EFI enables debug output of + the Mac OS X kernel to help you diagnose boot problems. + Note that there is a lot of output and not all errors are + fatal. They would also show when using a physical Apple + Macintosh computer. You can turn off these messages by + using the following command: + </para> + +<screen>VBoxManage setextradata "VM name" "VBoxInternal2/EfiBootArgs" " "</screen> + + <para> + To revert to the previous behavior, use the following + command: + </para> + +<screen>VBoxManage setextradata "VM name" "VBoxInternal2/EfiBootArgs" ""</screen> + </listitem> + + <listitem> + <para> + It is currently not possible to start a Mac OS X guest in + safe mode by specifying "-x" option in + "VBoxInternal2/EfiBootArgs" extradata. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Oracle Solaris hosts:</emphasis> + </para> + + <itemizedlist> + + <listitem> + <para> + There is no support for USB devices connected to Oracle + Solaris 10 hosts. + </para> + </listitem> + + <listitem> + <para> + USB support on Oracle Solaris hosts requires Oracle + Solaris 11 version snv_124 or later. Webcams and other + isochronous devices are known to have poor performance. + </para> + </listitem> + + <listitem> + <para> + Host Webcam passthrough is restricted to 640x480 frames at + 20 frames per second due to limitations in the Oracle + Solaris V4L2 API. This may be addressed in a future Oracle + Solaris release. + </para> + </listitem> + + <listitem> + <para> + No ACPI information, such as battery status or power + source, is reported to the guest. + </para> + </listitem> + + <listitem> + <para> + No support for using wireless adapters with bridged + networking. + </para> + </listitem> + + <listitem> + <para> + Crossbow-based bridged networking on Oracle Solaris 11 + hosts does not work directly with aggregate links. + However, you can use + <computeroutput>dladm</computeroutput> to manually create + a VNIC over the aggregate link and use that with a VM. + This limitation does not exist in Oracle Solaris 11u1 + build 17 and newer. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Guest Additions of version 4.1, 4.1.2 + and 4.1.4 for Windows.</emphasis> The &product-name; WDDM + Video driver may be installed and remain in the guest system + when Guest additions uninstallation is performed. This is + caused by a bug in Guest Additions uninstaller. + </para> + + <note> + <para> + This does <emphasis>not</emphasis> apply to a Guest + Additions update. Installing one version of Guest Additions + on top of another works correctly. + </para> + </note> + + <para> + To solve this problem, uninstall the &product-name; WDDM Video + driver manually. Open Device Manager, and check whether the + Display Adapter is named "&product-name; Graphics Adapter ..". + If not, there is nothing to be done. If it is, right-click the + &product-name; Graphics Adapter in Device Manager, select + <emphasis role="bold">Uninstall</emphasis>, check + <emphasis role="bold">Delete the Driver Software for this + Device</emphasis> and click + <emphasis role="bold">OK</emphasis>. Once uninstallation is + done, start Device Manager, go to the + <emphasis role="bold">Action</emphasis> menu and select + <emphasis role="bold">Scan for Hardware Change</emphasis>s to + ensure that the correct Windows default driver be picked up + for the Graphics adapter. + </para> + </listitem> + + <listitem> + <para> + Neither <emphasis>virtio</emphasis> nor <emphasis>Intel + PRO/1000 </emphasis> drivers for <emphasis role="bold">Windows + XP guests</emphasis> support segmentation offloading. + Therefore Windows XP guests have slower transmission rates + comparing to other guest types. Refer to MS Knowledge base + article 842264 for additional information. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Guest Additions for OS/2.</emphasis> + Seamless windows and automatic guest resizing will probably + never be implemented due to inherent limitations of the OS/2 + graphics system. + </para> + </listitem> + + <listitem> + <para> + Some guest operating systems predating ATAPI CD-ROMs may + exhibit long delays or entirely fail to boot in certain + configurations. This is most likely to happen when an + IDE/ATAPI CD-ROM exists alone on a primary or secondary IDE + channel. + </para> + + <para> + Affected operating systems are MS OS/2 1.21: fails to boot + with an error message referencing COUNTRY.SYS and MS OS/2 1.3: + long boot delays. To avoid such problems, disable the emulated + IDE/ATAPI CD-ROM. The guest OS cannot use this device, anyway. + </para> + </listitem> + + </itemizedlist> + + </sect1> + +</chapter> diff --git a/doc/manual/en_US/user_Networking.xml b/doc/manual/en_US/user_Networking.xml new file mode 100644 index 00000000..4be7f8aa --- /dev/null +++ b/doc/manual/en_US/user_Networking.xml @@ -0,0 +1,1551 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" +"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"[ +<!ENTITY % all.entities SYSTEM "all-entities.ent"> +%all.entities; +]> +<chapter id="networkingdetails"> + + <title>Virtual Networking</title> + + <para> + As mentioned in <xref linkend="settings-network" />, &product-name; + provides up to eight virtual PCI Ethernet cards for each virtual + machine. For each such card, you can individually select the + following: + </para> + + <itemizedlist> + + <listitem> + <para> + The hardware that will be virtualized. + </para> + </listitem> + + <listitem> + <para> + The virtualization mode that the virtual card operates in, with + respect to your physical networking hardware on the host. + </para> + </listitem> + + </itemizedlist> + + <para> + Four of the network cards can be configured in the + <emphasis role="bold">Network</emphasis> section of the + <emphasis role="bold">Settings</emphasis> dialog in the graphical + user interface of &product-name;. You can configure all eight + network cards on the command line using <command>VBoxManage + modifyvm</command>. See <xref linkend="vboxmanage-modifyvm" />. + </para> + + <para> + This chapter explains the various networking settings in more + detail. + </para> + + <sect1 id="nichardware"> + + <title>Virtual Networking Hardware</title> + + <para> + For each card, you can individually select what kind of + <emphasis>hardware</emphasis> will be presented to the virtual + machine. &product-name; can virtualize the following types of + networking hardware: + </para> + + <itemizedlist> + + <listitem> + <para> + AMD PCNet PCI II (Am79C970A) + </para> + </listitem> + + <listitem> + <para> + AMD PCNet FAST III (Am79C973), the default setting + </para> + </listitem> + + <listitem> + <para> + Intel PRO/1000 MT Desktop (82540EM) + </para> + </listitem> + + <listitem> + <para> + Intel PRO/1000 T Server (82543GC) + </para> + </listitem> + + <listitem> + <para> + Intel PRO/1000 MT Server (82545EM) + </para> + </listitem> + + <listitem> + <para> + Paravirtualized network adapter (virtio-net) + </para> + </listitem> + + </itemizedlist> + + <para> + The PCNet FAST III is the default because it is supported by + nearly all operating systems, as well as by the GNU GRUB boot + manager. As an exception, the Intel PRO/1000 family adapters are + chosen for some guest operating system types that no longer ship + with drivers for the PCNet card, such as Windows Vista. + </para> + + <para> + The Intel PRO/1000 MT Desktop type works with Windows Vista and + later versions. The T Server variant of the Intel PRO/1000 card is + recognized by Windows XP guests without additional driver + installation. The MT Server variant facilitates OVF imports from + other platforms. + </para> + + <para> + The Paravirtualized network adapter (virtio-net) is special. If + you select this adapter, then &product-name; does + <emphasis>not</emphasis> virtualize common networking hardware + that is supported by common guest operating systems. Instead, + &product-name; expects a special software interface for + virtualized environments to be provided by the guest, thus + avoiding the complexity of emulating networking hardware and + improving network performance. &product-name; provides support for + the industry-standard <emphasis>virtio</emphasis> networking + drivers, which are part of the open source KVM project. + </para> + + <para> + The virtio networking drivers are available for the following + guest operating systems: + </para> + + <itemizedlist> + + <listitem> + <para> + Linux kernels version 2.6.25 or later can be configured to + provide virtio support. Some distributions have also + back-ported virtio to older kernels. + </para> + </listitem> + + <listitem> + <para> + For Windows 2000, XP, and Vista, virtio drivers can be + downloaded and installed from the KVM project web page: + </para> + + <para> + <ulink + url="http://www.linux-kvm.org/page/WindowsGuestDrivers">http://www.linux-kvm.org/page/WindowsGuestDrivers</ulink>. + </para> + </listitem> + + </itemizedlist> + + <para> + &product-name; also has limited support for <emphasis>jumbo + frames</emphasis>. These are networking packets with more than + 1500 bytes of data, provided that you use the Intel card + virtualization and bridged networking. Jumbo frames are not + supported with the AMD networking devices. In those cases, jumbo + packets will silently be dropped for both the transmit and the + receive direction. Guest operating systems trying to use this + feature will observe this as a packet loss, which may lead to + unexpected application behavior in the guest. This does not cause + problems with guest operating systems in their default + configuration, as jumbo frames need to be explicitly enabled. + </para> + + </sect1> + + <sect1 id="networkingmodes"> + + <title>Introduction to Networking Modes</title> + + <para> + Each of the networking adapters can be separately configured to + operate in one of the following modes: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Not attached.</emphasis> In this mode, + &product-name; reports to the guest that a network card is + present, but that there is no connection. This is as if no + Ethernet cable was plugged into the card. Using this mode, it + is possible to "pull" the virtual Ethernet cable and disrupt + the connection, which can be useful to inform a guest + operating system that no network connection is available and + enforce a reconfiguration. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Network Address Translation + (NAT)</emphasis>. If all you want is to browse the Web, + download files, and view email inside the guest, then this + default mode should be sufficient for you, and you can skip + the rest of this section. Please note that there are certain + limitations when using Windows file sharing. See + <xref linkend="nat-limitations" />. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">NAT Network.</emphasis> A NAT network is + a type of internal network that allows outbound connections. + See <xref linkend="network_nat_service"/>. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Bridged networking.</emphasis> This is + for more advanced networking needs, such as network + simulations and running servers in a guest. When enabled, + &product-name; connects to one of your installed network cards + and exchanges network packets directly, circumventing your + host operating system's network stack. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Internal networking.</emphasis> This can + be used to create a different kind of software-based network + which is visible to selected virtual machines, but not to + applications running on the host or to the outside world. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Host-only networking.</emphasis> This + can be used to create a network containing the host and a set + of virtual machines, without the need for the host's physical + network interface. Instead, a virtual network interface, + similar to a loopback interface, is created on the host, + providing connectivity among virtual machines and the host. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold"> Generic networking.</emphasis> Rarely + used modes which share the same generic network interface, by + allowing the user to select a driver which can be included + with &product-name; or be distributed in an extension pack. + </para> + + <para> + The following sub-modes are available: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">UDP Tunnel:</emphasis> Used to + interconnect virtual machines running on different hosts + directly, easily, and transparently, over an existing + network infrastructure. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">VDE (Virtual Distributed Ethernet) + networking:</emphasis> Used to connect to a Virtual + Distributed Ethernet switch on a Linux or a FreeBSD host. + At the moment this option requires compilation of + &product-name; from sources, as the Oracle packages do not + include it. + </para> + </listitem> + + </itemizedlist> + </listitem> + + </itemizedlist> + + <para> + The following table provides an overview of the most important + networking modes. + </para> + + <table id="table-networking-modes" tabstyle="oracle-all"> + <title>Overview of Networking Modes</title> + <tgroup cols="6"> + <colspec align="left" /> + <colspec align="center" /> + <colspec align="center" /> + <colspec align="center" /> + <colspec align="center" /> + <colspec align="center" /> + <thead valign="middle"> + <row> + <entry><emphasis role="bold">Mode</emphasis></entry> + <entry><para> + <emphasis role="bold">VM→Host</emphasis> + </para></entry> + <entry><para> + <emphasis role="bold">VM←Host</emphasis> + </para></entry> + <entry><para> + <emphasis role="bold">VM1↔VM2</emphasis> + </para></entry> + <entry><para> + <emphasis role="bold">VM→Net/LAN</emphasis> + </para></entry> + <entry><para> + <emphasis role="bold">VM←Net/LAN</emphasis> + </para></entry> + </row> + </thead> + <tbody valign="middle"> + <row> + <entry><para> + Host-only + </para></entry> + <entry><para> + <emphasis role="bold">+</emphasis> + </para></entry> + <entry><para> + <emphasis role="bold">+</emphasis> + </para></entry> + <entry align="center"><para> + <emphasis role="bold">+</emphasis> + </para></entry> + <entry><para> + – + </para></entry> + <entry><para> + – + </para></entry> + </row> + <row> + <entry><para> + Internal + </para></entry> + <entry><para> + – + </para></entry> + <entry><para> + – + </para></entry> + <entry><para> + <emphasis role="bold">+</emphasis> + </para></entry> + <entry><para> + – + </para></entry> + <entry><para> + – + </para></entry> + </row> + <row> + <entry><para> + Bridged + </para></entry> + <entry><para> + <emphasis role="bold">+</emphasis> + </para></entry> + <entry><para> + <emphasis role="bold">+</emphasis> + </para></entry> + <entry><para> + <emphasis role="bold">+</emphasis> + </para></entry> + <entry><para> + <emphasis role="bold">+</emphasis> + </para></entry> + <entry><para> + <emphasis role="bold">+</emphasis> + </para></entry> + </row> + <row> + <entry><para> + NAT + </para></entry> + <entry><para> + <emphasis role="bold">+</emphasis> + </para></entry> + <entry><para> + <link linkend="natforward">Port forward</link> + </para></entry> + <entry><para> + – + </para></entry> + <entry><para> + <emphasis role="bold">+</emphasis> + </para></entry> + <entry><para> + <link linkend="natforward">Port forward</link> + </para></entry> + </row> + <row> + <entry><para> + NATservice + </para></entry> + <entry><para> + <emphasis role="bold">+</emphasis> + </para></entry> + <entry><para> + <link linkend="network_nat_service">Port forward</link> + </para></entry> + <entry><para> + <emphasis role="bold">+</emphasis> + </para></entry> + <entry><para> + <emphasis role="bold">+</emphasis> + </para></entry> + <entry><para> + <link linkend="network_nat_service">Port forward</link> + </para></entry> + </row> + </tbody> + </tgroup> + </table> + + <para> + The following sections describe the available network modes in + more detail. + </para> + + </sect1> + + <sect1 id="network_nat"> + + <title>Network Address Translation (NAT)</title> + + <para> + Network Address Translation (NAT) is the simplest way of accessing + an external network from a virtual machine. Usually, it does not + require any configuration on the host network and guest system. + For this reason, it is the default networking mode in + &product-name;. + </para> + + <para> + A virtual machine with NAT enabled acts much like a real computer + that connects to the Internet through a router. The router, in + this case, is the &product-name; networking engine, which maps + traffic from and to the virtual machine transparently. In + &product-name; this router is placed between each virtual machine + and the host. This separation maximizes security since by default + virtual machines cannot talk to each other. + </para> + + <para> + The disadvantage of NAT mode is that, much like a private network + behind a router, the virtual machine is invisible and unreachable + from the outside internet. You cannot run a server this way unless + you set up port forwarding. See <xref linkend="natforward"/>. + </para> + + <para> + The network frames sent out by the guest operating system are + received by &product-name;'s NAT engine, which extracts the TCP/IP + data and resends it using the host operating system. To an + application on the host, or to another computer on the same + network as the host, it looks like the data was sent by the + &product-name; application on the host, using an IP address + belonging to the host. &product-name; listens for replies to the + packages sent, and repacks and resends them to the guest machine + on its private network. + </para> + + <para> + The virtual machine receives its network address and configuration + on the private network from a DHCP server integrated into + &product-name;. The IP address thus assigned to the virtual + machine is usually on a completely different network than the + host. As more than one card of a virtual machine can be set up to + use NAT, the first card is connected to the private network + 10.0.2.0, the second card to the network 10.0.3.0 and so on. If + you need to change the guest-assigned IP range, see + <xref linkend="changenat" />. + </para> + + <sect2 id="natforward"> + + <title>Configuring Port Forwarding with NAT</title> + + <para> + As the virtual machine is connected to a private network + internal to &product-name; and invisible to the host, network + services on the guest are not accessible to the host machine or + to other computers on the same network. However, like a physical + router, &product-name; can make selected services available to + the world outside the guest through <emphasis>port + forwarding</emphasis>. This means that &product-name; listens to + certain ports on the host and resends all packets which arrive + there to the guest, on the same or a different port. + </para> + + <para> + To an application on the host or other physical or virtual + machines on the network, it looks as though the service being + proxied is actually running on the host. This also means that + you cannot run the same service on the same ports on the host. + However, you still gain the advantages of running the service in + a virtual machine. For example, services on the host machine or + on other virtual machines cannot be compromised or crashed by a + vulnerability or a bug in the service, and the service can run + in a different operating system than the host system. + </para> + + <para> + To configure port forwarding you can use the graphical + <emphasis role="bold">Port Forwarding</emphasis> editor which + can be found in the <emphasis role="bold">Network + Settings</emphasis> dialog for network adaptors configured to + use NAT. Here, you can map host ports to guest ports to allow + network traffic to be routed to a specific port in the guest. + </para> + + <para> + Alternatively, the command line tool + <command>VBoxManage</command> can be used. See + <xref linkend="vboxmanage-modifyvm" />. + </para> + + <para> + You will need to know which ports on the guest the service uses + and to decide which ports to use on the host. You may want to + use the same ports on the guest and on the host. You can use any + ports on the host which are not already in use by a service. For + example, to set up incoming NAT connections to an + <computeroutput>ssh</computeroutput> server in the guest, use + the following command: + </para> + +<screen>VBoxManage modifyvm "VM name" --natpf1 "guestssh,tcp,,2222,,22"</screen> + + <para> + In the above example, all TCP traffic arriving on port 2222 on + any host interface will be forwarded to port 22 in the guest. + The protocol name <computeroutput>tcp</computeroutput> is a + mandatory attribute defining which protocol should be used for + forwarding, <computeroutput>udp</computeroutput> could also be + used. The name <computeroutput>guestssh</computeroutput> is + purely descriptive and will be auto-generated if omitted. The + number after <option>--natpf</option> denotes the network card, + as with other <command>VBoxManage</command> commands. + </para> + + <para> + To remove this forwarding rule, use the following command: + </para> + +<screen>VBoxManage modifyvm "VM name" --natpf1 delete "guestssh"</screen> + + <para> + If for some reason the guest uses a static assigned IP address + not leased from the built-in DHCP server, it is required to + specify the guest IP when registering the forwarding rule, as + follows: + </para> + +<screen>VBoxManage modifyvm "VM name" --natpf1 "guestssh,tcp,,2222,10.0.2.19,22"</screen> + + <para> + This example is identical to the previous one, except that the + NAT engine is being told that the guest can be found at the + 10.0.2.19 address. + </para> + + <para> + To forward <emphasis>all</emphasis> incoming traffic from a + specific host interface to the guest, specify the IP of that + host interface as follows: + </para> + +<screen>VBoxManage modifyvm "VM name" --natpf1 "guestssh,tcp,127.0.0.1,2222,,22"</screen> + + <para> + This example forwards all TCP traffic arriving on the localhost + interface at 127.0.0.1 through port 2222 to port 22 in the + guest. + </para> + + <para> + It is possible to configure incoming NAT connections while the + VM is running, see <xref linkend="vboxmanage-controlvm"/>. + </para> + + </sect2> + + <sect2 id="nat-tftp"> + + <title>PXE Booting with NAT</title> + + <para> + PXE booting is now supported in NAT mode. The NAT DHCP server + provides a boot file name of the form + <computeroutput>vmname.pxe</computeroutput> if the directory + <computeroutput>TFTP</computeroutput> exists in the directory + where the user's <computeroutput>VirtualBox.xml</computeroutput> + file is kept. It is the responsibility of the user to provide + <computeroutput>vmname.pxe</computeroutput>. + </para> + + </sect2> + + <sect2 id="nat-limitations"> + + <title>NAT Limitations</title> + + <para> + There are some limitations of NAT mode which users should be + aware of, as follows: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">ICMP protocol limitations.</emphasis> + Some frequently used network debugging tools, such as + <computeroutput>ping</computeroutput> or tracerouting, rely + on the ICMP protocol for sending and receiving messages. + While ICMP support has been improved with &product-name; + 2.1, meaning <computeroutput>ping</computeroutput> should + now work, some other tools may not work reliably. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Receiving of UDP + broadcasts.</emphasis> The guest does not reliably receive + UDP broadcasts. In order to save resources, it only listens + for a certain amount of time after the guest has sent UDP + data on a particular port. As a consequence, NetBios name + resolution based on broadcasts does not always work, but + WINS always works. As a workaround, you can use the numeric + IP of the desired server in the + <computeroutput>\\server\share</computeroutput> notation. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Some protocols are not + supported.</emphasis> Protocols other than TCP and UDP are + not supported. GRE is not supported. This means some VPN + products, such as PPTP from Microsoft, cannot be used. There + are other VPN products which use only TCP and UDP. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Forwarding host ports below + 1024.</emphasis> On UNIX-based hosts, such as Linux, Oracle + Solaris, and Mac OS X, it is not possible to bind to ports + below 1024 from applications that are not run by + <computeroutput>root</computeroutput>. As a result, if you + try to configure such a port forwarding, the VM will refuse + to start. + </para> + </listitem> + + </itemizedlist> + + <para> + These limitations normally do not affect standard network use. + But the presence of NAT has also subtle effects that may + interfere with protocols that are normally working. One example + is NFS, where the server is often configured to refuse + connections from non-privileged ports, which are those ports not + below 1024. + </para> + + </sect2> + + </sect1> + + <sect1 id="network_nat_service"> + + <title>Network Address Translation Service</title> + + <para> + The Network Address Translation (NAT) service works in a similar + way to a home router, grouping the systems using it into a network + and preventing systems outside of this network from directly + accessing systems inside it, but letting systems inside + communicate with each other and with systems outside using TCP and + UDP over IPv4 and IPv6. + </para> + + <para> + A NAT service is attached to an internal network. Virtual machines + which are to make use of it should be attached to that internal + network. The name of internal network is chosen when the NAT + service is created and the internal network will be created if it + does not already exist. The following is an example command to + create a NAT network: + </para> + +<screen>VBoxManage natnetwork add --netname natnet1 --network "192.168.15.0/24" --enable</screen> + + <para> + Here, natnet1 is the name of the internal network to be used and + 192.168.15.0/24 is the network address and mask of the NAT service + interface. By default in this static configuration the gateway + will be assigned the address 192.168.15.1, the address following + the interface address, though this is subject to change. To attach + a DHCP server to the internal network, modify the example command + as follows: + </para> + +<screen>VBoxManage natnetwork add --netname natnet1 --network "192.168.15.0/24" --enable --dhcp on</screen> + + <para> + To add a DHCP server to an existing network, use the following + command: + </para> + +<screen>VBoxManage natnetwork modify --netname natnet1 --dhcp on</screen> + + <para> + To disable the DHCP server, use the following command: + </para> + +<screen>VBoxManage natnetwork modify --netname natnet1 --dhcp off</screen> + + <para> + A DHCP server provides a list of registered nameservers, but does + not map servers from the 127/8 network. + </para> + + <para> + To start the NAT service, use the following command: + </para> + +<screen>VBoxManage natnetwork start --netname natnet1</screen> + + <para> + If the network has a DHCP server attached then it will start + together with the NAT network service. + </para> + + <para> + To stop the NAT network service, together with any DHCP server: + </para> + +<screen>VBoxManage natnetwork stop --netname natnet1</screen> + + <para> + To delete the NAT network service: + </para> + +<screen>VBoxManage natnetwork remove --netname natnet1</screen> + + <para> + This command does not remove the DHCP server if one is enabled on + the internal network. + </para> + + <para> + Port-forwarding is supported, using the + <computeroutput>--port-forward-4</computeroutput> switch for IPv4 + and <computeroutput>--port-forward-6</computeroutput> for IPv6. + For example: + </para> + +<screen>VBoxManage natnetwork modify \ + --netname natnet1 --port-forward-4 "ssh:tcp:[]:1022:[192.168.15.5]:22"</screen> + + <para> + This adds a port-forwarding rule from the host's TCP 1022 port to + the port 22 on the guest with IP address 192.168.15.5. Host port, + guest port and guest IP are mandatory. To delete the rule, use the + following command: + </para> + +<screen>VBoxManage natnetwork modify --netname natnet1 --port-forward-4 delete ssh</screen> + + <para> + It is possible to bind a NAT service to specified interface. For + example: + </para> + +<screen>VBoxManage setextradata global "NAT/win-nat-test-0/SourceIp4" 192.168.1.185</screen> + + <para> + To see the list of registered NAT networks, use the following + command: + </para> + +<screen>VBoxManage list natnetworks</screen> + + </sect1> + + <sect1 id="network_bridged"> + + <title>Bridged Networking</title> + + <para> + With bridged networking, &product-name; uses a device driver on + your <emphasis>host</emphasis> system that filters data from your + physical network adapter. This driver is therefore called a + <emphasis>net filter</emphasis> driver. This enables + &product-name; to intercept data from the physical network and + inject data into it, effectively creating a new network interface + in software. When a guest is using such a new software interface, + it looks to the host system as though the guest were physically + connected to the interface using a network cable. The host can + send data to the guest through that interface and receive data + from it. This means that you can set up routing or bridging + between the guest and the rest of your network. + </para> + + <note> + <para> + Even though TAP interfaces are no longer necessary on Linux for + bridged networking, you <emphasis>can</emphasis> still use TAP + interfaces for certain advanced setups, since you can connect a + VM to any host interface. + </para> + </note> + + <para> + To enable bridged networking, open the + <emphasis role="bold">Settings</emphasis> dialog of a virtual + machine, go to the <emphasis role="bold">Network</emphasis> page + and select <emphasis role="bold">Bridged Network</emphasis> in the + drop-down list for the <emphasis role="bold">Attached + To</emphasis> field. Select a host interface from the list at the + bottom of the page, which contains the physical network interfaces + of your systems. On a typical MacBook, for example, this will + allow you to select between en1: AirPort, which is the wireless + interface, and en0: Ethernet, which represents the interface with + a network cable. + </para> + + <note> + <para> + Bridging to a wireless interface is done differently from + bridging to a wired interface, because most wireless adapters do + not support promiscuous mode. All traffic has to use the MAC + address of the host's wireless adapter, and therefore + &product-name; needs to replace the source MAC address in the + Ethernet header of an outgoing packet to make sure the reply + will be sent to the host interface. When &product-name; sees an + incoming packet with a destination IP address that belongs to + one of the virtual machine adapters it replaces the destination + MAC address in the Ethernet header with the VM adapter's MAC + address and passes it on. &product-name; examines ARP and DHCP + packets in order to learn the IP addresses of virtual machines. + </para> + </note> + + <para> + Depending on your host operating system, the following limitations + apply: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Mac OS X hosts.</emphasis> Functionality + is limited when using AirPort, the Mac's wireless networking + system, for bridged networking. Currently, &product-name; + supports only IPv4 and IPv6 over AirPort. For other protocols, + such as IPX, you must choose a wired interface. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Linux hosts.</emphasis> Functionality is + limited when using wireless interfaces for bridged networking. + Currently, &product-name; supports only IPv4 and IPv6 over + wireless. For other protocols, such as IPX, you must choose a + wired interface. + </para> + + <para> + Also, setting the MTU to less than 1500 bytes on wired + interfaces provided by the sky2 driver on the Marvell Yukon II + EC Ultra Ethernet NIC is known to cause packet losses under + certain conditions. + </para> + + <para> + Some adapters strip VLAN tags in hardware. This does not allow + you to use VLAN trunking between VM and the external network + with pre-2.6.27 Linux kernels, or with host operating systems + other than Linux. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Oracle Solaris hosts.</emphasis> There + is no support for using wireless interfaces. Filtering guest + traffic using IPFilter is also not completely supported due to + technical restrictions of the Oracle Solaris networking + subsystem. These issues may be addressed in later releases of + Oracle Solaris 11. + </para> + + <para> + On Oracle Solaris 11 hosts build 159 and above, it is possible + to use Oracle Solaris Crossbow Virtual Network Interfaces + (VNICs) directly with &product-name; without any additional + configuration other than each VNIC must be exclusive for every + guest network interface. + </para> + + <para> + When using VLAN interfaces with &product-name;, they must be + named according to the PPA-hack naming scheme, such as + e1000g513001. Otherwise, the guest may receive packets in an + unexpected format. + </para> + </listitem> + + </itemizedlist> + + </sect1> + + <sect1 id="network_internal"> + + <title>Internal Networking</title> + + <para> + Internal Networking is similar to bridged networking in that the + VM can directly communicate with the outside world. However, the + outside world is limited to other VMs on the same host which + connect to the same internal network. + </para> + + <para> + Even though technically, everything that can be done using + internal networking can also be done using bridged networking, + there are security advantages with internal networking. In bridged + networking mode, all traffic goes through a physical interface of + the host system. It is therefore possible to attach a packet + sniffer such as Wireshark to the host interface and log all + traffic that goes over it. If, for any reason, you prefer two or + more VMs on the same machine to communicate privately, hiding + their data from both the host system and the user, bridged + networking therefore is not an option. + </para> + + <para> + Internal networks are created automatically as needed. There is no + central configuration. Every internal network is identified simply + by its name. Once there is more than one active virtual network + card with the same internal network ID, the &product-name; support + driver will automatically <emphasis>wire</emphasis> the cards and + act as a network switch. The &product-name; support driver + implements a complete Ethernet switch and supports both + broadcast/multicast frames and promiscuous mode. + </para> + + <para> + In order to attach a VM's network card to an internal network, set + its networking mode to Internal Networking. There are two ways to + accomplish this: + </para> + + <itemizedlist> + + <listitem> + <para> + Use the VM's <emphasis role="bold">Settings</emphasis> dialog + in the &product-name; graphical user interface. In the + <emphasis role="bold">Networking</emphasis> category of the + settings dialog, select <emphasis role="bold">Internal + Networking</emphasis> from the drop-down list of networking + modes. Select the name of an existing internal network from + the drop-down list below, or enter a new name into the + <emphasis role="bold">Name</emphasis> field. + </para> + </listitem> + + <listitem> + <para> + Use the command line, for example: + </para> + +<screen>VBoxManage modifyvm "VM name" --nic<x> intnet</screen> + + <para> + Optionally, you can specify a network name with the command: + </para> + +<screen>VBoxManage modifyvm "VM name" --intnet<x> "network name"</screen> + + <para> + If you do not specify a network name, the network card will be + attached to the network + <computeroutput>intnet</computeroutput> by default. + </para> + </listitem> + + </itemizedlist> + + <para> + Unless you configure the virtual network cards in the guest + operating systems that are participating in the internal network + to use static IP addresses, you may want to use the DHCP server + that is built into &product-name; to manage IP addresses for the + internal network. See <xref linkend="vboxmanage-dhcpserver" />. + </para> + + <para> + As a security measure, by default, the Linux implementation of + internal networking only allows VMs running under the same user ID + to establish an internal network. However, it is possible to + create a shared internal networking interface, accessible by users + with different user IDs. + </para> + + </sect1> + + <sect1 id="network_hostonly"> + + <title>Host-Only Networking</title> + + <para> + Host-only networking is another networking mode that was added + with version 2.2 of &product-name;. It can be thought of as a + hybrid between the bridged and internal networking modes. As with + bridged networking, the virtual machines can talk to each other + and the host as if they were connected through a physical Ethernet + switch. As with internal networking, a physical networking + interface need not be present, and the virtual machines cannot + talk to the world outside the host since they are not connected to + a physical networking interface. + </para> + + <para> + When host-only networking is used, &product-name; creates a new + software interface on the host which then appears next to your + existing network interfaces. In other words, whereas with bridged + networking an existing physical interface is used to attach + virtual machines to, with host-only networking a new + <emphasis>loopback</emphasis> interface is created on the host. + And whereas with internal networking, the traffic between the + virtual machines cannot be seen, the traffic on the loopback + interface on the host can be intercepted. + </para> + + <para> + Host-only networking is particularly useful for preconfigured + virtual appliances, where multiple virtual machines are shipped + together and designed to cooperate. For example, one virtual + machine may contain a web server and a second one a database, and + since they are intended to talk to each other, the appliance can + instruct &product-name; to set up a host-only network for the two. + A second, bridged, network would then connect the web server to + the outside world to serve data to, but the outside world cannot + connect to the database. + </para> + + <para> + To change a virtual machine's virtual network interface to Host + Only mode, do either of the following: + </para> + + <itemizedlist> + + <listitem> + <para> + Go to the <emphasis role="bold">Network</emphasis> page in the + virtual machine's <emphasis role="bold">Settings</emphasis> + dialog and select <emphasis role="bold">Host-Only + Networking</emphasis>. + </para> + </listitem> + + <listitem> + <para> + On the command line, enter <computeroutput>VBoxManage modifyvm + "VM name" --nic<x> hostonly</computeroutput>. See + <xref + linkend="vboxmanage-modifyvm" />. + </para> + </listitem> + + </itemizedlist> + + <para> + Before you can attach a VM to a host-only network you have to + create at least one host-only interface. You can use the GUI for + this. Choose <emphasis role="bold">File</emphasis>, + <emphasis role="bold">Preferences</emphasis>, + <emphasis role="bold">Network</emphasis>, + <emphasis role="bold">Host-Only Network</emphasis>, + <emphasis role="bold">(+)Add Host-Only Network</emphasis>. + </para> + + <para> + Alternatively, you can use the command line: + </para> + +<screen>VBoxManage hostonlyif create</screen> + + <para> + See <xref linkend="vboxmanage-hostonlyif" />. + </para> + + <para> + For host-only networking, as with internal networking, you may + find the DHCP server useful that is built into &product-name;. + This can be enabled to then manage the IP addresses in the + host-only network since otherwise you would need to configure all + IP addresses statically. + </para> + + <itemizedlist> + + <listitem> + <para> + In the &product-name; graphical user interface, you can + configure all these items in the global settings by choosing + <emphasis role="bold">File</emphasis>, + <emphasis role="bold">Preferences</emphasis>, + <emphasis role="bold">Network</emphasis>. This lists all + host-only networks which are presently in use. Click on the + network name and then on + <emphasis role="bold">Edit</emphasis>. You can then modify the + adapter and DHCP settings. + </para> + </listitem> + + <listitem> + <para> + Alternatively, you can use <command>VBoxManage + dhcpserver</command> on the command line. See + <xref + linkend="vboxmanage-dhcpserver" />. + </para> + </listitem> + + </itemizedlist> + + <note> + <para> + On Linux and Mac OS X hosts the number of host-only interfaces + is limited to 128. There is no such limit for Oracle Solaris and + Windows hosts. + </para> + </note> + + </sect1> + + <sect1 id="network_udp_tunnel"> + + <title>UDP Tunnel Networking</title> + + <para> + This networking mode enables you to interconnect virtual machines + running on different hosts. + </para> + + <para> + Technically this is done by encapsulating Ethernet frames sent or + received by the guest network card into UDP/IP datagrams, and + sending them over any network available to the host. + </para> + + <para> + UDP Tunnel mode has the following parameters: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Source UDP port:</emphasis> The port on + which the host listens. Datagrams arriving on this port from + any source address will be forwarded to the receiving part of + the guest network card. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Destination address:</emphasis> IP + address of the target host of the transmitted data. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Destination UDP port:</emphasis> Port + number to which the transmitted data is sent. + </para> + </listitem> + + </itemizedlist> + + <para> + When interconnecting two virtual machines on two different hosts, + their IP addresses must be swapped. On a single host, source and + destination UDP ports must be swapped. + </para> + + <para> + In the following example, host 1 uses the IP address 10.0.0.1 and + host 2 uses IP address 10.0.0.2. To configure using the + command-line: + </para> + +<screen> VBoxManage modifyvm "VM 01 on host 1" --nic<x> generic + VBoxManage modifyvm "VM 01 on host 1" --nicgenericdrv<x> UDPTunnel + VBoxManage modifyvm "VM 01 on host 1" --nicproperty<x> dest=10.0.0.2 + VBoxManage modifyvm "VM 01 on host 1" --nicproperty<x> sport=10001 + VBoxManage modifyvm "VM 01 on host 1" --nicproperty<x> dport=10002</screen> + +<screen> VBoxManage modifyvm "VM 02 on host 2" --nic<y> generic + VBoxManage modifyvm "VM 02 on host 2" --nicgenericdrv<y> UDPTunnel + VBoxManage modifyvm "VM 02 on host 2" --nicproperty<y> dest=10.0.0.1 + VBoxManage modifyvm "VM 02 on host 2" --nicproperty<y> sport=10002 + VBoxManage modifyvm "VM 02 on host 2" --nicproperty<y> dport=10001</screen> + + <para> + Of course, you can always interconnect two virtual machines on the + same host, by setting the destination address parameter to + 127.0.0.1 on both. It will act similarly to an internal network in + this case. However, the host can see the network traffic which it + could not in the normal internal network case. + </para> + + <note> + <para> + On UNIX-based hosts, such as Linux, Oracle Solaris, and Mac OS + X, it is not possible to bind to ports below 1024 from + applications that are not run by + <computeroutput>root</computeroutput>. As a result, if you try + to configure such a source UDP port, the VM will refuse to + start. + </para> + </note> + + </sect1> + + <sect1 id="network_vde"> + + <title>VDE Networking</title> + + <para> + Virtual Distributed Ethernet (VDE) is a flexible, virtual network + infrastructure system, spanning across multiple hosts in a secure + way. It enables L2/L3 switching, including spanning-tree protocol, + VLANs, and WAN emulation. It is an optional part of &product-name; + which is only included in the source code. + </para> + + <para> + VDE is a project developed by Renzo Davoli, Associate Professor at + the University of Bologna, Italy. + </para> + + <para> + The basic building blocks of the infrastructure are VDE switches, + VDE plugs, and VDE wires which interconnect the switches. + </para> + + <para> + The &product-name; VDE driver has a single parameter: VDE network. + This is the name of the VDE network switch socket to which the VM + will be connected. + </para> + + <para> + The following basic example shows how to connect a virtual machine + to a VDE switch. + </para> + + <orderedlist> + + <listitem> + <para> + Create a VDE switch: + </para> + +<screen>vde_switch -s /tmp/switch1</screen> + </listitem> + + <listitem> + <para> + Configure VMs using the command-line: + </para> + +<screen>VBoxManage modifyvm "VM name" --nic<x> generic</screen> + +<screen>VBoxManage modifyvm "VM name" --nicgenericdrv<x> VDE</screen> + + <para> + To connect to an automatically allocated switch port: + </para> + +<screen>VBoxManage modifyvm "VM name" --nicproperty<x> network=/tmp/switch1</screen> + + <para> + To connect to a specific switch port + <replaceable>n</replaceable>: + </para> + +<screen>VBoxManage modifyvm "VM name" --nicproperty<x> network=/tmp/switch1[<n>]</screen> + + <para> + This command can be useful for VLANs. + </para> + </listitem> + + <listitem> + <para> + (Optional) Map between a VDE switch port and a VLAN. + </para> + + <para> + Using the switch command line: + </para> + +<screen>vde$ vlan/create <VLAN></screen> + +<screen>vde$ port/setvlan <port> <VLAN></screen> + </listitem> + + </orderedlist> + + <para> + VDE is available on Linux and FreeBSD hosts only. It is only + available if the VDE software and the VDE plugin library from the + VirtualSquare project are installed on the host system. + </para> + + <note> + <para> + For Linux hosts, the shared library libvdeplug.so must be + available in the search path for shared libraries. + </para> + </note> + + <para> + For more information on setting up VDE networks, please see the + documentation accompanying the software. See also + <ulink + url="http://wiki.virtualsquare.org/wiki/index.php/VDE_Basic_Networking">http://wiki.virtualsquare.org/wiki/index.php/VDE_Basic_Networking</ulink>. + </para> + + </sect1> + + <sect1 id="network_bandwidth_limit"> + + <title>Limiting Bandwidth for Network Input/Output</title> + + <para> + &product-name; supports limiting of the maximum bandwidth used for + network transmission. Several network adapters of one VM may share + limits through bandwidth groups. It is possible to have more than + one such limit. + </para> + + <note> + <para> + &product-name; shapes VM traffic only in the transmit direction, + delaying the packets being sent by virtual machines. It does not + limit the traffic being received by virtual machines. + </para> + </note> + + <para> + Limits are configured through <command>VBoxManage</command>. The + following example creates a bandwidth group named Limit, sets the + limit to 20 Mbps and assigns the group to the first and second + adapters of the VM: + </para> + +<screen>VBoxManage bandwidthctl "VM name" add Limit --type network --limit 20m +VBoxManage modifyvm "VM name" --nicbandwidthgroup1 Limit +VBoxManage modifyvm "VM name" --nicbandwidthgroup2 Limit</screen> + + <para> + All adapters in a group share the bandwidth limit, meaning that in + the example above the bandwidth of both adapters combined can + never exceed 20 Mbps. However, if one adapter does not require + bandwidth the other can use the remaining bandwidth of its group. + </para> + + <para> + The limits for each group can be changed while the VM is running, + with changes being picked up immediately. The following example + changes the limit for the group created in the previous example to + 100 Kbps: + </para> + +<screen>VBoxManage bandwidthctl "VM name" set Limit --limit 100k</screen> + + <para> + To completely disable shaping for the first adapter of VM use the + following command: + </para> + +<screen>VBoxManage modifyvm "VM name" --nicbandwidthgroup1 none</screen> + + <para> + It is also possible to disable shaping for all adapters assigned + to a bandwidth group while VM is running, by specifying the zero + limit for the group. For example, for the bandwidth group named + Limit: + </para> + +<screen>VBoxManage bandwidthctl "VM name" set Limit --limit 0</screen> + + </sect1> + + <sect1 id="network_performance"> + + <title>Improving Network Performance</title> + + <para> + &product-name; provides a variety of virtual network adapters that + can be attached to the host's network in a number of ways. + Depending on which types of adapters and attachments are used the + network performance will be different. Performance-wise the virtio + network adapter is preferable over Intel PRO/1000 emulated + adapters, which are preferred over the PCNet family of adapters. + Both virtio and Intel PRO/1000 adapters enjoy the benefit of + segmentation and checksum offloading. Segmentation offloading is + essential for high performance as it allows for less context + switches, dramatically increasing the sizes of packets that cross + the VM/host boundary. + </para> + + <note> + <para> + Neither virtio nor Intel PRO/1000 drivers for Windows XP support + segmentation offloading. Therefore Windows XP guests never reach + the same transmission rates as other guest types. Refer to MS + Knowledge base article 842264 for additional information. + </para> + </note> + + <para> + Three attachment types: Internal, Bridged, and Host-Only, have + nearly identical performance. The Internal type is a little bit + faster and uses less CPU cycles as the packets never reach the + host's network stack. The NAT attachment type is the slowest and + most secure of all attachment types, as it provides network + address translation. The generic driver attachment is special and + cannot be considered as an alternative to other attachment types. + </para> + + <para> + The number of CPUs assigned to VM does not improve network + performance and in some cases may hurt it due to increased + concurrency in the guest. + </para> + + <para> + Here is a short summary of things to check in order to improve + network performance: + </para> + + <itemizedlist> + + <listitem> + <para> + Whenever possible use the virtio network adapter. Otherwise, + use one of the Intel PRO/1000 adapters. + </para> + </listitem> + + <listitem> + <para> + Use a Bridged attachment instead of NAT. + </para> + </listitem> + + <listitem> + <para> + Make sure segmentation offloading is enabled in the guest OS. + Usually it will be enabled by default. You can check and + modify offloading settings using the + <command>ethtool</command> command on Linux guests. + </para> + </listitem> + + <listitem> + <para> + Perform a full detailed analysis of network traffic on the + VM's network adaptor using a third party tool such as + Wireshark. To do this, a promiscuous mode policy needs to be + used on the VM's network adaptor. Use of this mode is only + possible on the following network types: NAT Network, Bridged + Adapter, Internal Network, and Host-Only Adapter. + </para> + + <para> + To setup a promiscuous mode policy, either select from the + drop down list located in the <emphasis role="bold">Network + Settings</emphasis> dialog for the network adaptor or use the + command line tool <command>VBoxManage</command>. See + <xref linkend="vboxmanage-modifyvm" />. + </para> + + <para> + Promiscuous mode policies are as follows: + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>deny</computeroutput>, which hides any + traffic not intended for the VM's network adaptor. This is + the default setting. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>allow-vms</computeroutput>, which hides + all host traffic from the VM's network adaptor, but allows + it to see traffic from and to other VMs. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>allow-all</computeroutput>, which removes + all restrictions. The VM's network adaptor sees all + traffic. + </para> + </listitem> + + </itemizedlist> + </listitem> + + </itemizedlist> + + </sect1> + +</chapter> diff --git a/doc/manual/en_US/user_Preface.xml b/doc/manual/en_US/user_Preface.xml new file mode 100644 index 00000000..9cf7a6ce --- /dev/null +++ b/doc/manual/en_US/user_Preface.xml @@ -0,0 +1,108 @@ +<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE preface PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" +"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" +[ + <!ENTITY % all.entities SYSTEM "all-entities.ent"> + %all.entities; +]> +<preface id="user-preface" role="frontmatter"> + + <title>Preface</title> + + <para> + The <emphasis>&product-name; User Manual</emphasis> provides an + introduction to using &product-name;. The manual provides + information on how to install &product-name; and use it to create + and configure virtual machines. + </para> + + <sect1 id="user-preface-audience"> + + <title>Audience</title> + + <para> + This document is intended for both new and existing users of + &product-name;. It is assumed that readers are familiar with Web + technologies and have a general understanding of Windows and UNIX + platforms. + </para> + + </sect1> + + <sect1 id="user-preface-reldocs"> + + <title>Related Documents</title> + + <para> + The documentation for this product is available at: + </para> + + <para> + <ulink url="&otn-doc-tab;">&otn-doc-tab;</ulink> + </para> + + </sect1> + + <sect1 id="user-preface-convs"> + + <title>Conventions</title> + + <para> + The following text conventions are used in this document: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">boldface</emphasis>: Boldface type + indicates graphical user interface elements associated with an + action, or terms defined in text or the glossary. + </para> + </listitem> + + <listitem> + <para> + <emphasis>italic</emphasis>: Italic type indicates book + titles, emphasis, or placeholder variables for which you + supply particular values. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>monospace</computeroutput>: Monospace type + indicates commands within a paragraph, URLs, code in examples, + text that appears on the screen, or text that you enter. + </para> + </listitem> + + </itemizedlist> + + </sect1> + + <sect1 id="user-preface-accessibility-statement"> + + <title>Documentation Accessibility</title> + +<!-- Oracle accessibility statement --> + + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" + href="../common/oracle-accessibility-en.xml" + xpointer="xpointer(simplesect/title/following-sibling::node())" /> + + </sect1> + + <sect1 id="user-preface-support-statement"> + + <title>Access to Oracle Support</title> + +<!-- Oracle Support statement --> + + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" + href="../common/oracle-support-en.xml" + xpointer="xpointer(simplesect/title/following-sibling::node())" /> + + </sect1> + +</preface> diff --git a/doc/manual/en_US/user_PrivacyPolicy.xml b/doc/manual/en_US/user_PrivacyPolicy.xml new file mode 100644 index 00000000..b61cf613 --- /dev/null +++ b/doc/manual/en_US/user_PrivacyPolicy.xml @@ -0,0 +1,93 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE appendix PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" + "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"[ +<!ENTITY % all.entities SYSTEM "all-entities.ent"> +%all.entities; +]> +<appendix id="privacy"> + + <title>&product-name; Privacy Information</title> + + <para> + Version 5, Dec 13, 2012 + </para> + + <para> + The Oracle Privacy Policies posted on + <ulink url="http://www.oracle.com/html/privacy.html">http://www.oracle.com/html/privacy.html</ulink> + apply to your personal data collected and used by Oracle. The + following privacy information describes in more detail which + information is exchanged between the &product-name; application and + Oracle, and which information is collected by the virtualbox.org + website. + </para> + + <para> + <emphasis role="bold">§ 1 virtualbox.org.</emphasis> The + "virtualbox.org" website logs anonymous usage information such as + your IP address, geographical location, browser type, referral + source, length of visit and number of page views while you visit + (collectively, "anonymous data"). In addition, but only if you + choose to register, the website's bug tracking and forum services + store the data you choose to reveal upon registration, such as your + user name and contact information. + </para> + + <para> + <emphasis role="bold">§ 2 Cookies.</emphasis> The virtualbox.org + website, the bug tracker and the forum services use cookies to + identify and track the visiting web browser and, if you have + registered, to facilitate login. Most browsers allow you to refuse + to accept cookies. While you can still visit the website with + cookies disabled, logging into the bug tracker and forum services + will most likely not work without them. + </para> + + <para> + <emphasis role="bold">§ 3 &product-name; registration + process.</emphasis> The &product-name; application may ask that the + user optionally register with Oracle. If you choose to register, + your name, e-mail address, country and company will be submitted to + Oracle and stored together with the IP address of the submitter as + well as product version and platform being used. + </para> + + <para> + <emphasis role="bold">§ 4 Update notifications.</emphasis> The + &product-name; application may contact Oracle to find out whether a + new version of &product-name; has been released and notify the user + if that is the case. In the process, anonymous data such as your IP + address and a non-identifying counter, together with the product + version and the platform being used, is sent so that the server can + find out whether an update is available. By default, this check is + performed once a day. You change this interval or disable these + checks altogether in the &product-name; preferences. + </para> + + <para> + <emphasis role="bold">§ 5 Usage of personal information.</emphasis> + Oracle may use anonymous and personal data collected by the means + above for statistical purposes as well as to automatically inform + you about new notices related to your posts on the bug tracker and + forum services, to administer the website and to contact you due to + technical issues. Oracle may also inform you about new product + releases related to &product-name;. + </para> + + <para> + In no event will personal data without your express consent be + provided to any third parties, unless Oracle may be required to do + so by law or in connection with legal proceedings. + </para> + + <para> + <emphasis role="bold">§ 6 Updates.</emphasis> Oracle may update the + privacy policy at any time by posting a new version at + <ulink url="http://www.oracle.com/html/privacy.html">http://www.oracle.com/html/privacy.html</ulink> + and the privacy information will be kept up to date in the + documentation which comes with the &product-name; application. You + should check these places occasionally to ensure you are happy with + any changes. + </para> + +</appendix> diff --git a/doc/manual/en_US/user_Security.xml b/doc/manual/en_US/user_Security.xml new file mode 100644 index 00000000..f229a77e --- /dev/null +++ b/doc/manual/en_US/user_Security.xml @@ -0,0 +1,641 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" +"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"[ +<!ENTITY % all.entities SYSTEM "all-entities.ent"> +%all.entities; +]> +<chapter id="Security"> + + <title>Security Guide</title> + + <sect1 id="security-general"> + + <title>General Security Principles</title> + + <para> + The following principles are fundamental to using any application + securely. + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="strong">Keep software up to date</emphasis>. + One of the principles of good security practise is to keep all + software versions and patches up to date. Activate the + &product-name; update notification to get notified when a new + &product-name; release is available. When updating + &product-name;, do not forget to update the Guest Additions. + Keep the host operating system as well as the guest operating + system up to date. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="strong">Restrict network access to critical + services.</emphasis> Use proper means, for instance a + firewall, to protect your computer and your guests from + accesses from the outside. Choosing the proper networking mode + for VMs helps to separate host networking from the guest and + vice versa. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="strong">Follow the principle of least + privilege.</emphasis> The principle of least privilege states + that users should be given the least amount of privilege + necessary to perform their jobs. Always execute &product-name; + as a regular user. We strongly discourage anyone from + executing &product-name; with system privileges. + </para> + + <para> + Choose restrictive permissions when creating configuration + files, for instance when creating /etc/default/virtualbox, see + <xref linkend="linux_install_opts"/>. Mode 0600 is preferred. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="strong"> Monitor system activity.</emphasis> + System security builds on three pillars: good security + protocols, proper system configuration and system monitoring. + Auditing and reviewing audit records address the third + requirement. Each component within a system has some degree of + monitoring capability. Follow audit advice in this document + and regularly monitor audit records. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="strong">Keep up to date on latest security + information.</emphasis> Oracle continually improves its + software and documentation. Check this note yearly for + revisions. + </para> + </listitem> + + </itemizedlist> + + </sect1> + + <sect1 id="security-secure-install"> + + <title>Secure Installation and Configuration</title> + + <sect2 id="security-secure-install-overview"> + + <title>Installation Overview</title> + + <para> + The &product-name; base package should be downloaded only from a + trusted source, for instance the official website + <ulink url="http://www.virtualbox.org">http://www.virtualbox.org</ulink>. + The integrity of the package should be verified with the + provided SHA256 checksum which can be found on the official + website. + </para> + + <para> + General &product-name; installation instructions for the + supported hosts can be found in <xref linkend="installation"/>. + </para> + + <para> + On Windows hosts, the installer can be used to disable USB + support, support for bridged networking, support for host-only + networking and the Python language binding. See + <xref linkend="installation_windows"/>. All these features are + enabled by default but disabling some of them could be + appropriate if the corresponding functionality is not required + by any virtual machine. The Python language bindings are only + required if the &product-name; API is to be used by external + Python applications. In particular USB support and support for + the two networking modes require the installation of Windows + kernel drivers on the host. Therefore disabling those selected + features can not only be used to restrict the user to certain + functionality but also to minimize the surface provided to a + potential attacker. + </para> + + <para> + The general case is to install the complete &product-name; + package. The installation must be done with system privileges. + All &product-name; binaries should be executed as a regular user + and never as a privileged user. + </para> + + <para> + The &product-name; Extension Pack provides additional features + and must be downloaded and installed separately, see + <xref linkend="intro-installing"/>. As for the base package, the + SHA256 checksum of the extension pack should be verified. As the + installation requires system privileges, &product-name; will ask + for the system password during the installation of the extension + pack. + </para> + + </sect2> + + <sect2 id="security-secure-install-postinstall"> + + <title>Post Installation Configuration</title> + + <para> + Normally there is no post installation configuration of + &product-name; components required. However, on Oracle Solaris + and Linux hosts it is necessary to configure the proper + permissions for users executing VMs and who should be able to + access certain host resources. For instance, Linux users must be + member of the <emphasis>vboxusers</emphasis> group to be able to + pass USB devices to a guest. If a serial host interface should + be accessed from a VM, the proper permissions must be granted to + the user to be able to access that device. The same applies to + other resources like raw partitions, DVD/CD drives, and sound + devices. + </para> + + </sect2> + + </sect1> + + <sect1 id="security-features"> + + <title>Security Features</title> + + <para> + This section outlines the specific security mechanisms offered by + &product-name;. + </para> + + <sect2 id="security-model"> + + <title>The Security Model</title> + + <para> + One property of virtual machine monitors (VMMs) like + &product-name; is to encapsulate a guest by executing it in a + protected environment, a virtual machine, running as a user + process on the host operating system. The guest cannot + communicate directly with the hardware or other computers but + only through the VMM. The VMM provides emulated physical + resources and devices to the guest which are accessed by the + guest operating system to perform the required tasks. The VM + settings control the resources provided to the guest, for + example the amount of guest memory or the number of guest + processors and the enabled features for that guest. For example + remote control, certain screen settings and others. See + <xref linkend="generalsettings"/>. + </para> + + </sect2> + + <sect2 id="secure-config-vms"> + + <title>Secure Configuration of Virtual Machines</title> + + <para> + Several aspects of a virtual machine configuration are subject + to security considerations. + </para> + + <sect3 id="security-networking"> + + <title>Networking</title> + + <para> + The default networking mode for VMs is NAT which means that + the VM acts like a computer behind a router, see + <xref linkend="network_nat"/>. The guest is part of a private + subnet belonging to this VM and the guest IP is not visible + from the outside. This networking mode works without any + additional setup and is sufficient for many purposes. + </para> + + <para> + If bridged networking is used, the VM acts like a computer + inside the same network as the host, see + <xref linkend="network_bridged"/>. In this case, the guest has + the same network access as the host and a firewall might be + necessary to protect other computers on the subnet from a + potential malicious guest as well as to protect the guest from + a direct access from other computers. In some cases it is + worth considering using a forwarding rule for a specific port + in NAT mode instead of using bridged networking. + </para> + + <para> + Some setups do not require a VM to be connected to the public + network at all. Internal networking, see + <xref linkend="network_internal"/>, or host-only networking, + see <xref linkend="network_hostonly"/>, are often sufficient + to connect VMs among each other or to connect VMs only with + the host but not with the public network. + </para> + + </sect3> + + <sect3 id="security-vrdp-auth"> + + <title>VRDP Remote Desktop Authentication</title> + + <para> + When using the &product-name; Extension Pack provided by + Oracle for VRDP remote desktop support, you can optionally use + various methods to configure RDP authentication. The "null" + method is very insecure and should be avoided in a public + network. See <xref linkend="vbox-auth" />. + </para> + + </sect3> + + <sect3 id="security_clipboard"> + + <title>Clipboard</title> + + <para> + The shared clipboard enables users to share data between the + host and the guest. Enabling the clipboard in Bidirectional + mode enables the guest to read and write the host clipboard. + The Host to Guest mode and the Guest to Host mode limit the + access to one direction. If the guest is able to access the + host clipboard it can also potentially access sensitive data + from the host which is shared over the clipboard. + </para> + + <para> + If the guest is able to read from and/or write to the host + clipboard then a remote user connecting to the guest over the + network will also gain this ability, which may not be + desirable. As a consequence, the shared clipboard is disabled + for new machines. + </para> + + </sect3> + + <sect3 id="security-shared-folders"> + + <title>Shared Folders</title> + + <para> + If any host folder is shared with the guest then a remote user + connected to the guest over the network can access these files + too as the folder sharing mechanism cannot be selectively + disabled for remote users. + </para> + + </sect3> + + <sect3 id="security-3d-graphics"> + + <title>3D Graphics Acceleration</title> + + <para> + Enabling 3D graphics using the Guest Additions exposes the + host to additional security risks. See + <xref + linkend="guestadd-3d" />. + </para> + + </sect3> + + <sect3 id="security-cd-dvd-passthrough"> + + <title>CD/DVD Passthrough</title> + + <para> + Enabling CD/DVD passthrough enables the guest to perform + advanced operations on the CD/DVD drive, see + <xref linkend="storage-cds"/>. This could induce a security + risk as a guest could overwrite data on a CD/DVD medium. + </para> + + </sect3> + + <sect3 id="security-usb-passthrough"> + + <title>USB Passthrough</title> + + <para> + Passing USB devices to the guest provides the guest full + access to these devices, see <xref linkend="settings-usb"/>. + For instance, in addition to reading and writing the content + of the partitions of an external USB disk the guest will be + also able to read and write the partition table and hardware + data of that disk. + </para> + + </sect3> + + </sect2> + + <sect2 id="auth-config-using"> + + <title>Configuring and Using Authentication</title> + + <para> + The following components of &product-name; can use passwords for + authentication: + </para> + + <itemizedlist> + + <listitem> + <para> + When using remote iSCSI storage and the storage server + requires authentication, an initiator secret can optionally + be supplied with the <command>VBoxManage + storageattach</command> command. As long as no settings + password is provided, by using the command line option + <option>--settingspwfile</option>, then this secret is + stored <emphasis>unencrypted</emphasis> in the machine + configuration and is therefore potentially readable on the + host. See <xref linkend="storage-iscsi" /> and + <xref linkend="vboxmanage-storageattach" />. + </para> + </listitem> + + <listitem> + <para> + When using the &product-name; web service to control an + &product-name; host remotely, connections to the web service + are authenticated in various ways. This is described in + detail in the &product-name; Software Development Kit (SDK) + reference. See <xref linkend="VirtualBoxAPI" />. + </para> + </listitem> + + </itemizedlist> + + </sect2> + +<!-- + <sect2 id="access-control-config-using"> + <title>Configuring and Using Access Control</title> + </sect2> + + <sect2 id="security-audit-config-using"> + <title>Configuring and Using Security Audit</title> + </sect2> + + <sect2 id="security-other-features-config-using"> + <title>Configuring and Using Other Security Features</title> + </sect2> + --> + + <sect2 id="pot-insecure"> + + <title>Potentially Insecure Operations</title> + + <para> + The following features of &product-name; can present security + problems: + </para> + + <itemizedlist> + + <listitem> + <para> + Enabling 3D graphics using the Guest Additions exposes the + host to additional security risks. See + <xref + linkend="guestadd-3d" />. + </para> + </listitem> + + <listitem> + <para> + When teleporting a machine, the data stream through which + the machine's memory contents are transferred from one host + to another is not encrypted. A third party with access to + the network through which the data is transferred could + therefore intercept that data. An SSH tunnel could be used + to secure the connection between the two hosts. But when + considering teleporting a VM over an untrusted network the + first question to answer is how both VMs can securely access + the same virtual disk image with a reasonable performance. + </para> + </listitem> + + <listitem> + <para> + When Page Fusion, see <xref linkend="guestadd-pagefusion"/>, + is enabled, it is possible that a side-channel opens up that + enables a malicious guest to determine the address space of + another VM running on the same host layout. For example, + where DLLs are typically loaded. This information leak in + itself is harmless, however the malicious guest may use it + to optimize attack against that VM through unrelated attack + vectors. It is recommended to only enable Page Fusion if you + do not think this is a concern in your setup. + </para> + </listitem> + + <listitem> + <para> + When using the &product-name; web service to control an + &product-name; host remotely, connections to the web + service, over which the API calls are transferred using SOAP + XML, are not encrypted. They use plain HTTP by default. This + is a potential security risk. For details about the web + service, see <xref linkend="VirtualBoxAPI" />. + </para> + + <para> + The web services are not started by default. See + <xref linkend="vboxwebsrv-daemon"/> to find out how to start + this service and how to enable SSL/TLS support. It has to be + started as a regular user and only the VMs of that user can + be controlled. By default, the service binds to localhost + preventing any remote connection. + </para> + </listitem> + + <listitem> + <para> + Traffic sent over a UDP Tunnel network attachment is not + encrypted. You can either encrypt it on the host network + level, with IPsec, or use encrypted protocols in the guest + network, such as SSH. The security properties are similar to + bridged Ethernet. + </para> + </listitem> + + <listitem> + <para> + Because of shortcomings in older Windows versions, using + &product-name; on Windows versions older than Vista with + Service Pack 1 is not recommended. + </para> + </listitem> + + </itemizedlist> + + </sect2> + + <sect2 id="security-encryption"> + + <title>Encryption</title> + + <para> + The following components of &product-name; use encryption to + protect sensitive data: + </para> + + <itemizedlist> + + <listitem> + <para> + When using the &product-name; Extension Pack provided by + Oracle for VRDP remote desktop support, RDP data can + optionally be encrypted. See <xref linkend="vrde-crypt" />. + Only the Enhanced RDP Security method (RDP5.2) with TLS + protocol provides a secure connection. Standard RDP Security + (RDP4 and RDP5.1) is vulnerable to a man-in-the-middle + attack. + </para> + </listitem> + + </itemizedlist> + + </sect2> + + </sect1> + +<!-- + <sect1 id="security-devel"> + <title>Security Considerations for Developers</title> + </sect1> + --> + + <sect1 id="security-recommendations"> + + <title>Security Recommendations</title> + + <para> + This section contains security recommendations for specific + issues. By default VirtualBox will configure the VMs to run in a + secure manner, however this may not always be possible without + additional user actions (e.g. host OS / firmware configuration + changes). + </para> + + <sect2 id="sec-rec-cve-2018-3646"> + + <title>CVE-2018-3646</title> + + <para> + This security issue affect a range of Intel CPUs with nested + paging. AMD CPUs are expected not to be impacted (pending direct + confirmation by AMD). Also the issue does not affect VMs running + with hardware virtualization disabled or with nested paging + disabled. + </para> + + <para> + For more information about nested paging, see + <xref linkend="nestedpaging" />. + </para> + + <para> + Mitigation options: + </para> + + <sect3> + + <title>Disable nested paging</title> + + <para> + By disabling nested paging (EPT), the VMM will construct page + tables shadowing the ones in the guest. It is no possible for + the guest to insert anything fishy into the page tables, since + the VMM carefully validates each entry before shadowing it. + </para> + + <para> + As a side effect of disabling nested paging, several CPU + features will not be made available to the guest. Among these + features are AVX, AVX2, XSAVE, AESNI, and POPCNT. Not all + guests may be able to cope with dropping these features after + installation. Also, for some guests, especially in SMP + configurations, there could be stability issues arrising from + disabling nested paging. Finally, some workloads may + experience a performance degradation. + </para> + + </sect3> + + <sect3> + + <title>Flushing the level 1 data cache</title> + + <para> + This aims at removing potentially sensitive data from the + level 1 data cache when running guest code. However, it is + made difficult by hyper-threading setups sharing the level 1 + cache and thereby potentially letting the other thread in a + pair refill the cache with data the user does not want the + guest to see. In addition, flushing the level 1 data cache is + usually not without performance side effects. + </para> + + <para> + Up to date CPU microcode is a prerequisite for the cache + flushing mitigations. Some host OSes may install these + automatically, though it has traditionally been a task best + performed by the system firmware. So, please check with your + system / mainboard manufacturer for the latest firmware + update. + </para> + + <para> + We recommend disabling hyper threading on the host. This is + traditionally done from the firmware setup, but some OSes also + offers ways disable HT. In some cases it may be disabled by + default, but please verify as the effectiveness of the + mitigation depends on it. + </para> + + <para> + The default action taken by VirtualBox is to flush the level 1 + data cache when a thread is scheduled to execute guest code, + rather than on each VM entry. This reduces the performance + impact, while making the assumption that the host OS will not + handle security sensitive data from interrupt handlers and + similar without taking precautions. + </para> + + <para> + A more aggressive flushing option is provided via the + VBoxManage modifyvm option + <computeroutput>--l1d-flush-on-vm-entry</computeroutput>. When + enabled the level 1 data cache will be flushed on every VM + entry. The performance impact is greater than with the default + option, though this of course depends on the workload. + Workloads producing a lot of VM exits (like networking, VGA + access, and similiar) will probably be most impacted. + </para> + + <para> + For users not concerned by this security issue, the default + mitigation can be disabled using + </para> + + <para> + <computeroutput>VBoxManage modifyvm name --l1d-flush-on-sched + off</computeroutput> + </para> + + </sect3> + + </sect2> + + </sect1> + +</chapter> diff --git a/doc/manual/en_US/user_Storage.xml b/doc/manual/en_US/user_Storage.xml new file mode 100644 index 00000000..e5fb71ca --- /dev/null +++ b/doc/manual/en_US/user_Storage.xml @@ -0,0 +1,1727 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" +"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"[ +<!ENTITY % all.entities SYSTEM "all-entities.ent"> +%all.entities; +]> +<chapter id="storage"> + + <title>Virtual Storage</title> + + <para> + As the virtual machine will most probably expect to see a hard disk + built into its virtual computer, &product-name; must be able to + present real storage to the guest as a virtual hard disk. There are + presently three methods by which to achieve this: + </para> + + <itemizedlist> + + <listitem> + <para> + &product-name; can use large image files on a real hard disk and + present them to a guest as a virtual hard disk. This is the most + common method, described in <xref linkend="vdidetails" />. + </para> + </listitem> + + <listitem> + <para> + iSCSI storage servers can be attached to &product-name;. This is + described in <xref linkend="storage-iscsi" />. + </para> + </listitem> + + <listitem> + <para> + You can allow a virtual machine to access one of your host disks + directly. This is an advanced feature, described in + <xref linkend="rawdisk" />. + </para> + </listitem> + + </itemizedlist> + + <para> + Each such virtual storage device, such as an image file, iSCSI + target, or physical hard disk, needs to be connected to the virtual + hard disk controller that &product-name; presents to a virtual + machine. This is explained in the next section. + </para> + + <sect1 id="harddiskcontrollers"> + + <title>Hard Disk Controllers: IDE, SATA (AHCI), SCSI, SAS, USB MSD, NVMe</title> + + <para> + In a real PC, hard disks and CD/DVD drives are connected to a + device called hard disk controller which drives hard disk + operation and data transfers. &product-name; can emulate the five + most common types of hard disk controllers typically found in + today's PCs: IDE, SATA (AHCI), SCSI, SAS, USB-based, and NVMe mass + storage devices. + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">IDE (ATA)</emphasis> controllers are a + backwards compatible yet very advanced extension of the disk + controller in the IBM PC/AT (1984). Initially, this interface + worked only with hard disks, but was later extended to also + support CD-ROM drives and other types of removable media. In + physical PCs, this standard uses flat ribbon parallel cables + with 40 or 80 wires. Each such cable can connect two devices + to a controller, which have traditionally been called + <emphasis>master</emphasis> and <emphasis>slave</emphasis>. + Typical PCs had two connectors for such cables. As a result, + support for up to four IDE devices was most common. + </para> + + <para> + In &product-name;, each virtual machine may have one IDE + controller enabled, which gives you up to four virtual storage + devices that you can attach to the machine. By default, one of + these virtual storage devices, the secondary master, is + preconfigured to be the virtual machine's virtual CD/DVD + drive. However, you can change the default setting. + </para> + + <para> + Even if your guest OS has no support for SCSI or SATA devices, + it should always be able to see an IDE controller. + </para> + + <para> + You can also select which exact type of IDE controller + hardware &product-name; should present to the virtual machine: + PIIX3, PIIX4, or ICH6. This makes no difference in terms of + performance, but if you import a virtual machine from another + virtualization product, the OS in that machine may expect a + particular controller type and crash if it is not found. + </para> + + <para> + After you have created a new virtual machine with the + <emphasis role="bold">New Virtual Machine</emphasis> wizard of + the graphical user interface, you will typically see one IDE + controller in the machine's + <emphasis role="bold">Storage</emphasis> settings. The virtual + CD/DVD drive will be attached to one of the four ports of this + controller. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Serial ATA (SATA)</emphasis> is a newer + standard introduced in 2003. Compared to IDE, it supports both + much higher speeds and more devices per controller. Also, with + physical hardware, devices can be added and removed while the + system is running. The standard interface for SATA controllers + is called Advanced Host Controller Interface (AHCI). + </para> + + <para> + Like a real SATA controller, &product-name;'s virtual SATA + controller operates faster and also consumes fewer CPU + resources than the virtual IDE controller. Also, this enables + you to connect up to 30 virtual hard disks to one machine + instead of just three, when compared to the &product-name; IDE + controller with a DVD drive attached. + </para> + + <para> + For this reason, depending on the selected guest OS, + &product-name; uses SATA as the default for newly created + virtual machines. One virtual SATA controller is created by + default, and the default disk that is created with a new VM is + attached to this controller. + </para> + + <warning> + <para> + The entire SATA controller and the virtual disks attached to + it, including those in IDE compatibility mode, will not be + seen by OSes that do not have device support for AHCI. In + particular, <emphasis>there is no support for AHCI in + Windows before Windows Vista</emphasis>. So Windows XP, even + SP3, will not see such disks unless you install additional + drivers. It is possible to switch from IDE to SATA after + installation by installing the SATA drivers and changing the + controller type in the VM + <emphasis role="bold">Settings</emphasis> dialog. + </para> + + <para> + &product-name; recommends the Intel Matrix Storage drivers, + which can be downloaded from + <ulink + url="http://downloadcenter.intel.com/Product_Filter.aspx?ProductID=2101">http://downloadcenter.intel.com/Product_Filter.aspx?ProductID=2101</ulink>. + </para> + </warning> + + <para> + To add a SATA controller to a machine for which it has not + been enabled by default, either because it was created by an + earlier version of &product-name;, or because SATA is not + supported by default by the selected guest OS, do the + following. Go to the <emphasis role="bold">Storage</emphasis> + page of the machine's + <emphasis role="bold">Settings</emphasis> dialog, click + <emphasis role="bold">Add Controller</emphasis> under the + Storage Tree box and then select <emphasis role="bold">Add + SATA Controller</emphasis>. The new controller appears as a + separate PCI device in the virtual machine, and you can add + virtual disks to it. + </para> + + <para> + To change the IDE compatibility mode settings for the SATA + controller, see <xref linkend="vboxmanage-storagectl" />. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">SCSI</emphasis> is another established + industry standard, standing for Small Computer System + Interface. SCSI was standardized as early as 1986 as a generic + interface for data transfer between all kinds of devices, + including storage devices. Today SCSI is still used for + connecting hard disks and tape devices, but it has mostly been + displaced in commodity hardware. It is still in common use in + high-performance workstations and servers. + </para> + + <para> + Primarily for compatibility with other virtualization + software, &product-name; optionally supports LSI Logic and + BusLogic SCSI controllers, to each of which up to 15 virtual + hard disks can be attached. + </para> + + <para> + To enable a SCSI controller, on the + <emphasis role="bold">Storage</emphasis> page of a virtual + machine's <emphasis role="bold">Settings</emphasis> dialog, + click <emphasis role="bold">Add Controller</emphasis> under + the Storage Tree box and then select <emphasis role="bold">Add + SCSI Controller</emphasis>. The new controller appears as a + separate PCI device in the virtual machine. + </para> + + <warning> + <para> + As with the other controller types, a SCSI controller will + only be seen by OSes with device support for it. Windows + 2003 and later ships with drivers for the LSI Logic + controller, while Windows NT 4.0 and Windows 2000 ships with + drivers for the BusLogic controller. Windows XP ships with + drivers for neither. + </para> + </warning> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Serial Attached SCSI (SAS)</emphasis> is + another bus standard which uses the SCSI command set. As + opposed to SCSI, however, with physical devices, serial cables + are used instead of parallel ones, which simplifies physical + device connections. In some ways, therefore, SAS is to SCSI + what SATA is to IDE: it enables more reliable and faster + connections. + </para> + + <para> + To support high-end guests which require SAS controllers, + &product-name; emulates a LSI Logic SAS controller, which can + be enabled much the same way as a SCSI controller. At this + time, up to eight devices can be connected to the SAS + controller. + </para> + + <warning> + <para> + As with SATA, the SAS controller will only be seen by OSes + with device support for it. In particular, <emphasis>there + is no support for SAS in Windows before Windows + Vista</emphasis>. So Windows XP, even SP3, will not see such + disks unless you install additional drivers. + </para> + </warning> + </listitem> + + <listitem> + <para> + The <emphasis role="bold">USB mass storage device + class</emphasis> is a standard to connect external storage + devices like hard disks or flash drives to a host through USB. + All major OSes support these devices for a long time and ship + generic drivers making third-party drivers superfluous. In + particular, legacy OSes without support for SATA controllers + may benefit from USB mass storage devices. + </para> + + <para> + The virtual USB storage controller offered by &product-name; + works differently to the other storage controller types. While + most storage controllers appear as a single PCI device to the + guest with multiple disks attached to it, the USB-based + storage controller does not appear as virtual storage + controller. Each disk attached to the controller appears as a + dedicated USB device to the guest. + </para> + + <warning> + <para> + Booting from drives attached using USB is only supported + when EFI is used as the BIOS lacks USB support. + </para> + </warning> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Non volatile memory express + (NVMe)</emphasis> is a standard which emerged in 2011 for + connecting non volatile memory (NVM) directly over PCI express + to lift the bandwidth limitation of the previously used SATA + protocol for SSDs. Unlike other standards the command set is + very simple to achieve maximum throughput and is not + compatible with ATA or SCSI. OSes need to support NVMe devices + to make use of them. For example, Windows 8.1 added native + NVMe support. For Windows 7, native support was added with an + update. + </para> + + <para> + The NVMe controller is part of the extension pack. + </para> + + <warning> + <para> + Booting from drives attached using NVMe is only supported + when EFI is used as the BIOS lacks the appropriate driver. + </para> + </warning> + </listitem> + + </itemizedlist> + + <para> + In summary, &product-name; gives you the following categories of + virtual storage slots: + </para> + + <itemizedlist> + + <listitem> + <para> + Four slots attached to the traditional IDE controller, which + are always present. One of these is typically a virtual CD/DVD + drive. + </para> + </listitem> + + <listitem> + <para> + 30 slots attached to the SATA controller, if enabled and + supported by the guest OS. + </para> + </listitem> + + <listitem> + <para> + 15 slots attached to the SCSI controller, if enabled and + supported by the guest OS. + </para> + </listitem> + + <listitem> + <para> + Eight slots attached to the SAS controller, if enabled and + supported by the guest OS. + </para> + </listitem> + + <listitem> + <para> + Eight slots attached to the virtual USB controller, if enabled + and supported by the guest OS. + </para> + </listitem> + + <listitem> + <para> + Up to 255 slots attached to the NVMe controller, if enabled + and supported by the guest OS. + </para> + </listitem> + + </itemizedlist> + + <para> + Given this large choice of storage controllers, you may not know + which one to choose. In general, you should avoid IDE unless it is + the only controller supported by your guest. Whether you use SATA, + SCSI, or SAS does not make any real difference. The variety of + controllers is only supplied by &product-name; for compatibility + with existing hardware and other hypervisors. + </para> + + </sect1> + + <sect1 id="vdidetails"> + + <title>Disk Image Files (VDI, VMDK, VHD, HDD)</title> + + <para> + Disk image files reside on the host system and are seen by the + guest systems as hard disks of a certain geometry. When a guest OS + reads from or writes to a hard disk, &product-name; redirects the + request to the image file. + </para> + + <para> + Like a physical disk, a virtual disk has a size, or capacity, + which must be specified when the image file is created. As opposed + to a physical disk however, &product-name; enables you to expand + an image file after creation, even if it has data already. See + <xref linkend="vboxmanage-modifyvdi" />. + </para> + + <para> + &product-name; supports the following types of disk image files: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">VDI.</emphasis> Normally, &product-name; + uses its own container format for guest hard disks. This is + called a Virtual Disk Image (VDI) file. This format is used + when you create a new virtual machine with a new disk. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">VMDK.</emphasis> &product-name; also + fully supports the popular and open VMDK container format that + is used by many other virtualization products, such as VMware. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">VHD.</emphasis> &product-name; also + fully supports the VHD format used by Microsoft. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">HDD.</emphasis> Image files of Parallels + version 2 (HDD format) are also supported. + </para> + + <para> + Due to lack of documentation of the format, newer versions + such as 3 and 4 are not supported. You can however convert + such image files to version 2 format using tools provided by + Parallels. + </para> + </listitem> + + </itemizedlist> + + <para> + Irrespective of the disk capacity and format, as mentioned in + <xref linkend="gui-createvm" />, there are two options for + creating a disk image: fixed-size or dynamically allocated. + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Fixed-size.</emphasis> If you create a + fixed-size image, an image file will be created on your host + system which has roughly the same size as the virtual disk's + capacity. So, for a 10 GB disk, you will have a 10 GB file. + Note that the creation of a fixed-size image can take a long + time depending on the size of the image and the write + performance of your hard disk. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Dynamically allocated.</emphasis> For + more flexible storage management, use a dynamically allocated + image. This will initially be very small and not occupy any + space for unused virtual disk sectors, but will grow every + time a disk sector is written to for the first time, until the + drive reaches the maximum capacity chosen when the drive was + created. While this format takes less space initially, the + fact that &product-name; needs to expand the image file + consumes additional computing resources, so until the disk + file size has stabilized, write operations may be slower than + with fixed size disks. However, after a time the rate of + growth will slow and the average penalty for write operations + will be negligible. + </para> + </listitem> + + </itemizedlist> + + </sect1> + + <sect1 id="vdis"> + + <title>The Virtual Media Manager</title> + + <para> + &product-name; keeps track of all the hard disk, CD/DVD-ROM, and + floppy disk images which are in use by virtual machines. These are + often referred to as <emphasis>known media</emphasis> and come + from two sources: + </para> + + <itemizedlist> + + <listitem> + <para> + All media currently attached to virtual machines. + </para> + </listitem> + + <listitem> + <para> + Registered media, for compatibility with &product-name; + versions older than version 4.0. For details about how media + registration has changed with version 4.0, see + <xref linkend="vboxconfigdata" />. + </para> + </listitem> + + </itemizedlist> + + <para> + The known media can be viewed and changed using the + <emphasis role="bold">Virtual Media Manager</emphasis>, which you + can access from the <emphasis role="bold">File</emphasis> menu in + the VirtualBox Manager window. + </para> + + <figure id="fig-virtual-media-manager"> + <title>The Virtual Media Manager</title> + <mediaobject> + <imageobject> + <imagedata align="center" fileref="images/virtual-disk-manager.png" + width="12cm" /> + </imageobject> + </mediaobject> + </figure> + + <para> + The known media are conveniently grouped in separate tabs for the + supported formats. These formats are: + </para> + + <itemizedlist> + + <listitem> + <para> + Hard disk images, either in &product-name;'s own Virtual Disk + Image (VDI) format, or in the third-party formats listed in + <xref linkend="vdidetails"/>. + </para> + </listitem> + + <listitem> + <para> + CD/DVD images in standard ISO format. + </para> + </listitem> + + <listitem> + <para> + Floppy images in standard RAW format. + </para> + </listitem> + + </itemizedlist> + + <para> + For each image, the Virtual Media Manager shows you the full path + of the image file and other information, such as the virtual + machine the image is currently attached to. + </para> + + <para> + The Virtual Media Manager enables you to do the following: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Add</emphasis> an image to the registry. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Copy</emphasis> a virtual hard disk to + create another one. + </para> + + <para> + You can specify one of the following target types: VDI, VHD, + or VMDK. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Move</emphasis> an image that is + currently in the registry to another location. + </para> + + <para> + A file dialog prompts you for the new image file location. + </para> + + <para> + When you use the Virtual Media Manager to move a disk image, + &product-name; updates all related configuration files + automatically. + </para> + + <note> + <para> + Always use the Virtual Media Manager or the + <command>VBoxManage modifymedium</command> command to move a + disk image. + </para> + + <para> + If you use a file management feature of the host OS to move + a disk image to a new location, run the <command>VBoxManage + modifymedium</command> <option>--setlocation</option> + command to configure the new path of the disk image on the + host file system. This command updates the &product-name; + configuration automatically. + </para> + </note> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Remove</emphasis> an image from the + registry. You can optionally delete the image file when + removing the image. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Release</emphasis> an image to detach it + from a VM. This action only applies if the image is currently + attached to a VM as a virtual hard disk. + </para> + </listitem> + + <listitem> + <para> + View and edit the <emphasis role="bold">Properties</emphasis> + of a disk image. + </para> + + <para> + Available properties include the following: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Type:</emphasis> Specifies the + snapshot behavior of the disk. See + <xref linkend="hdimagewrites"/>. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Location:</emphasis> Specifies the + location of the disk image file on the host system. You + can use a file dialog to browse for the disk image + location. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Description:</emphasis> Specifies a + short description of the disk image. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Size:</emphasis> Specifies the size + of the disk image. You can use the slider to increase or + decrease the disk image size. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Information:</emphasis> Specifies + detailed information about the disk image. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Refresh</emphasis> the property values + of the selected disk image. + </para> + </listitem> + + </itemizedlist> + + <para> + To perform these actions, highlight the medium in the Virtual + Media Manager and then do one of the following: + </para> + + <itemizedlist> + + <listitem> + <para> + Click an icon in the Virtual Media Manager task bar. + </para> + </listitem> + + <listitem> + <para> + Right-click the medium and select an option. + </para> + </listitem> + + </itemizedlist> + + <para> + Use the <emphasis role="bold">Storage</emphasis> page in a VM's + <emphasis role="bold">Settings</emphasis> dialog to create a new + disk image. By default, disk images are stored in the VM's folder. + </para> + + <para> + You can copy hard disk image files to other host systems and + import them in to VMs from the host system. However, certain guest + OSes, such as Windows 2000 and Windows XP, require that you + configure the new VM in a similar way to the old one. + </para> + + <note> + <para> + Do not simply make copies of virtual disk images. If you import + such a second copy into a VM, &product-name; issues an error + because &product-name; assigns a universally unique identifier + (UUID) to each disk image to ensure that it is only used one + time. See <xref linkend="cloningvdis" />. Also, if you want to + copy a VM to another system, use the &product-name; import and + export features. See <xref linkend="ovf" />. + </para> + </note> + + </sect1> + + <sect1 id="hdimagewrites"> + + <title>Special Image Write Modes</title> + + <para> + For each virtual disk image supported by &product-name;, you can + determine separately how it should be affected by write operations + from a virtual machine and snapshot operations. This applies to + all of the aforementioned image formats (VDI, VMDK, VHD, or HDD) + and irrespective of whether an image is fixed-size or dynamically + allocated. + </para> + + <para> + By default, images are in <emphasis>normal</emphasis> mode. To + mark an existing image with one of the non-standard modes listed + below, use <command>VBoxManage modifyhd</command>. See + <xref linkend="vboxmanage-modifyvdi" />. Alternatively, use + <command>VBoxManage</command> to attach the image to a VM and use + the <option>--mtype</option> argument. See + <xref linkend="vboxmanage-storageattach" />. + </para> + + <para> + The available virtual disk image modes are as follows: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Normal images</emphasis> have no + restrictions on how guests can read from and write to the + disk. This is the default image mode. + </para> + + <para> + When you take a snapshot of your virtual machine as described + in <xref linkend="snapshots" />, the state of a normal hard + disk is recorded together with the snapshot, and when + reverting to the snapshot, its state will be fully reset. + </para> + + <para> + The image file itself is not reset. Instead, when a snapshot + is taken, &product-name; "freezes" the image file and no + longer writes to it. For the write operations from the VM, a + second, <emphasis>differencing</emphasis> image file is + created which receives only the changes to the original image. + See <xref linkend="diffimages"/>. + </para> + + <para> + While you can attach the same normal image to more than one + virtual machine, only one of these virtual machines attached + to the same image file can be executed simultaneously, as + otherwise there would be conflicts if several machines write + to the same image file. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Write-through hard disks</emphasis> are + completely unaffected by snapshots. Their state is + <emphasis>not</emphasis> saved when a snapshot is taken, and + not restored when a snapshot is restored. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Shareable hard disks</emphasis> are a + variant of write-through hard disks. In principle they behave + exactly the same. Their state is <emphasis>not</emphasis> + saved when a snapshot is taken, and not restored when a + snapshot is restored. The difference only shows if you attach + such disks to several VMs. Shareable disks may be attached to + several VMs which may run concurrently. This makes them + suitable for use by cluster filesystems between VMs and + similar applications which are explicitly prepared to access a + disk concurrently. Only fixed size images can be used in this + way, and dynamically allocated images are rejected. + </para> + + <warning> + <para> + This is an expert feature, and misuse can lead to data loss, + as regular filesystems are not prepared to handle + simultaneous changes by several parties. + </para> + </warning> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Immutable images</emphasis> only + remember write accesses temporarily while the virtual machine + is running. All changes are lost when the virtual machine is + powered on the next time. As a result, as opposed to Normal + images, the same immutable image can be used with several + virtual machines without restrictions. + </para> + + <para> + Creating an immutable image makes little sense since it would + be initially empty and lose its contents with every machine + restart. You would have a disk that is always unformatted when + the machine starts up. Instead, you can first create a normal + image and then later mark it as immutable when you decide that + the contents are useful. + </para> + + <para> + If you take a snapshot of a machine with immutable images, + then on every machine power-up, those images are reset to the + state of the last (current) snapshot, instead of the state of + the original immutable image. + </para> + + <note> + <para> + As a special exception, immutable images are + <emphasis>not</emphasis> reset if they are attached to a + machine in a saved state or whose last snapshot was taken + while the machine was running. This is called an + <emphasis>online snapshot</emphasis>. As a result, if the + machine's current snapshot is an online snapshot, its + immutable images behave exactly like the a normal image. To + reenable the automatic resetting of such images, delete the + current snapshot of the machine. + </para> + </note> + + <para> + &product-name; never writes to an immutable image directly at + all. All write operations from the machine are directed to a + differencing image. The next time the VM is powered on, the + differencing image is reset so that every time the VM starts, + its immutable images have exactly the same content. + </para> + + <para> + The differencing image is only reset when the machine is + powered on from within &product-name;, not when you reboot by + requesting a reboot from within the machine. This is also why + immutable images behave as described above when snapshots are + also present, which use differencing images as well. + </para> + + <para> + If the automatic discarding of the differencing image on VM + startup does not fit your needs, you can turn it off using the + <option>autoreset</option> parameter of <command>VBoxManage + modifyhd</command>. See + <xref linkend="vboxmanage-modifyvdi"/>. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Multiattach mode images</emphasis> can + be attached to more than one virtual machine at the same time, + even if these machines are running simultaneously. For each + virtual machine to which such an image is attached, a + differencing image is created. As a result, data that is + written to such a virtual disk by one machine is not seen by + the other machines to which the image is attached. Each + machine creates its own write history of the multiattach + image. + </para> + + <para> + Technically, a multiattach image behaves identically to an + immutable image except the differencing image is not reset + every time the machine starts. + </para> + + <para> + This mode is useful for sharing files which are almost never + written, for instance picture galleries, where every guest + changes only a small amount of data and the majority of the + disk content remains unchanged. The modified blocks are stored + in differencing images which remain relatively small and the + shared content is stored only once at the host. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Read-only images</emphasis> are used + automatically for CD/DVD images, since CDs/DVDs can never be + written to. + </para> + </listitem> + + </itemizedlist> + + <para> + The following scenario illustrates the differences between the + various image modes, with respect to snapshots. + </para> + + <para> + Assume you have installed your guest OS in your VM, and you have + taken a snapshot. Later, your VM is infected with a virus and you + would like to go back to the snapshot. With a normal hard disk + image, you simply restore the snapshot, and the earlier state of + your hard disk image will be restored as well and your virus + infection will be undone. With an immutable hard disk, all it + takes is to shut down and power on your VM, and the virus + infection will be discarded. With a write-through image however, + you cannot easily undo the virus infection by means of + virtualization, but will have to disinfect your virtual machine + like a real computer. + </para> + + <para> + You might find write-through images useful if you want to preserve + critical data irrespective of snapshots. As you can attach more + than one image to a VM, you may want to have one immutable image + for the OS and one write-through image for your data files. + </para> + + </sect1> + + <sect1 id="diffimages"> + + <title>Differencing Images</title> + + <para> + The previous section mentioned differencing images and how they + are used with snapshots, immutable images, and multiple disk + attachments. This section describes in more detail how + differencing images work. + </para> + + <para> + A differencing image is a special disk image that only holds the + differences to another image. A differencing image by itself is + useless, it must always refer to another image. The differencing + image is then typically referred to as a + <emphasis>child</emphasis>, which holds the differences to its + <emphasis>parent</emphasis>. + </para> + + <para> + When a differencing image is active, it receives all write + operations from the virtual machine instead of its parent. The + differencing image only contains the sectors of the virtual hard + disk that have changed since the differencing image was created. + When the machine reads a sector from such a virtual hard disk, it + looks into the differencing image first. If the sector is present, + it is returned from there. If not, &product-name; looks into the + parent. In other words, the parent becomes + <emphasis>read-only</emphasis>. It is never written to again, but + it is read from if a sector has not changed. + </para> + + <para> + Differencing images can be chained. If another differencing image + is created for a virtual disk that already has a differencing + image, then it becomes a <emphasis>grandchild</emphasis> of the + original parent. The first differencing image then becomes + read-only as well, and write operations only go to the + second-level differencing image. When reading from the virtual + disk, &product-name; needs to look into the second differencing + image first, then into the first if the sector was not found, and + then into the original image. + </para> + + <para> + There can be an unlimited number of differencing images, and each + image can have more than one child. As a result, the differencing + images can form a complex tree with parents, siblings, and + children, depending on how complex your machine configuration is. + Write operations always go to the one <emphasis>active</emphasis> + differencing image that is attached to the machine, and for read + operations, &product-name; may need to look up all the parents in + the chain until the sector in question is found. You can view such + a tree in the Virtual Media Manager. + </para> + + <figure id="fig-diff-images"> + <title>Differencing Images, Shown in Virtual Media Manager</title> + <mediaobject> + <imageobject> + <imagedata align="center" fileref="images/virtual-disk-manager2.png" + width="12cm" /> + </imageobject> + </mediaobject> + </figure> + + <para> + In all of these situations, from the point of view of the virtual + machine, the virtual hard disk behaves like any other disk. While + the virtual machine is running, there is a slight run-time I/O + overhead because &product-name; might need to look up sectors + several times. This is not noticeable however since the tables + with sector information are always kept in memory and can be + looked up quickly. + </para> + + <para> + Differencing images are used in the following situations: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Snapshots.</emphasis> When you create a + snapshot, as explained in the previous section, &product-name; + "freezes" the images attached to the virtual machine and + creates differencing images for each image that is not in + "write-through" mode. From the point of view of the virtual + machine, the virtual disks continue to operate before, but all + write operations go into the differencing images. Each time + you create another snapshot, for each hard disk attachment, + another differencing image is created and attached, forming a + chain or tree. + </para> + + <para> + In the above screenshot, you see that the original disk image + is now attached to a snapshot, representing the state of the + disk when the snapshot was taken. + </para> + + <para> + If you <emphasis>restore</emphasis> a snapshot, and want to go + back to the exact machine state that was stored in the + snapshot, the following happens: + </para> + + <itemizedlist> + + <listitem> + <para> + &product-name; copies the virtual machine settings that + were copied into the snapshot back to the virtual machine. + As a result, if you have made changes to the machine + configuration since taking the snapshot, they are undone. + </para> + </listitem> + + <listitem> + <para> + If the snapshot was taken while the machine was running, + it contains a saved machine state, and that state is + restored as well. After restoring the snapshot, the + machine will then be in Saved state and resume execution + from there when it is next started. Otherwise the machine + will be in Powered Off state and do a full boot. + </para> + </listitem> + + <listitem> + <para> + For each disk image attached to the machine, the + differencing image holding all the write operations since + the current snapshot was taken is thrown away, and the + original parent image is made active again. If you + restored the root snapshot, then this will be the root + disk image for each attachment. Otherwise, some other + differencing image descended from it. This effectively + restores the old machine state. + </para> + </listitem> + + </itemizedlist> + + <para> + If you later <emphasis>delete</emphasis> a snapshot in order + to free disk space, for each disk attachment, one of the + differencing images becomes obsolete. In this case, the + differencing image of the disk attachment cannot simply be + deleted. Instead, &product-name; needs to look at each sector + of the differencing image and needs to copy it back into its + parent. This is called "merging" images and can be a + potentially lengthy process, depending on how large the + differencing image is. It can also temporarily need a + considerable amount of extra disk space, before the + differencing image obsoleted by the merge operation is + deleted. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Immutable images.</emphasis> When an + image is switched to immutable mode, a differencing image is + created as well. As with snapshots, the parent image then + becomes read-only, and the differencing image receives all the + write operations. Every time the virtual machine is started, + all the immutable images which are attached to it have their + respective differencing image thrown away, effectively + resetting the virtual machine's virtual disk with every + restart. + </para> + </listitem> + + </itemizedlist> + + </sect1> + + <sect1 id="cloningvdis"> + + <title>Cloning Disk Images</title> + + <para> + You can duplicate hard disk image files on the same host to + quickly produce a second virtual machine with the same OS setup. + However, you should <emphasis>only</emphasis> make copies of + virtual disk images using the utility supplied with + &product-name;. See <xref linkend="vboxmanage-clonevdi" />. This + is because &product-name; assigns a UUID to each disk image, which + is also stored inside the image, and &product-name; will refuse to + work with two images that use the same number. If you do + accidentally try to reimport a disk image which you copied + normally, you can make a second copy using the <command>VBoxManage + clonevm</command> command and import that instead. + </para> + + <para> + Note that newer Linux distributions identify the boot hard disk + from the ID of the drive. The ID &product-name; reports for a + drive is determined from the UUID of the virtual disk image. So if + you clone a disk image and try to boot the copied image the guest + might not be able to determine its own boot disk as the UUID + changed. In this case you have to adapt the disk ID in your boot + loader script, for example + <computeroutput>/boot/grub/menu.lst</computeroutput>. The disk ID + looks like the following: + </para> + +<screen>scsi-SATA_VBOX_HARDDISK_VB5cfdb1e2-c251e503</screen> + + <para> + The ID for the copied image can be determined as follows: + </para> + +<screen>hdparm -i /dev/sda</screen> + + </sect1> + + <sect1 id="iocaching"> + + <title>Host Input/Output Caching</title> + + <para> + &product-name; can optionally disable the I/O caching that the + host OS would otherwise perform on disk image files. + </para> + + <para> + Traditionally, &product-name; has opened disk image files as + normal files, which results in them being cached by the host OS + like any other file. The main advantage of this is speed: when the + guest OS writes to disk and the host OS cache uses delayed + writing, the write operation can be reported as completed to the + guest OS quickly while the host OS can perform the operation + asynchronously. Also, when you start a VM a second time and have + enough memory available for the OS to use for caching, large parts + of the virtual disk may be in system memory, and the VM can access + the data much faster. + </para> + + <para> + Note that this applies only to image files. Buffering does not + occur for virtual disks residing on remote iSCSI storage, which is + the more common scenario in enterprise-class setups. See + <xref linkend="storage-iscsi" />. + </para> + + <para> + While buffering is a useful default setting for virtualizing a few + machines on a desktop computer, there are some disadvantages to + this approach: + </para> + + <itemizedlist> + + <listitem> + <para> + Delayed writing through the host OS cache is less secure. When + the guest OS writes data, it considers the data written even + though it has not yet arrived on a physical disk. If for some + reason the write does not happen, such as power failure or + host crash, the likelihood of data loss increases. + </para> + </listitem> + + <listitem> + <para> + Disk image files tend to be very large. Caching them can + therefore quickly use up the entire host OS cache. Depending + on the efficiency of the host OS caching, this may slow down + the host immensely, especially if several VMs run at the same + time. For example, on Linux hosts, host caching may result in + Linux delaying all writes until the host cache is nearly full + and then writing out all these changes at once, possibly + stalling VM execution for minutes. This can result in I/O + errors in the guest as I/O requests time out there. + </para> + </listitem> + + <listitem> + <para> + Physical memory is often wasted as guest OSes typically have + their own I/O caches, which may result in the data being + cached twice, in both the guest and the host caches, for + little effect. + </para> + </listitem> + + </itemizedlist> + + <para> + If you decide to disable host I/O caching for the above reasons, + &product-name; uses its own small cache to buffer writes, but no + read caching since this is typically already performed by the + guest OS. In addition, &product-name; fully supports asynchronous + I/O for its virtual SATA, SCSI, and SAS controllers through + multiple I/O threads. + </para> + + <para> + Since asynchronous I/O is not supported by IDE controllers, for + performance reasons, you may want to leave host caching enabled + for your VM's virtual IDE controllers. + </para> + + <para> + For this reason, &product-name; enables you to configure whether + the host I/O cache is used for each I/O controller separately. + Either select the <emphasis role="bold">Use Host I/O + Cache</emphasis> check box in the + <emphasis role="bold">Storage</emphasis> settings for a given + virtual storage controller, or use the following + <command>VBoxManage</command> command to disable the host I/O + cache for a virtual storage controller: + </para> + +<screen>VBoxManage storagectl "VM name" --name <controllername> --hostiocache off</screen> + + <para> + See <xref linkend="vboxmanage-storagectl" />. + </para> + + <para> + For the above reasons, &product-name; now uses SATA controllers by + default for new virtual machines. + </para> + + </sect1> + + <sect1 id="storage-bandwidth-limit"> + + <title>Limiting Bandwidth for Disk Images</title> + + <para> + &product-name; supports limiting of the maximum bandwidth used for + asynchronous I/O. Additionally it supports sharing limits through + bandwidth groups for several images. It is possible to have more + than one such limit. + </para> + + <para> + Limits are configured using <command>VBoxManage</command>. The + example below creates a bandwidth group named Limit, sets the + limit to 20 MB per second, and assigns the group to the attached + disks of the VM: + </para> + +<screen>VBoxManage bandwidthctl "VM name" add Limit --type disk --limit 20M +VBoxManage storageattach "VM name" --storagectl "SATA" --port 0 --device 0 --type hdd + --medium disk1.vdi --bandwidthgroup Limit +VBoxManage storageattach "VM name" --storagectl "SATA" --port 1 --device 0 --type hdd + --medium disk2.vdi --bandwidthgroup Limit</screen> + + <para> + All disks in a group share the bandwidth limit, meaning that in + the example above the bandwidth of both images combined can never + exceed 20 MBps. However, if one disk does not require bandwidth + the other can use the remaining bandwidth of its group. + </para> + + <para> + The limits for each group can be changed while the VM is running, + with changes being picked up immediately. The example below + changes the limit for the group created in the example above to 10 + MBps: + </para> + +<screen>VBoxManage bandwidthctl "VM name" set Limit --limit 10M</screen> + + </sect1> + + <sect1 id="storage-cds"> + + <title>CD/DVD Support</title> + + <para> + Virtual CD/DVD drives by default support only reading. The medium + configuration is changeable at runtime. You can select between the + following options to provide the medium data: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Host Drive</emphasis> defines that the + guest can read from the medium in the host drive. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Image file</emphasis> gives the guest + read-only access to the data in the image. This is typically + an ISO file. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Empty</emphasis> means a drive without + an inserted medium. + </para> + </listitem> + + </itemizedlist> + + <para> + Changing between the above, or changing a medium in the host drive + that is accessed by a machine, or changing an image file will + signal a medium change to the guest OS. The guest OS can then + react to the change, for example by starting an installation + program. + </para> + + <para> + Medium changes can be prevented by the guest, and &product-name; + reflects that by locking the host drive if appropriate. You can + force a medium removal in such situations by using the + &product-name; GUI or the <command>VBoxManage</command> command + line tool. Effectively this is the equivalent of the emergency + eject which many CD/DVD drives provide, with all associated side + effects. The guest OS can issue error messages, just like on real + hardware, and guest applications may misbehave. Use this with + caution. + </para> + + <note> + <para> + The identification string of the drive provided to the guest, + displayed by configuration tools such as the Windows Device + Manager, is always VBOX CD-ROM, irrespective of the current + configuration of the virtual drive. This is to prevent hardware + detection from being triggered in the guest OS every time the + configuration is changed. + </para> + </note> + + <para> + The standard CD/DVD emulation enables reading of standard data CD + and DVD formats only. As an experimental feature, for additional + capabilities, it is possible to give the guest direct access to + the CD/DVD host drive by enabling <emphasis>passthrough</emphasis> + mode. Depending on the host hardware, this may potentially enable + the following things to work: + </para> + + <itemizedlist> + + <listitem> + <para> + CD/DVD writing from within the guest, if the host DVD drive is + a CD/DVD writer + </para> + </listitem> + + <listitem> + <para> + Playing audio CDs + </para> + </listitem> + + <listitem> + <para> + Playing encrypted DVDs + </para> + </listitem> + + </itemizedlist> + + <para> + There is a <emphasis role="bold">Passthrough</emphasis> check box + in the GUI dialog for configuring the media attached to a storage + controller, or you can use the <option>--passthrough</option> + option with <command>VBoxManage storageattach</command>. See + <xref linkend="vboxmanage-storageattach" />. + </para> + + <para> + Even if passthrough is enabled, unsafe commands, such as updating + the drive firmware, will be blocked. Video CD formats are never + supported, not even in passthrough mode, and cannot be played from + a virtual machine. + </para> + + <para> + On Oracle Solaris hosts, passthrough requires running + &product-name; with real root permissions due to security measures + enforced by the host. + </para> + + </sect1> + + <sect1 id="storage-iscsi"> + + <title>iSCSI Servers</title> + + <para> + iSCSI stands for "Internet SCSI" and is a standard that supports + use of the SCSI protocol over Internet (TCP/IP) connections. + Especially with the advent of Gigabit Ethernet, it has become + affordable to attach iSCSI storage servers simply as remote hard + disks to a computer network. In iSCSI terminology, the server + providing storage resources is called an <emphasis>iSCSI + target</emphasis>, while the client connecting to the server and + accessing its resources is called an <emphasis>iSCSI + initiator</emphasis>. + </para> + + <para> + &product-name; can transparently present iSCSI remote storage to a + virtual machine as a virtual hard disk. The guest OS will not see + any difference between a virtual disk image (VDI file) and an + iSCSI target. To achieve this, &product-name; has an integrated + iSCSI initiator. + </para> + + <para> + &product-name;'s iSCSI support has been developed according to the + iSCSI standard and should work with all standard-conforming iSCSI + targets. To use an iSCSI target with &product-name;, you must use + the command line. See <xref linkend="vboxmanage-storageattach" />. + </para> + + </sect1> + + <sect1 id="vboximg-mount"> + + <title>vboximg-mount: A Utility for FUSE Mounting a Virtual Disk Image</title> + + <para> + <command>vboximg-mount</command> is a command line utility for Mac + OS X hosts that provides raw access to an &product-name; virtual + disk image on the host system. Use this utility to mount, view, + and optionally modify the disk image contents. + </para> + + <para> + The utility is based on Filesystem in Userspace (FUSE) technology + and uses the VirtualBox runtime engine. Ensure that &product-name; + is running on the host system. + </para> + + <note> + <para> + When using <command>vboximg-mount</command>, ensure that the + following conditions apply: + </para> + + <itemizedlist> + + <listitem> + <para> + The disk image is not being used by any other systems, such + as by guest VMs. + </para> + </listitem> + + <listitem> + <para> + No VMs are running on the host system. + </para> + </listitem> + + </itemizedlist> + </note> + + <para> + Raw access using FUSE is preferred over direct loopback mounting + of virtual disk images, because it is snapshot aware. It can + selectively merge disk differencing images in an exposed virtual + hard disk, providing historical or up-to-date representations of + the virtual disk contents. + </para> + + <para> + <command>vboximg-mount</command> enables you to view information + about registered VMs, their attached disk media, and any + snapshots. Also, you can view partition information for a disk + image. + </para> + + <para> + Use the <option>--help</option> option to view information about + the <command>vboximg-mount</command> command usage. + </para> + + <para> + When <command>vboximg-mount</command> mounts an &product-name; + disk image, it creates a one level deep file system at a mount + point that you specify. The file system includes a device node + that represents the synthesized disk image as a readable or + readable-writeable bytestream. This bytestream can be mounted + either by using the host OS or by using other FUSE-based file + systems. + </para> + + <sect2 id="vboximg-mount-display"> + + <title>Viewing Detailed Information About a Virtual Disk Image</title> + + <para> + The following examples show how to use the + <command>vboximg-mount</command> command to view information + about virtual disk images. + </para> + + <para> + The following command outputs detailed information about all + registered VMs and associated snapshots: + </para> + +<screen>$ vboximg-mount --list --verbose + + ------------------------------------------------------ + VM Name: "macOS High Sierra 10.13" + UUID: 3887d96d-831c-4187-a55a-567c504ff0e1 + Location: /Volumes/work/vm_guests/macOS High Sierra 10.13/macOS High Sierra 10.13.vbox + ----------------------- + HDD base: "macOS High Sierra 10.13.vdi" + UUID: f9ea7173-6869-4aa9-b487-68023a655980 + Location: /Volumes/work/vm_guests/macOS High Sierra 10.13/macOS High Sierra 10.13.vdi + + Diff 1: + UUID: 98c2bac9-cf37-443d-a935-4e879b70166d + Location: /Volumes/work/vm_guests/macOS High Sierra 10.13/ + Snapshots/{98c2bac9-cf37-443d-a935-4e879b70166d}.vdi + Diff 2: + UUID: f401f381-7377-40b3-948e-3c61241b1a42 + Location: /Volumes/work/vm_guests/macOS High Sierra 10.13/ + Snapshots/{f401f381-7377-40b3-948e-3c61241b1a42}.vdi + ----------------------- + HDD base: "simple_fixed_disk.vdi" + UUID: ffba4d7e-1277-489d-8173-22ca7660773d + Location: /Volumes/work/vm_guests/macOS High Sierra 10.13/simple_fixed_disk.vdi + + Diff 1: + UUID: aecab681-0d2d-468b-8682-93f79dc97a48 + Location: /Volumes/work/vm_guests/macOS High Sierra 10.13/ + Snapshots/{aecab681-0d2d-468b-8682-93f79dc97a48}.vdi + Diff 2: + UUID: 70d6b34d-8422-47fa-8521-3b6929a1971c + Location: /Volumes/work/vm_guests/macOS High Sierra 10.13/ + Snapshots/{70d6b34d-8422-47fa-8521-3b6929a1971c}.vdi + ------------------------------------------------------ + VM Name: "debian" + UUID: 5365ab5f-470d-44c0-9863-dad532ee5905 + Location: /Volumes/work/vm_guests/debian/debian.vbox + ----------------------- + HDD base: "debian.vdi" + UUID: 96d2e92e-0d4e-46ab-a0f1-008fdbf997e7 + Location: /Volumes/work/vm_guests/debian/ol7.vdi + + Diff 1: + UUID: f9cc866a-9166-42e9-a503-bbfe9b7312e8 + Location: /Volumes/work/vm_guests/debian/Snapshots/ + {f9cc866a-9166-42e9-a503-bbfe9b7312e8}.vdi</screen> + + <para> + The following command outputs partition information about the + specified disk image: + </para> + +<screen>$ vboximg-mount --image=f9ea7173-6869-4aa9-b487-68023a655980 --list + + Virtual disk image: + + Path: /Volumes/work/vm_guests/macOS High Sierra 10.13/macOS High Sierra 10.13.vdi + UUID: f9ea7173-6869-4aa9-b487-68023a655980 + + # Start Sectors Size Offset Type + 1 40 409599 199.9M 20480 EFI System + 2 409640 67453071 32.1G 209735680 Hierarchical File System Plus (HFS+) + 3 67862712 1269535 107.8M 34745708544 Apple Boot (Recovery HD)</screen> + + </sect2> + + <sect2 id="vboximg-mount-steps"> + + <title>Mounting a Virtual Disk Image</title> + + <para> + The following steps show how to use the + <command>vboximg-mount</command> command to mount a partition of + a virtual disk image on the host OS. + </para> + + <orderedlist> + + <listitem> + <para> + Create a mount point on the host OS. For example: + </para> + +<screen>$ mkdir macos_sysdisk</screen> + </listitem> + + <listitem> + <para> + Show partition information about the virtual disk image. + </para> + +<screen>$ vboximg-mount --image=<replaceable>uuid</replaceable> --list</screen> + + <para> + where <replaceable>uuid</replaceable> is the UUID of the + disk image. + </para> + </listitem> + + <listitem> + <para> + Use <command>vboximg-mount</command> to perform a FUSE mount + of a partition on the virtual disk image. For example: + </para> + +<screen>$ vboximg-mount --image=<replaceable>uuid</replaceable> -p 2 macos_sysdisk</screen> + + <para> + where <replaceable>uuid</replaceable> is the UUID for the + disk image. + </para> + + <para> + In this example, partition 2 is mounted on the + <computeroutput>macos_sysdisk</computeroutput> mount point. + The mount includes all snapshots for the disk image. + </para> + </listitem> + + <listitem> + <para> + Use the host OS to mount the + <computeroutput>vhdd</computeroutput> device node. The + FUSE-mounted device node represents the virtual disk image. + </para> + +<screen>$ ls macos_sysdisk + macOS High Sierra 10.13.vdi vhdd +$ sudo mount macos_sysdisk/vhdd /mnt</screen> + </listitem> + + </orderedlist> + + </sect2> + + </sect1> + +</chapter> diff --git a/doc/manual/en_US/user_Technical.xml b/doc/manual/en_US/user_Technical.xml new file mode 100644 index 00000000..f90b4cc8 --- /dev/null +++ b/doc/manual/en_US/user_Technical.xml @@ -0,0 +1,1362 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" +"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"[ +<!ENTITY % all.entities SYSTEM "all-entities.ent"> +%all.entities; +]> +<chapter id="TechnicalBackground"> + + <title>Technical Background</title> + + <para> + This chapter provides additional information for readers who are + familiar with computer architecture and technology and wish to find + out more about how &product-name; works <emphasis>under the + hood</emphasis>. The contents of this chapter are not required + reading in order to use &product-name; successfully. + </para> + + <sect1 id="vboxconfigdata"> + + <title>Where &product-name; Stores its Files</title> + + <para> + In &product-name;, a virtual machine and its settings are + described in a virtual machine settings file in XML format. In + addition, most virtual machine have one or more virtual hard + disks, which are typically represented by disk images, such as + those in VDI format. Where all these files are stored depends on + which version of &product-name; created the machine. + </para> + + <sect2 id="vboxconfigdata-post-version-four"> + + <title>Machines Created by &product-name; Version 4.0 or Later</title> + + <para> + By default, each virtual machine has one directory on your host + computer where all the files of that machine are stored: the XML + settings file, with a <computeroutput>.vbox</computeroutput> + file extension, and its disk images. + </para> + + <para> + By default, this <emphasis>machine folder</emphasis> is placed + in a common folder called <computeroutput>VirtualBox + VMs</computeroutput>, which &product-name; creates in the + current system user's home directory. The location of this home + directory depends on the conventions of the host operating + system, as follows: + </para> + + <itemizedlist> + + <listitem> + <para> + On Windows, this is the location returned by the + <computeroutput>SHGetFolderPath</computeroutput> function of + the Windows system library Shell32.dll, asking for the user + profile. On very old Windows versions which do not have this + function or where it unexpectedly returns an error, there is + a fallback based on environment variables. First, + <computeroutput>%USERPROFILE%</computeroutput> is checked. + If it does not exist then an attempt with + <computeroutput>%HOMEDRIVE%%HOMEPATH%</computeroutput> is + made. A typical location is + <computeroutput>C:\Users\username</computeroutput>. + </para> + </listitem> + + <listitem> + <para> + On Linux, Mac OS X, and Oracle Solaris, this is generally + taken from the environment variable + <computeroutput>$HOME</computeroutput>, except for the user + <computeroutput>root</computeroutput> where it is taken from + the account database. This is a workaround for the frequent + trouble caused by users using &product-name; in combination + with the tool <computeroutput>sudo</computeroutput> which by + default does not reset the environment variable + <computeroutput>$HOME</computeroutput>. A typical location + on Linux and Oracle Solaris is + <computeroutput>/home/username</computeroutput> and on Mac + OS X <computeroutput>/Users/username</computeroutput>. + </para> + </listitem> + + </itemizedlist> + + <para> + For simplicity, we will abbreviate the location of the home + directory as <computeroutput>$HOME</computeroutput>. Using that + convention, the common folder for all virtual machines is + <computeroutput>$HOME/VirtualBox VMs</computeroutput>. + </para> + + <para> + As an example, when you create a virtual machine called "Example + VM", &product-name; creates the following: + </para> + + <itemizedlist> + + <listitem> + <para> + A machine folder <computeroutput>$HOME/VirtualBox + VMs/Example VM/</computeroutput> + </para> + </listitem> + + <listitem> + <para> + In the machine folder, a settings file: + <computeroutput>Example VM.vbox</computeroutput> + </para> + </listitem> + + <listitem> + <para> + In the machine folder, a virtual disk image: + <computeroutput>Example VM.vdi</computeroutput>. + </para> + </listitem> + + </itemizedlist> + + <para> + This is the default layout if you use the + <emphasis role="bold">Create New Virtual Machine</emphasis> + wizard described in <xref linkend="gui-createvm" />. Once you + start working with the VM, additional files are added. Log files + are in a subfolder called <computeroutput>Logs</computeroutput>, + and if you have taken snapshots, they are in a + <computeroutput>Snapshots</computeroutput> subfolder. For each + VM, you can change the location of its snapshots folder in the + VM settings. + </para> + + <para> + You can change the default machine folder by selecting + <emphasis role="bold">Preferences</emphasis> from the + <emphasis role="bold">File</emphasis> menu in the &product-name; + main window. Then, in the displayed window, click on the + <emphasis role="bold">General</emphasis> tab. Alternatively, use + <command>VBoxManage setproperty machinefolder</command>. See + <xref linkend="vboxmanage-setproperty" />. + </para> + + </sect2> + + <sect2 id="vboxconfigdata-pre-version-four"> + + <title>Machines Created by &product-name; Versions Before 4.0</title> + + <para> + If you have upgraded to &product-name; 4.0 from an earlier + version of &product-name;, you probably have settings files and + disks in the earlier file system layout. + </para> + + <para> + Before version 4.0, &product-name; separated the machine + settings files from virtual disk images. The machine settings + files had an <computeroutput>.xml</computeroutput> file + extension and resided in a folder called + <computeroutput>Machines</computeroutput> under the global + &product-name; configuration directory. See + <xref linkend="vboxconfigdata-global"/>. On Linux, for example, + this was the hidden directory + <computeroutput>$HOME/.VirtualBox/Machines</computeroutput>. The + default hard disks folder was called + <computeroutput>HardDisks</computeroutput> and was also located + in the <computeroutput>.VirtualBox</computeroutput> folder. Both + locations could be changed by the user in the global + preferences. The concept of a default hard disk folder was + abandoned with &product-name; 4.0, since disk images now reside + in each machine's folder by default. + </para> + + <para> + The old layout had the following severe disadvantages: + </para> + + <itemizedlist> + + <listitem> + <para> + It was very difficult to move a virtual machine from one + host to another because the files involved did not reside in + the same folder. In addition, the virtual media of all + machines were registered with a global registry in the + central &product-name; settings file, + <computeroutput>$HOME/.VirtualBox/VirtualBox.xml</computeroutput>. + </para> + + <para> + To move a machine to another host, it was therefore not + enough to move the XML settings file and the disk images, + which were in different locations, but the hard disk entries + from the global media registry XML had to be meticulously + copied as well. This was close to impossible if the machine + had snapshots and therefore differencing images. + </para> + </listitem> + + <listitem> + <para> + Storing virtual disk images, which can grow very large, + under the hidden + <computeroutput>.VirtualBox</computeroutput> directory, at + least on Linux and Oracle Solaris hosts, made many users + wonder where their disk space had gone. + </para> + </listitem> + + </itemizedlist> + + <para> + Whereas new VMs created with &product-name; 4.0 or later will + conform to the new layout, for maximum compatibility, old VMs + are <emphasis>not</emphasis> converted to the new layout. + Otherwise machine settings would be irrevocably broken if a user + downgraded from 4.0 back to an older version of &product-name;. + </para> + + </sect2> + + <sect2 id="vboxconfigdata-global"> + + <title>Global Configuration Data</title> + + <para> + In addition to the files of the virtual machines, &product-name; + maintains global configuration data in the following directory: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Linux and Oracle Solaris:</emphasis> + <computeroutput>$HOME/.config/VirtualBox</computeroutput>. + </para> + + <para> + <computeroutput>$HOME/.VirtualBox</computeroutput> is used + if it exists, for compatibility with legacy versions before + &product-name; 4.3. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Windows:</emphasis> + <computeroutput>$HOME/.VirtualBox</computeroutput>. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Mac OS X:</emphasis> + <computeroutput>$HOME/Library/VirtualBox</computeroutput>. + </para> + </listitem> + + </itemizedlist> + + <para> + &product-name; creates this configuration directory + automatically, if necessary. Optionally, you can specify an + alternate configuration directory by setting the + <computeroutput>VBOX_USER_HOME</computeroutput> environment + variable, or additionally on Linux or Oracle Solaris by using + the standard <computeroutput>XDG_CONFIG_HOME</computeroutput> + variable. Since the global + <computeroutput>VirtualBox.xml</computeroutput> settings file + points to all other configuration files, this enables switching + between several &product-name; configurations. + </para> + + <para> + Most importantly, in this directory, &product-name; stores its + global settings file, another XML file called + <computeroutput>VirtualBox.xml</computeroutput>. This includes + global configuration options and the list of registered virtual + machines with pointers to their XML settings files. Neither the + location of this file nor its directory has changed with + &product-name; 4.0. + </para> + + <para> + Before &product-name; 4.0, all virtual media, such as disk image + files, were also contained in a global registry in this settings + file. For compatibility, this media registry still exists if you + upgrade &product-name; and there are media from machines which + were created with a version before 4.0. If you have no such + machines, then there will be no global media registry. With + &product-name; 4.0, each machine XML file has its own media + registry. + </para> + + <para> + Also before &product-name; 4.0, the default + <computeroutput>Machines</computeroutput> folder and the default + <computeroutput>HardDisks</computeroutput> folder resided under + the &product-name; configuration directory, such as + <computeroutput>$HOME/.VirtualBox/Machines</computeroutput> on + Linux. If you are upgrading from an &product-name; version + before 4.0, files in these directories are not automatically + moved in order not to break backwards compatibility. + </para> + + </sect2> + + <sect2 id="vboxconfigdata-summary-version-four"> + + <title>Summary of 4.0 Configuration Changes</title> + + <para> + The following table gives a brief overview of the configuration + changes between legacy versions and version 4.0 or later. + </para> + + <table id="table-version4-config-changes" tabstyle="oracle-all"> + <title>Configuration Changes in Version 4.0 or Above</title> + <tgroup cols="3"> + <thead> + <row> + <entry><para> + <emphasis role="bold">Setting</emphasis> + </para></entry> + <entry><para> + <emphasis role="bold">Before 4.0</emphasis> + </para></entry> + <entry><para> + <emphasis role="bold">4.0 or above</emphasis> + </para></entry> + </row> + </thead> + <tbody> + <row> + <entry><para> + Default machines folder + </para></entry> + <entry><para> + <computeroutput>$HOME/.VirtualBox/Machines</computeroutput> + </para></entry> + <entry><para> + <computeroutput>$HOME/VirtualBox VMs</computeroutput> + </para></entry> + </row> + <row> + <entry><para> + Default disk image location + </para></entry> + <entry><para> + <computeroutput>$HOME/.VirtualBox/HardDisks</computeroutput> + </para></entry> + <entry><para> + In each machine's folder + </para></entry> + </row> + <row> + <entry><para> + Machine settings file extension + </para></entry> + <entry><para> + <computeroutput>.xml</computeroutput> + </para></entry> + <entry><para> + <computeroutput>.vbox</computeroutput> + </para></entry> + </row> + <row> + <entry><para> + Media registry + </para></entry> + <entry><para> + Global <computeroutput>VirtualBox.xml</computeroutput> + file + </para></entry> + <entry><para> + Each machine settings file + </para></entry> + </row> + <row> + <entry><para> + Media registration + </para></entry> + <entry><para> + Explicit open/close required + </para></entry> + <entry><para> + Automatic on attach + </para></entry> + </row> + </tbody> + </tgroup> + </table> + + </sect2> + + <sect2 id="vboxconfigdata-XML-files"> + + <title>&product-name; XML Files</title> + + <para> + &product-name; uses XML for both the machine settings files and + the global configuration file, + <computeroutput>VirtualBox.xml</computeroutput>. + </para> + + <para> + All &product-name; XML files are versioned. When a new settings + file is created, for example because a new virtual machine is + created, &product-name; automatically uses the settings format + of the current &product-name; version. These files may not be + readable if you downgrade to an earlier version of + &product-name;. However, when &product-name; encounters a + settings file from an earlier version, such as after upgrading + &product-name;, it attempts to preserve the settings format as + much as possible. It will only silently upgrade the settings + format if the current settings cannot be expressed in the old + format, for example because you enabled a feature that was not + present in an earlier version of &product-name;. + </para> + + <para> + As an example, before &product-name; 3.1, it was only possible + to enable or disable a single DVD drive in a virtual machine. If + it was enabled, then it would always be visible as the secondary + master of the IDE controller. With &product-name; 3.1, DVD + drives can be attached to arbitrary slots of arbitrary + controllers, so they could be the secondary slave of an IDE + controller or in a SATA slot. If you have a machine settings + file from an earlier version and upgrade &product-name; to 3.1 + and then move the DVD drive from its default position, this + cannot be expressed in the old settings format; the XML machine + file would get written in the new format, and a backup file of + the old format would be kept. + </para> + + <para> + In such cases, &product-name; backs up the old settings file in + the virtual machine's configuration directory. If you need to go + back to the earlier version of &product-name;, then you will + need to manually copy these backup files back. + </para> + + <para> + We intentionally do not document the specifications of the + &product-name; XML files, as we must reserve the right to modify + them in the future. We therefore strongly suggest that you do + not edit these files manually. &product-name; provides complete + access to its configuration data through its the + <command>VBoxManage</command> command line tool, see + <xref linkend="vboxmanage" /> and its API, see + <xref linkend="VirtualBoxAPI" />. + </para> + + </sect2> + + </sect1> + + <sect1 id="technical-components"> + + <title>&product-name; Executables and Components</title> + + <para> + &product-name; was designed to be modular and flexible. When the + &product-name; graphical user interface (GUI) is opened and a VM + is started, at least the following three processes are running: + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>VBoxSVC</computeroutput>, the &product-name; + service process which always runs in the background. This + process is started automatically by the first &product-name; + client process and exits a short time after the last client + exits. The first &product-name; service can be the GUI, + <computeroutput>VBoxManage</computeroutput>, + <computeroutput>VBoxHeadless</computeroutput>, the web service + amongst others. The service is responsible for bookkeeping, + maintaining the state of all VMs, and for providing + communication between &product-name; components. This + communication is implemented using COM/XPCOM. + </para> + + <note> + <para> + When we refer to <emphasis>clients</emphasis> here, we mean + the local clients of a particular + <computeroutput>VBoxSVC</computeroutput> server process, not + clients in a network. &product-name; employs its own + client/server design to allow its processes to cooperate, + but all these processes run under the same user account on + the host operating system, and this is totally transparent + to the user. + </para> + </note> + </listitem> + + <listitem> + <para> + The GUI process, + <computeroutput>VirtualBoxVM</computeroutput>, a client + application based on the cross-platform Qt library. When + started without the <computeroutput>--startvm</computeroutput> + option, this application acts as the VirtualBox Manager, + displaying the VMs and their settings. It then communicates + settings and state changes to + <computeroutput>VBoxSVC</computeroutput> and also reflects + changes effected through other means, such as the + <command>VBoxManage</command> command. + </para> + </listitem> + + <listitem> + <para> + If the <computeroutput>VirtualBoxVM</computeroutput> client + application is started with the + <computeroutput>--startvm</computeroutput> argument, it loads + the VMM library which includes the actual hypervisor and then + runs a virtual machine and provides the input and output for + the guest. + </para> + </listitem> + + </itemizedlist> + + <para> + Any &product-name; front-end, or client, will communicate with the + service process and can both control and reflect the current + state. For example, either the VM selector or the VM window or + VBoxManage can be used to pause the running VM, and other + components will always reflect the changed state. + </para> + + <para> + The &product-name; GUI application is only one of several + available front ends, or clients. The complete list shipped with + &product-name; is as follows: + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>VirtualBoxVM</computeroutput>: The Qt front + end implementing the VirtualBox Manager and running VMs. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>VBoxManage</computeroutput>: A less + user-friendly but more powerful alternative. See + <xref linkend="vboxmanage" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>VBoxHeadless</computeroutput>: A VM front end + which does not directly provide any video output and keyboard + or mouse input, but enables redirection through the VirtualBox + Remote Desktop Extension. See <xref linkend="vboxheadless" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>vboxwebsrv</computeroutput>: The + &product-name; web service process which enables control of an + &product-name; host remotely. This is described in detail in + the &product-name; Software Development Kit (SDK) reference. + See <xref linkend="VirtualBoxAPI" />. + </para> + </listitem> + + <listitem> + <para> + The &product-name; Python shell: A Python alternative to + <computeroutput>VBoxManage</computeroutput>. This is also + described in the SDK reference. + </para> + </listitem> + + </itemizedlist> + + <para> + Internally, &product-name; consists of many more or less separate + components. You may encounter these when analyzing &product-name; + internal error messages or log files. These include the following: + </para> + + <itemizedlist> + + <listitem> + <para> + IPRT: A portable runtime library which abstracts file access, + threading, and string manipulation. Whenever &product-name; + accesses host operating features, it does so through this + library for cross-platform portability. + </para> + </listitem> + + <listitem> + <para> + VMM (Virtual Machine Monitor): The heart of the hypervisor. + </para> + </listitem> + + <listitem> + <para> + EM (Execution Manager): Controls execution of guest code. + </para> + </listitem> + + <listitem> + <para> + REM (Recompiled Execution Monitor): Provides software + emulation of CPU instructions. + </para> + </listitem> + + <listitem> + <para> + TRPM (Trap Manager): Intercepts and processes guest traps and + exceptions. + </para> + </listitem> + + <listitem> + <para> + HM (Hardware Acceleration Manager): Provides support for VT-x + and AMD-V. + </para> + </listitem> + + <listitem> + <para> + GIM (Guest Interface Manager): Provides support for various + paravirtualization interfaces to the guest. + </para> + </listitem> + + <listitem> + <para> + PDM (Pluggable Device Manager): An abstract interface between + the VMM and emulated devices which separates device + implementations from VMM internals and makes it easy to add + new emulated devices. Through PDM, third-party developers can + add new virtual devices to &product-name; without having to + change &product-name; itself. + </para> + </listitem> + + <listitem> + <para> + PGM (Page Manager): A component that controls guest paging. + </para> + </listitem> + + <listitem> + <para> + PATM (Patch Manager): Patches guest code to improve and speed + up software virtualization. + </para> + </listitem> + + <listitem> + <para> + TM (Time Manager): Handles timers and all aspects of time + inside guests. + </para> + </listitem> + + <listitem> + <para> + CFGM (Configuration Manager): Provides a tree structure which + holds configuration settings for the VM and all emulated + devices. + </para> + </listitem> + + <listitem> + <para> + SSM (Saved State Manager): Saves and loads VM state. + </para> + </listitem> + + <listitem> + <para> + VUSB (Virtual USB): A USB layer which separates emulated USB + controllers from the controllers on the host and from USB + devices. This component also enables remote USB. + </para> + </listitem> + + <listitem> + <para> + DBGF (Debug Facility): A built-in VM debugger. + </para> + </listitem> + + <listitem> + <para> + &product-name; emulates a number of devices to provide the + hardware environment that various guests need. Most of these + are standard devices found in many PC compatible machines and + widely supported by guest operating systems. For network and + storage devices in particular, there are several options for + the emulated devices to access the underlying hardware. These + devices are managed by PDM. + </para> + </listitem> + + <listitem> + <para> + Guest Additions for various guest operating systems. This is + code that is installed from within a virtual machine. See + <xref linkend="guestadditions" />. + </para> + </listitem> + + <listitem> + <para> + The "Main" component is special. It ties all the above bits + together and is the only public API that &product-name; + provides. All the client processes listed above use only this + API and never access the hypervisor components directly. As a + result, third-party applications that use the &product-name; + Main API can rely on the fact that it is always well-tested + and that all capabilities of &product-name; are fully exposed. + It is this API that is described in the &product-name; SDK. + See <xref linkend="VirtualBoxAPI" />. + </para> + </listitem> + + </itemizedlist> + + </sect1> + + <sect1 id="hwvirt"> + + <title>Hardware vs. Software Virtualization</title> + + <para> + &product-name; enables software in the virtual machine to run + directly on the processor of the host, but an array of complex + techniques is employed to intercept operations that would + interfere with your host. Whenever the guest attempts to do + something that could be harmful to your computer and its data, + &product-name; steps in and takes action. In particular, for lots + of hardware that the guest believes to be accessing, + &product-name; simulates a certain "virtual" environment according + to how you have configured a virtual machine. For example, when + the guest attempts to access a hard disk, &product-name; redirects + these requests to whatever you have configured to be the virtual + machine's virtual hard disk. This is normally an image file on + your host. + </para> + + <para> + Unfortunately, the x86 platform was never designed to be + virtualized. Detecting situations in which &product-name; needs to + take control over the guest code that is executing, as described + above, is difficult. There are two ways in which to achieve this: + </para> + + <itemizedlist> + + <listitem> + <para> + Since 2006, Intel and AMD processors have had support for + so-called <emphasis>hardware virtualization</emphasis>. This + means that these processors can help &product-name; to + intercept potentially dangerous operations that a guest + operating system may be attempting and also makes it easier to + present virtual hardware to a virtual machine. + </para> + + <para> + These hardware features differ between Intel and AMD + processors. Intel named its technology >VT-x. AMD calls theirs + AMD-V. The Intel and AMD support for virtualization is very + different in detail, but not very different in principle. + </para> + + <note> + <para> + On many systems, the hardware virtualization features first + need to be enabled in the BIOS before &product-name; can use + them. + </para> + </note> + </listitem> + + <listitem> + <para> + As opposed to other virtualization software, for many usage + scenarios, &product-name; does not + <emphasis>require</emphasis> hardware virtualization features + to be present. Through sophisticated techniques, + &product-name; virtualizes many guest operating systems + entirely in <emphasis>software</emphasis>. This means that you + can run virtual machines even on older processors which do not + support hardware virtualization. + </para> + </listitem> + + </itemizedlist> + + <para> + Even though &product-name; does not always require hardware + virtualization, enabling it is <emphasis>required</emphasis> in + the following scenarios: + </para> + + <itemizedlist> + + <listitem> + <para> + Certain rare guest operating systems like OS/2 make use of + very esoteric processor instructions that are not supported + with our software virtualization. For virtual machines that + are configured to contain such an operating system, hardware + virtualization is enabled automatically. + </para> + </listitem> + + <listitem> + <para> + &product-name;'s 64-bit guest support, added with version 2.0, + and multiprocessing (SMP), added with version 3.0, both + require hardware virtualization to be enabled. This is not + much of a limitation since the vast majority of today's 64-bit + and multicore CPUs ship with hardware virtualization anyway. + The exceptions to this rule are older Intel Celeron and AMD + Opteron CPUs, for example. + </para> + </listitem> + + </itemizedlist> + + <warning> + <para> + Do not run other hypervisors, either open source or commercial + virtualization products, together with &product-name;. While + several hypervisors can normally be + <emphasis>installed</emphasis> in parallel, do not attempt to + <emphasis>run</emphasis> several virtual machines from competing + hypervisors at the same time. &product-name; cannot track what + another hypervisor is currently attempting to do on the same + host, and especially if several products attempt to use hardware + virtualization features such as VT-x, this can crash the entire + host. Also, within &product-name;, you can mix software and + hardware virtualization when running multiple VMs. In certain + cases a small performance penalty will be unavoidable when + mixing VT-x and software virtualization VMs. We recommend not + mixing virtualization modes if maximum performance and low + overhead are essential. This does <emphasis>not</emphasis> apply + to AMD-V. + </para> + </warning> + + </sect1> + + <sect1 id="gimproviders"> + + <title>Paravirtualization Providers</title> + + <para> + &product-name; enables the exposure of a paravirtualization + interface, to facilitate accurate and efficient execution of + software within a virtual machine. These interfaces require the + guest operating system to recognize their presence and make use of + them in order to leverage the benefits of communicating with the + &product-name; hypervisor. + </para> + + <para> + Most modern mainstream guest operating systems, including Windows + and Linux, ship with support for one or more paravirtualization + interfaces. Hence, there is typically no need to install + additional software in the guest to take advantage of this + feature. + </para> + + <para> + Exposing a paravirtualization provider to the guest operating + system does not rely on the choice of host platforms. For example, + the <emphasis>Hyper-V</emphasis> paravirtualization provider can + be used for VMs to run on any host platform supported by + &product-name; and not just Windows. + </para> + + <para> + &product-name; provides the following interfaces: + </para> + + <itemizedlist> + + <listitem> + <para> + <emphasis role="bold">Minimal</emphasis>: Announces the + presence of a virtualized environment. Additionally, reports + the TSC and APIC frequency to the guest operating system. This + provider is mandatory for running any Mac OS X guests. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">KVM</emphasis>: Presents a Linux KVM + hypervisor interface which is recognized by Linux kernels + version 2.6.25 or later. &product-name;'s implementation + currently supports paravirtualized clocks and SMP spinlocks. + This provider is recommended for Linux guests. + </para> + </listitem> + + <listitem> + <para> + <emphasis role="bold">Hyper-V</emphasis>: Presents a Microsoft + Hyper-V hypervisor interface which is recognized by Windows 7 + and newer operating systems. &product-name;'s implementation + currently supports paravirtualized clocks, APIC frequency + reporting, guest debugging, guest crash reporting and relaxed + timer checks. This provider is recommended for Windows guests. + </para> + </listitem> + + </itemizedlist> + + </sect1> + + <sect1 id="swvirt-details"> + + <title>Details About Software Virtualization</title> + + <para> + Implementing virtualization on x86 CPUs with no hardware + virtualization support is an extraordinarily complex task because + the CPU architecture was not designed to be virtualized. The + problems can usually be solved, but at the cost of reduced + performance. Thus, there is a constant clash between + virtualization performance and accuracy. + </para> + + <para> + The x86 instruction set was originally designed in the 1970s and + underwent significant changes with the addition of protected mode + in the 1980s with the 286 CPU architecture and then again with the + Intel 386 and its 32-bit architecture. Whereas the 386 did have + limited virtualization support for real mode operation with V86 + mode, as used by the "DOS Box" of Windows 3.x and OS/2 2.x, no + support was provided for virtualizing the entire architecture. + </para> + + <para> + In theory, software virtualization is not overly complex. There + are four privilege levels, called <emphasis>rings</emphasis>, + provided by the hardware. Typically only two rings are used: ring + 0 for kernel mode and ring 3 for user mode. Additionally, one + needs to differentiate between <emphasis>host context</emphasis> + and <emphasis>guest context</emphasis>. + </para> + + <para> + In host context, everything is as if no hypervisor was active. + This might be the active mode if another application on your host + has been scheduled CPU time. In that case, there is a host ring 3 + mode and a host ring 0 mode. The hypervisor is not involved. + </para> + + <para> + In guest context, however, a virtual machine is active. So long as + the guest code is running in ring 3, this is not much of a problem + since a hypervisor can set up the page tables properly and run + that code natively on the processor. The problems mostly lie in + how to intercept what the guest's kernel does. + </para> + + <para> + There are several possible solutions to these problems. One + approach is full software emulation, usually involving + recompilation. That is, all code to be run by the guest is + analyzed, transformed into a form which will not allow the guest + to either modify or see the true state of the CPU, and only then + executed. This process is obviously highly complex and costly in + terms of performance. &product-name; contains a recompiler based + on QEMU which can be used for pure software emulation, but the + recompiler is only activated in special situations, described + below. + </para> + + <para> + Another possible solution is paravirtualization, in which only + specially modified guest OSes are allowed to run. This way, most + of the hardware access is abstracted and any functions which would + normally access the hardware or privileged CPU state are passed on + to the hypervisor instead. Paravirtualization can achieve good + functionality and performance on standard x86 CPUs, but it can + only work if the guest OS can actually be modified, which is + obviously not always the case. + </para> + + <para> + &product-name; chooses a different approach. When starting a + virtual machine, through its ring-0 support kernel driver, + &product-name; has set up the host system so that it can run most + of the guest code natively, but it has inserted itself at the + "bottom" of the picture. It can then assume control when needed. + If a privileged instruction is executed, the guest traps, in + particular because an I/O register was accessed and a device needs + to be virtualized, or external interrupts occur. &product-name; + may then handle this and either route a request to a virtual + device or possibly delegate handling such things to the guest or + host OS. In guest context, &product-name; can therefore be in one + of three states: + </para> + + <itemizedlist> + + <listitem> + <para> + Guest ring 3 code is run unmodified, at full speed, as much as + possible. The number of faults will generally be low, unless + the guest allows port I/O from ring 3. This is something we + cannot do as we do not want the guest to be able to access + real ports. This is also referred to as <emphasis>raw + mode</emphasis>, as the guest ring-3 code runs unmodified. + </para> + </listitem> + + <listitem> + <para> + For guest code in ring 0, &product-name; employs a clever + trick. It actually reconfigures the guest so that its ring-0 + code is run in ring 1 instead, which is normally not used in + x86 operating systems). As a result, when guest ring-0 code, + actually running n ring 1, such as a guest device driver + attempts to write to an I/O register or execute a privileged + instruction, the &product-name; hypervisor in the "real" ring + 0 can take over. + </para> + </listitem> + + <listitem> + <para> + The hypervisor (VMM) can be active. Every time a fault occurs, + &product-name; looks at the offending instruction and can + relegate it to a virtual device or the host OS or the guest OS + or run it in the recompiler. + </para> + + <para> + In particular, the recompiler is used when guest code disables + interrupts and &product-name; cannot figure out when they will + be switched back on. In these situations, &product-name; + actually analyzes the guest code using its own disassembler. + Also, certain privileged instructions such as LIDT need to be + handled specially. Finally, any real-mode or protected-mode + code, such as BIOS code, a DOS guest, or any operating system + startup, is run in the recompiler entirely. + </para> + </listitem> + + </itemizedlist> + + <para> + Unfortunately this only works to a degree. Among others, the + following situations require special handling: + </para> + + <itemizedlist> + + <listitem> + <para> + Running ring 0 code in ring 1 causes a lot of additional + instruction faults, as ring 1 is not allowed to execute any + privileged instructions, of which guest's ring-0 contains + plenty. With each of these faults, the VMM must step in and + emulate the code to achieve the desired behavior. While this + works, emulating thousands of these faults is very expensive + and severely hurts the performance of the virtualized guest. + </para> + </listitem> + + <listitem> + <para> + There are certain flaws in the implementation of ring 1 in the + x86 architecture that were never fixed. Certain instructions + that <emphasis>should</emphasis> trap in ring 1 do not. This + affects, for example, the LGDT/SGDT, LIDT/SIDT, or POPF/PUSHF + instruction pairs. Whereas the "load" operation is privileged + and can therefore be trapped, the "store" instruction always + succeed. If the guest is allowed to execute these, it will see + the true state of the CPU, not the virtualized state. The + CPUID instruction also has the same problem. + </para> + </listitem> + + <listitem> + <para> + A hypervisor typically needs to reserve some portion of the + guest's address space, both linear address space and + selectors, for its own use. This is not entirely transparent + to the guest OS and may cause clashes. + </para> + </listitem> + + <listitem> + <para> + The SYSENTER instruction, used for system calls, executed by + an application running in a guest OS always transitions to + ring 0. But that is where the hypervisor runs, not the guest + OS. In this case, the hypervisor must trap and emulate the + instruction even when it is not desirable. + </para> + </listitem> + + <listitem> + <para> + The CPU segment registers contain a "hidden" descriptor cache + which is not software-accessible. The hypervisor cannot read, + save, or restore this state, but the guest OS may use it. + </para> + </listitem> + + <listitem> + <para> + Some resources must, and can, be trapped by the hypervisor, + but the access is so frequent that this creates a significant + performance overhead. An example is the TPR (Task Priority) + register in 32-bit mode. Accesses to this register must be + trapped by the hypervisor. But certain guest operating + systems, notably Windows and Oracle Solaris, write this + register very often, which adversely affects virtualization + performance. + </para> + </listitem> + + </itemizedlist> + + <para> + To fix these performance and security issues, &product-name; + contains a Code Scanning and Analysis Manager (CSAM), which + disassembles guest code, and the Patch Manager (PATM), which can + replace it at runtime. + </para> + + <para> + Before executing ring 0 code, CSAM scans it recursively to + discover problematic instructions. PATM then performs + <emphasis>in-situ </emphasis>patching. It replaces the instruction + with a jump to hypervisor memory where an integrated code + generator has placed a more suitable implementation. In reality, + this is a very complex task as there are lots of odd situations to + be discovered and handled correctly. So, with its current + complexity, one could argue that PATM is an advanced + <emphasis>in-situ</emphasis> recompiler. + </para> + + <para> + In addition, every time a fault occurs, &product-name; analyzes + the offending code to determine if it is possible to patch it in + order to prevent it from causing more faults in the future. This + approach works well in practice and dramatically improves software + virtualization performance. + </para> + + </sect1> + + <sect1 id="hwvirt-details"> + + <title>Details About Hardware Virtualization</title> + + <para> + With Intel VT-x, there are two distinct modes of CPU operation: + VMX root mode and non-root mode. + </para> + + <itemizedlist> + + <listitem> + <para> + In root mode, the CPU operates much like older generations of + processors without VT-x support. There are four privilege + levels, called rings, and the same instruction set is + supported, with the addition of several virtualization + specific instruction. Root mode is what a host operating + system without virtualization uses, and it is also used by a + hypervisor when virtualization is active. + </para> + </listitem> + + <listitem> + <para> + In non-root mode, CPU operation is significantly different. + There are still four privilege rings and the same instruction + set, but a new structure called VMCS (Virtual Machine Control + Structure) now controls the CPU operation and determines how + certain instructions behave. Non-root mode is where guest + systems run. + </para> + </listitem> + + </itemizedlist> + + <para> + Switching from root mode to non-root mode is called "VM entry", + the switch back is "VM exit". The VMCS includes a guest and host + state area which is saved/restored at VM entry and exit. Most + importantly, the VMCS controls which guest operations will cause + VM exits. + </para> + + <para> + The VMCS provides fairly fine-grained control over what the guests + can and cannot do. For example, a hypervisor can allow a guest to + write certain bits in shadowed control registers, but not others. + This enables efficient virtualization in cases where guests can be + allowed to write control bits without disrupting the hypervisor, + while preventing them from altering control bits over which the + hypervisor needs to retain full control. The VMCS also provides + control over interrupt delivery and exceptions. + </para> + + <para> + Whenever an instruction or event causes a VM exit, the VMCS + contains information about the exit reason, often with + accompanying detail. For example, if a write to the CR0 register + causes an exit, the offending instruction is recorded, along with + the fact that a write access to a control register caused the + exit, and information about source and destination register. Thus + the hypervisor can efficiently handle the condition without + needing advanced techniques such as CSAM and PATM described above. + </para> + + <para> + VT-x inherently avoids several of the problems which software + virtualization faces. The guest has its own completely separate + address space not shared with the hypervisor, which eliminates + potential clashes. Additionally, guest OS kernel code runs at + privilege ring 0 in VMX non-root mode, obviating the problems by + running ring 0 code at less privileged levels. For example the + SYSENTER instruction can transition to ring 0 without causing + problems. Naturally, even at ring 0 in VMX non-root mode, any I/O + access by guest code still causes a VM exit, allowing for device + emulation. + </para> + + <para> + The biggest difference between VT-x and AMD-V is that AMD-V + provides a more complete virtualization environment. VT-x requires + the VMX non-root code to run with paging enabled, which precludes + hardware virtualization of real-mode code and non-paged + protected-mode software. This typically only includes firmware and + OS loaders, but nevertheless complicates VT-x hypervisor + implementation. AMD-V does not have this restriction. + </para> + + <para> + Of course hardware virtualization is not perfect. Compared to + software virtualization, the overhead of VM exits is relatively + high. This causes problems for devices whose emulation requires + high number of traps. One example is the VGA device in 16-color + modes, where not only every I/O port access but also every access + to the framebuffer memory must be trapped. + </para> + + </sect1> + + <sect1 id="nestedpaging"> + + <title>Nested Paging and VPIDs</title> + + <para> + In addition to normal hardware virtualization, your processor may + also support the following additional sophisticated techniques: + </para> + + <itemizedlist> + + <listitem> + <para> + Nested paging implements some memory management in hardware, + which can greatly accelerate hardware virtualization since + these tasks no longer need to be performed by the + virtualization software. + </para> + + <para> + With nested paging, the hardware provides another level of + indirection when translating linear to physical addresses. + Page tables function as before, but linear addresses are now + translated to "guest physical" addresses first and not + physical addresses directly. A new set of paging registers now + exists under the traditional paging mechanism and translates + from guest physical addresses to host physical addresses, + which are used to access memory. + </para> + + <para> + Nested paging eliminates the overhead caused by VM exits and + page table accesses. In essence, with nested page tables the + guest can handle paging without intervention from the + hypervisor. Nested paging thus significantly improves + virtualization performance. + </para> + + <para> + On AMD processors, nested paging has been available starting + with the Barcelona (K10) architecture. They now call it rapid + virtualization indexing (RVI). Intel added support for nested + paging, which they call extended page tables (EPT), with their + Core i7 (Nehalem) processors. + </para> + + <para> + If nested paging is enabled, the &product-name; hypervisor can + also use <emphasis>large pages</emphasis> to reduce TLB usage + and overhead. This can yield a performance improvement of up + to 5%. To enable this feature for a VM, you use the + <computeroutput>VBoxManage modifyvm + --largepages</computeroutput> command. See + <xref linkend="vboxmanage-modifyvm" />. + </para> + + <para> + If you have an Intel CPU with EPT, please consult + <xref linkend="sec-rec-cve-2018-3646" /> for security concerns + regarding EPT. + </para> + </listitem> + + <listitem> + <para> + On Intel CPUs, a hardware feature called Virtual Processor + Identifiers (VPIDs) can greatly accelerate context switching + by reducing the need for expensive flushing of the processor's + Translation Lookaside Buffers (TLBs). + </para> + + <para> + To enable these features for a VM, you use the + <computeroutput>VBoxManage modifyvm --vtxvpid</computeroutput> + and <computeroutput>--largepages</computeroutput> commands. + See <xref linkend="vboxmanage-modifyvm" />. + </para> + </listitem> + + </itemizedlist> + + </sect1> + +</chapter> diff --git a/doc/manual/en_US/user_ThirdParty.xml b/doc/manual/en_US/user_ThirdParty.xml new file mode 100644 index 00000000..1c5c4444 --- /dev/null +++ b/doc/manual/en_US/user_ThirdParty.xml @@ -0,0 +1,4816 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE appendix PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" + "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"[ +<!ENTITY % all.entities SYSTEM "all-entities.ent"> +%all.entities; +]> +<appendix id="ThirdParty"> + + <title>Third-Party Materials and Licenses</title> + + <para> + &product-name; incorporates materials from several Open Source + software projects. Therefore the use of these materials by + &product-name; is governed by different Open Source licenses. This + document reproduces these licenses and provides a list of the + materials used and their respective licensing conditions. Section 1 + contains a list of the materials used. Section 2 reproduces the + applicable Open Source licenses. For each material, a reference to + its license is provided. + </para> + + <para> + The source code for the materials listed below as well as the rest + of the &product-name; code which is released as open source are + available at + <ulink + url="http://www.virtualbox.org">http://www.virtualbox.org</ulink>, + both as tarballs for particular releases and as a live SVN + repository. + </para> + + <sect1 id="third-party-materials"> + + <title>Third-Party Materials</title> + + <itemizedlist> + + <listitem> + <para> + &product-name; contains portions of QEMU which is governed by + the licenses in + <xref linkend="licX11" xrefstyle="template: %n" /> and + <xref linkend="licLGPL" xrefstyle="template: %n" /> and + </para> + + <para> + (C) 2003-2005 Fabrice Bellard; Copyright (C) 2004-2005 Vassili + Karpov (malc); Copyright (c) 2004 Antony T Curtis; Copyright + (C) 2003 Jocelyn Mayer + </para> + </listitem> + + <listitem> + <para> + &product-name; contains code which is governed by the license + in <xref linkend="licX11" xrefstyle="template: %n" /> and + </para> + + <para> + Copyright 2004 by the Massachusetts Institute of Technology. + </para> + </listitem> + + <listitem> + <para> + &product-name; contains code of the BOCHS VGA BIOS which is + governed by the license in + <xref linkend="licLGPL" xrefstyle="template: %n" /> and + </para> + + <para> + Copyright (C) 2001, 2002 the LGPL VGABios developers Team. + </para> + </listitem> + + <listitem> + <para> + &product-name; contains code of the BOCHS ROM BIOS which is + governed by the license in + <xref linkend="licLGPL" xrefstyle="template: %n" /> and + </para> + + <para> + Copyright (C) 2002 MandrakeSoft S.A.; Copyright (C) 2004 + Fabrice Bellard; Copyright (C) 2005 Struan Bartlett. + </para> + </listitem> + + <listitem> + <para> + &product-name; contains the zlib library which is governed by + the license in + <xref linkend="licZLIB" xrefstyle="template: %n" /> and + </para> + + <para> + Copyright (C) 1995-2003 Jean-loup Gailly and Mark Adler. + </para> + </listitem> + + <listitem> + <para> + &product-name; may contain OpenSSL which is governed by the + license in <xref linkend="licSSL" xrefstyle="template: %n" /> + and + </para> + + <para> + Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com). This + product includes software written by Tim Hudson + (tjh@cryptsoft.com). + </para> + </listitem> + + <listitem> + <para> + &product-name; may contain NSPR and XPCOM which is governed by + the license in + <xref linkend="licMPL" xrefstyle="template: %n" /> and + </para> + + <para> + Copyright (C) The Authors. + </para> + </listitem> + + <listitem> + <para> + &product-name; contains Slirp which is governed by the license + in <xref linkend="licSlirp" xrefstyle="template: %n" /> and + was written by Danny Gasparovski. + </para> + + <para> + Copyright (C) 1995, 1996 All Rights Reserved. + </para> + </listitem> + + <listitem> + <para> + &product-name; contains liblzf which is governed by the + license in <xref linkend="licLZF" xrefstyle="template: %n" /> + and + </para> + + <para> + Copyright (C) 2000-2005 Marc Alexander Lehmann + <schmorp@schmorp.de> + </para> + </listitem> + + <listitem> + <para> + &product-name; may ship with a modified copy of rdesktop which + is governed by the license in + <xref linkend="licGPL" + xrefstyle="template: %n" /> and + </para> + + <para> + Copyright (C) Matthew Chapman and others. + </para> + </listitem> + + <listitem> + <para> + &product-name; may ship with a copy of kchmviewer which is + governed by the license in + <xref linkend="licGPL" xrefstyle="template: %n" /> and + </para> + + <para> + Copyright (C) George Yunaev and others. + </para> + </listitem> + + <listitem> + <para> + &product-name; may contain Etherboot which is governed by the + license in <xref linkend="licGPL" xrefstyle="template: %n" /> + with the exception that aggregating Etherboot with another + work does not require the other work to be released under the + same license (see + <ulink + url="http://etherboot.sourceforge.net/clinks.html">http://etherboot.sourceforge.net/clinks.html</ulink>). + Etherboot is + </para> + + <para> + Copyright (C) Etherboot team. + </para> + </listitem> + + <listitem> + <para> + &product-name; may contain iPXE which is governed by the + license in <xref linkend="licGPL" xrefstyle="template: %n" /> + and + </para> + + <para> + Copyright (C) Michael Brown <mbrown@fensystems.co.uk> + and others. + </para> + </listitem> + + <listitem> + <para> + &product-name; contains code from Wine which is governed by + the license in + <xref linkend="licLGPL" xrefstyle="template: %n" /> and + </para> + + <para> + Copyright 1993 Bob Amstadt, Copyright 1996 Albrecht Kleine, + Copyright 1997 David Faure, Copyright 1998 Morten Welinder, + Copyright 1998 Ulrich Weigand, Copyright 1999 Ove Koven + </para> + </listitem> + + <listitem> + <para> + &product-name; contains code from lwIP which is governed by + the license in + <xref linkend="licLWIP" xrefstyle="template: %n" /> and + </para> + + <para> + Copyright (C) 2001, 2002 Swedish Institute of Computer + Science. + </para> + </listitem> + + <listitem> + <para> + &product-name; contains libxml which is governed by the + license in + <xref linkend="licLibXML" xrefstyle="template: %n" /> and + </para> + + <para> + Copyright (C) 1998-2003 Daniel Veillard. + </para> + </listitem> + + <listitem> + <para> + &product-name; contains libxslt which is governed by the + license in + <xref linkend="licLibXSLT" xrefstyle="template: %n" /> and + </para> + + <para> + Copyright (C) 2001-2002 Daniel Veillard and Copyright (C) + 2001-2002 Thomas Broyer, Charlie Bozeman and Daniel Veillard. + </para> + </listitem> + + <listitem> + <para> + &product-name; contains code from the gSOAP XML web services + tools, which are licensed under the license in + <xref + linkend="licgSOAP" xrefstyle="template: %n" /> + and + </para> + + <para> + Copyright (C) 2000-2007, Robert van Engelen, Genivia Inc., and + others. + </para> + </listitem> + + <listitem> + <para> + &product-name; ships with the application tunctl (shipped as + VBoxTunctl) from the User-mode Linux suite which is governed + by the license in + <xref linkend="licGPL" xrefstyle="template: %n" /> and + </para> + + <para> + Copyright (C) 2002 Jeff Dike. + </para> + </listitem> + + <listitem> + <para> + &product-name; contains code from Chromium, an OpenGL + implementation, which is goverened by the licenses in + <xref + linkend="licChromium" xrefstyle="template: %n" /> + and + </para> + + <para> + Copyright (C) Stanford University, The Regents of the + University of California, Red Hat, and others. + </para> + </listitem> + + <listitem> + <para> + &product-name; contains libcurl which is governed by the + license in + <xref linkend="licLibCurl" xrefstyle="template: %n" /> and + </para> + + <para> + Copyright (C) 1996-2009, Daniel Stenberg. + </para> + </listitem> + + <listitem> + <para> + &product-name; contains dnsproxy which is governed by the + license in <xref linkend="licMIT" xrefstyle="template: %n" /> + and + </para> + + <para> + Copyright (c) 2003, 2004, 2005 Armin Wolfermann. + </para> + </listitem> + + <listitem> + <para> + &product-name; may contain iniparser which is governed by the + license in <xref linkend="licMIT" xrefstyle="template: %n" /> + and + </para> + + <para> + Copyright (c) 2000-2008 by Nicolas Devillard. + </para> + </listitem> + + <listitem> + <para> + &product-name; contains some code from libgd which is governed + by the license in + <xref linkend="licLibgd" xrefstyle="template: %n"/> and + </para> + + <para> + Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 + Pierre-Alain Joye (pierre@libgd.org). + </para> + </listitem> + + <listitem> + <para> + &product-name; contains code from the EFI Development Kit II + which is governed by the license in + <xref linkend="licBsdIntel" xrefstyle="template: %n" /> and + </para> + + <para> + Copyright (c) 2004-2008, Intel Corporation. + </para> + </listitem> + + <listitem> + <para> + &product-name; contains libjpeg which is governed by the + license in <xref linkend="licJPEG" xrefstyle="template: %n" /> + and + </para> + + <para> + Copyright (C) 1991-2010, Thomas G. Lane, Guido Vollbeding. + </para> + </listitem> + + <listitem> + <para> + &product-name; may contain x86 SIMD extension for IJG JPEG + library which is governed by the license in + <xref linkend="licJPEGSIMD" + xrefstyle="template: %n" /> + and + </para> + + <para> + Copyright 2009 Pierre Ossman <ossman@cendio.se> for + Cendio AB; Copyright 2010 D. R. Commander; Copyright (C) + 1999-2006, MIYASAKA Masaru. + </para> + </listitem> + + <listitem> + <para> + &product-name; may ship a copy of Qt which is governed by the + license in <xref linkend="licLGPL" xrefstyle="template: %n" /> + and + </para> + + <para> + Copyright (C) 2010, 2011 Nokia Corporation and/or its + subsidiary(-ies). + </para> + </listitem> + + <listitem> + <para> + &product-name; contains parts of the FreeBSD kernel which is + governed by the license in + <xref linkend="licFreeBsd" xrefstyle="template: %n" />. + </para> + </listitem> + + <listitem> + <para> + &product-name; contains parts of the NetBSD kernel which is + governed by the license in + <xref linkend="licNetBsd" xrefstyle="template: %n" />. + </para> + </listitem> + + <listitem> + <para> + &product-name; contains portions of liblightdm-gobject which + is governed by the license in + <xref linkend="licLGPL" xrefstyle="template: %n" /> and + </para> + + <para> + Copyright (C) 2010-2013 Canonical Ltd.; Copyright (C) + 2010-2011 Robert Ancell. + </para> + </listitem> + + <listitem> + <para> + &product-name; contains portions of glib which is governed by + the license in + <xref linkend="licLGPL" xrefstyle="template: %n" /> and + </para> + + <para> + Copyright (C) 1995-2011 The Glib team + </para> + </listitem> + + <listitem> + <para> + &product-name; contains portions of PCRE which is governed by + the license in + <xref linkend="licPcre" xrefstyle="template: %n" /> and + </para> + + <para> + Copyright (c) 1997-2012 University of Cambridge; Copyright(c) + 2009-2012 Zoltan Herczeg; Copyright (c) 2007-2012, Google Inc. + </para> + </listitem> + + <listitem> + <para> + &product-name; contains portions of libffi which is governed + by the license in + <xref linkend="licLibffi" xrefstyle="template: %n" /> and + </para> + + <para> + Copyright (c) 1996-2012 Anthony Green, Red Hat, Inc and + others. See source files for details. + </para> + </listitem> + + <listitem> + <para> + &product-name; contains portions of FLTK which is governed by + the licenses in + <xref linkend="licFltk" xrefstyle="template: %n" /> and + <xref linkend="licLGPL" xrefstyle="template: %n"/> and + </para> + + <para> + Copyright (C) 1991-2012 The FLTK team + </para> + </listitem> + + <listitem> + <para> + &product-name; contains portions of Expat which is governed by + the license in + <xref linkend="licExpat" xrefstyle="template: %n" /> and + </para> + + <para> + Copyright (c) 1998, 1999, 2000 Thai Open Source Software + Center Ltd and Clark Cooper; Copyright (c) 2001, 2002, 2003, + 2004, 2005, 2006 Expat maintainers. + </para> + </listitem> + + <listitem> + <para> + &product-name; contains portions of Fontconfig which is + governed by the license in + <xref linkend="licFontconfig" xrefstyle="template: %n" /> and + </para> + + <para> + Copyright (C) 2001, 2003 Keith Packard + </para> + </listitem> + + <listitem> + <para> + &product-name; contains portions of Freetype which is governed + by the license in + <xref linkend="licFreetype" xrefstyle="template: %n" /> and + </para> + + <para> + Copyright 2012 The FreeType Project (www.freetype.org). All + rights reserved. + </para> + </listitem> + + <listitem> + <para> + &product-name; may contain code from the WebM VP8 Codec SDK + which is governed by the license in + <xref linkend="licVPX" xrefstyle="template: %n" /> and + </para> + + <para> + Copyright (c) 2010, The WebM Project authors. All rights + reserved. + </para> + </listitem> + + <listitem> + <para> + &product-name; may contain code from libopus ("Opus") which is + governed by the license in + <xref linkend="licOpus" xrefstyle="template: %n" /> and + </para> + + <para> + Copyright 2001-2011 Xiph.Org, Skype Limited, Octasic, + Jean-Marc Valin, Timothy B. Terriberry, CSIRO, Gregory + Maxwell, Mark Borgerding, Erik de Castro Lopo + </para> + </listitem> + + <listitem> + <para> + &product-name; may contain portions of FUSE for macOS which is + governed by the licenses in + <xref linkend="licOsxFuse" xrefstyle="template: %n" /> and + <xref linkend="licLGPL" xrefstyle="template: %n"/> and + </para> + + <para> + Copyright (c) 2011-2017 Benjamin Fleischer; Copyright (c) + 2011-2012 Erik Larsson All rights reserved. + </para> + </listitem> + + </itemizedlist> + + </sect1> + + <sect1 id="third-party-licenses"> + + <title>Third-Party Licenses</title> + + <sect2 id="licGPL"> + + <title>GNU General Public License (GPL)</title> + + <para> + GNU GENERAL PUBLIC LICENSE Version 2, June 1991 + </para> + + <para> + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + </para> + + <para> + 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + </para> + + <para> + Everyone is permitted to copy and distribute verbatim copies of + this license document, but changing it is not allowed. + </para> + + <para> + Preamble + </para> + + <para> + The licenses for most software are designed to take away your + freedom to share and change it. By contrast, the GNU General + Public License is intended to guarantee your freedom to share + and change free software--to make sure the software is free for + all its users. This General Public License applies to most of + the Free Software Foundation's software and to any other program + whose authors commit to using it. (Some other Free Software + Foundation software is covered by the GNU Library General Public + License instead.) You can apply it to your programs, too. + </para> + + <para> + When we speak of free software, we are referring to freedom, not + price. Our General Public Licenses are designed to make sure + that you have the freedom to distribute copies of free software + (and charge for this service if you wish), that you receive + source code or can get it if you want it, that you can change + the software or use pieces of it in new free programs; and that + you know you can do these things. + </para> + + <para> + To protect your rights, we need to make restrictions that forbid + anyone to deny you these rights or to ask you to surrender the + rights. These restrictions translate to certain responsibilities + for you if you distribute copies of the software, or if you + modify it. + </para> + + <para> + For example, if you distribute copies of such a program, whether + gratis or for a fee, you must give the recipients all the rights + that you have. You must make sure that they, too, receive or can + get the source code. And you must show them these terms so they + know their rights. + </para> + + <para> + We protect your rights with two steps: (1) copyright the + software, and (2) offer you this license which gives you legal + permission to copy, distribute and/or modify the software. + </para> + + <para> + Also, for each author's protection and ours, we want to make + certain that everyone understands that there is no warranty for + this free software. If the software is modified by someone else + and passed on, we want its recipients to know that what they + have is not the original, so that any problems introduced by + others will not reflect on the original authors' reputations. + </para> + + <para> + Finally, any free program is threatened constantly by software + patents. We wish to avoid the danger that redistributors of a + free program will individually obtain patent licenses, in effect + making the program proprietary. To prevent this, we have made it + clear that any patent must be licensed for everyone's free use + or not licensed at all. + </para> + + <para> + The precise terms and conditions for copying, distribution and + modification follow. + </para> + + <para> + GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, + DISTRIBUTION AND MODIFICATION + </para> + + <para> + 0. This License applies to any program or other work which + contains a notice placed by the copyright holder saying it may + be distributed under the terms of this General Public License. + The "Program", below, refers to any such program or work, and a + "work based on the Program" means either the Program or any + derivative work under copyright law: that is to say, a work + containing the Program or a portion of it, either verbatim or + with modifications and/or translated into another language. + (Hereinafter, translation is included without limitation in the + term "modification".) Each licensee is addressed as "you". + </para> + + <para> + Activities other than copying, distribution and modification are + not covered by this License; they are outside its scope. The act + of running the Program is not restricted, and the output from + the Program is covered only if its contents constitute a work + based on the Program (independent of having been made by running + the Program). Whether that is true depends on what the Program + does. + </para> + + <para> + 1. You may copy and distribute verbatim copies of the Program's + source code as you receive it, in any medium, provided that you + conspicuously and appropriately publish on each copy an + appropriate copyright notice and disclaimer of warranty; keep + intact all the notices that refer to this License and to the + absence of any warranty; and give any other recipients of the + Program a copy of this License along with the Program. + </para> + + <para> + You may charge a fee for the physical act of transferring a + copy, and you may at your option offer warranty protection in + exchange for a fee. + </para> + + <para> + 2. You may modify your copy or copies of the Program or any + portion of it, thus forming a work based on the Program, and + copy and distribute such modifications or work under the terms + of Section 1 above, provided that you also meet all of these + conditions: + </para> + + <para> + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + </para> + + <para> + b) You must cause any work that you distribute or publish, that + in whole or in part contains or is derived from the Program or + any part thereof, to be licensed as a whole at no charge to all + third parties under the terms of this License. + </para> + + <para> + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you + provide a warranty) and that users may redistribute the program + under these conditions, and telling the user how to view a copy + of this License. (Exception: if the Program itself is + interactive but does not normally print such an announcement, + your work based on the Program is not required to print an + announcement.) + </para> + + <para> + These requirements apply to the modified work as a whole. If + identifiable sections of that work are not derived from the + Program, and can be reasonably considered independent and + separate works in themselves, then this License, and its terms, + do not apply to those sections when you distribute them as + separate works. But when you distribute the same sections as + part of a whole which is a work based on the Program, the + distribution of the whole must be on the terms of this License, + whose permissions for other licensees extend to the entire + whole, and thus to each and every part regardless of who wrote + it. + </para> + + <para> + Thus, it is not the intent of this section to claim rights or + contest your rights to work written entirely by you; rather, the + intent is to exercise the right to control the distribution of + derivative or collective works based on the Program. + </para> + + <para> + In addition, mere aggregation of another work not based on the + Program with the Program (or with a work based on the Program) + on a volume of a storage or distribution medium does not bring + the other work under the scope of this License. + </para> + + <para> + 3. You may copy and distribute the Program (or a work based on + it, under Section 2) in object code or executable form under the + terms of Sections 1 and 2 above provided that you also do one of + the following: + </para> + + <para> + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of + Sections 1 and 2 above on a medium customarily used for software + interchange; or, + </para> + + <para> + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a + medium customarily used for software interchange; or, + </para> + + <para> + c) Accompany it with the information you received as to the + offer to distribute corresponding source code. (This alternative + is allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + </para> + + <para> + The source code for a work means the preferred form of the work + for making modifications to it. For an executable work, complete + source code means all the source code for all modules it + contains, plus any associated interface definition files, plus + the scripts used to control compilation and installation of the + executable. However, as a special exception, the source code + distributed need not include anything that is normally + distributed (in either source or binary form) with the major + components (compiler, kernel, and so on) of the operating system + on which the executable runs, unless that component itself + accompanies the executable. + </para> + + <para> + If distribution of executable or object code is made by offering + access to copy from a designated place, then offering equivalent + access to copy the source code from the same place counts as + distribution of the source code, even though third parties are + not compelled to copy the source along with the object code. + </para> + + <para> + 4. You may not copy, modify, sublicense, or distribute the + Program except as expressly provided under this License. Any + attempt otherwise to copy, modify, sublicense or distribute the + Program is void, and will automatically terminate your rights + under this License. However, parties who have received copies, + or rights, from you under this License will not have their + licenses terminated so long as such parties remain in full + compliance. + </para> + + <para> + 5. You are not required to accept this License, since you have + not signed it. However, nothing else grants you permission to + modify or distribute the Program or its derivative works. These + actions are prohibited by law if you do not accept this License. + Therefore, by modifying or distributing the Program (or any work + based on the Program), you indicate your acceptance of this + License to do so, and all its terms and conditions for copying, + distributing or modifying the Program or works based on it. + </para> + + <para> + 6. Each time you redistribute the Program (or any work based on + the Program), the recipient automatically receives a license + from the original licensor to copy, distribute or modify the + Program subject to these terms and conditions. You may not + impose any further restrictions on the recipients' exercise of + the rights granted herein. You are not responsible for enforcing + compliance by third parties to this License. + </para> + + <para> + 7. If, as a consequence of a court judgment or allegation of + patent infringement or for any other reason (not limited to + patent issues), conditions are imposed on you (whether by court + order, agreement or otherwise) that contradict the conditions of + this License, they do not excuse you from the conditions of this + License. If you cannot distribute so as to satisfy + simultaneously your obligations under this License and any other + pertinent obligations, then as a consequence you may not + distribute the Program at all. For example, if a patent license + would not permit royalty-free redistribution of the Program by + all those who receive copies directly or indirectly through you, + then the only way you could satisfy both it and this License + would be to refrain entirely from distribution of the Program. + </para> + + <para> + If any portion of this section is held invalid or unenforceable + under any particular circumstance, the balance of the section is + intended to apply and the section as a whole is intended to + apply in other circumstances. + </para> + + <para> + It is not the purpose of this section to induce you to infringe + any patents or other property right claims or to contest + validity of any such claims; this section has the sole purpose + of protecting the integrity of the free software distribution + system, which is implemented by public license practices. Many + people have made generous contributions to the wide range of + software distributed through that system in reliance on + consistent application of that system; it is up to the + author/donor to decide if he or she is willing to distribute + software through any other system and a licensee cannot impose + that choice. + </para> + + <para> + This section is intended to make thoroughly clear what is + believed to be a consequence of the rest of this License. + </para> + + <para> + 8. If the distribution and/or use of the Program is restricted + in certain countries either by patents or by copyrighted + interfaces, the original copyright holder who places the Program + under this License may add an explicit geographical distribution + limitation excluding those countries, so that distribution is + permitted only in or among countries not thus excluded. In such + case, this License incorporates the limitation as if written in + the body of this License. + </para> + + <para> + 9. The Free Software Foundation may publish revised and/or new + versions of the General Public License from time to time. Such + new versions will be similar in spirit to the present version, + but may differ in detail to address new problems or concerns. + </para> + + <para> + Each version is given a distinguishing version number. If the + Program specifies a version number of this License which applies + to it and "any later version", you have the option of following + the terms and conditions either of that version or of any later + version published by the Free Software Foundation. If the + Program does not specify a version number of this License, you + may choose any version ever published by the Free Software + Foundation. + </para> + + <para> + 10. If you wish to incorporate parts of the Program into other + free programs whose distribution conditions are different, write + to the author to ask for permission. For software which is + copyrighted by the Free Software Foundation, write to the Free + Software Foundation; we sometimes make exceptions for this. Our + decision will be guided by the two goals of preserving the free + status of all derivatives of our free software and of promoting + the sharing and reuse of software generally. + </para> + + <para> + NO WARRANTY + </para> + + <para> + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO + WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE + LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT + HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT + WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, + BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE + QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE + PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY + SERVICING, REPAIR OR CORRECTION. + </para> + + <para> + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO + IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY + MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE + LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, + INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR + INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS + OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY + YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH + ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN + ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + </para> + + <para> + END OF TERMS AND CONDITIONS + </para> + + </sect2> + + <sect2 id="licLGPL"> + + <title>GNU Lesser General Public License (LGPL)</title> + + <para> + GNU LESSER GENERAL PUBLIC LICENSE Version 2.1, February 1999 + </para> + + <para> + Copyright (C) 1991, 1999 Free Software Foundation, Inc. 59 + Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is + permitted to copy and distribute verbatim copies of this license + document, but changing it is not allowed. + </para> + + <para> + [This is the first released version of the Lesser GPL. It also + counts as the successor of the GNU Library Public License, + version 2, hence the version number 2.1.] + </para> + + <para> + Preamble + </para> + + <para> + The licenses for most software are designed to take away your + freedom to share and change it. By contrast, the GNU General + Public Licenses are intended to guarantee your freedom to share + and change free software--to make sure the software is free for + all its users. + </para> + + <para> + This license, the Lesser General Public License, applies to some + specially designated software packages--typically libraries--of + the Free Software Foundation and other authors who decide to use + it. You can use it too, but we suggest you first think carefully + about whether this license or the ordinary General Public + License is the better strategy to use in any particular case, + based on the explanations below. + </para> + + <para> + When we speak of free software, we are referring to freedom of + use, not price. Our General Public Licenses are designed to make + sure that you have the freedom to distribute copies of free + software (and charge for this service if you wish); that you + receive source code or can get it if you want it; that you can + change the software and use pieces of it in new free programs; + and that you are informed that you can do these things. + </para> + + <para> + To protect your rights, we need to make restrictions that forbid + distributors to deny you these rights or to ask you to surrender + these rights. These restrictions translate to certain + responsibilities for you if you distribute copies of the library + or if you modify it. + </para> + + <para> + For example, if you distribute copies of the library, whether + gratis or for a fee, you must give the recipients all the rights + that we gave you. You must make sure that they, too, receive or + can get the source code. If you link other code with the + library, you must provide complete object files to the + recipients, so that they can relink them with the library after + making changes to the library and recompiling it. And you must + show them these terms so they know their rights. + </para> + + <para> + We protect your rights with a two-step method: (1) we copyright + the library, and (2) we offer you this license, which gives you + legal permission to copy, distribute and/or modify the library. + </para> + + <para> + To protect each distributor, we want to make it very clear that + there is no warranty for the free library. Also, if the library + is modified by someone else and passed on, the recipients should + know that what they have is not the original version, so that + the original author's reputation will not be affected by + problems that might be introduced by others. + </para> + + <para> + Finally, software patents pose a constant threat to the + existence of any free program. We wish to make sure that a + company cannot effectively restrict the users of a free program + by obtaining a restrictive license from a patent holder. + Therefore, we insist that any patent license obtained for a + version of the library must be consistent with the full freedom + of use specified in this license. + </para> + + <para> + Most GNU software, including some libraries, is covered by the + ordinary GNU General Public License. This license, the GNU + Lesser General Public License, applies to certain designated + libraries, and is quite different from the ordinary General + Public License. We use this license for certain libraries in + order to permit linking those libraries into non-free programs. + </para> + + <para> + When a program is linked with a library, whether statically or + using a shared library, the combination of the two is legally + speaking a combined work, a derivative of the original library. + The ordinary General Public License therefore permits such + linking only if the entire combination fits its criteria of + freedom. The Lesser General Public License permits more lax + criteria for linking other code with the library. + </para> + + <para> + We call this license the "Lesser" General Public License because + it does Less to protect the user's freedom than the ordinary + General Public License. It also provides other free software + developers Less of an advantage over competing non-free + programs. These disadvantages are the reason we use the ordinary + General Public License for many libraries. However, the Lesser + license provides advantages in certain special circumstances. + </para> + + <para> + For example, on rare occasions, there may be a special need to + encourage the widest possible use of a certain library, so that + it becomes a de-facto standard. To achieve this, non-free + programs must be allowed to use the library. A more frequent + case is that a free library does the same job as widely used + non-free libraries. In this case, there is little to gain by + limiting the free library to free software only, so we use the + Lesser General Public License. + </para> + + <para> + In other cases, permission to use a particular library in + non-free programs enables a greater number of people to use a + large body of free software. For example, permission to use the + GNU C Library in non-free programs enables many more people to + use the whole GNU operating system, as well as its variant, the + GNU/Linux operating system. + </para> + + <para> + Although the Lesser General Public License is Less protective of + the users' freedom, it does ensure that the user of a program + that is linked with the Library has the freedom and the + wherewithal to run that program using a modified version of the + Library. + </para> + + <para> + The precise terms and conditions for copying, distribution and + modification follow. Pay close attention to the difference + between a "work based on the library" and a "work that uses the + library". The former contains code derived from the library, + whereas the latter must be combined with the library in order to + run. + </para> + + <para> + GNU LESSER GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR + COPYING, DISTRIBUTION AND MODIFICATION + </para> + + <para> + 0. This License Agreement applies to any software library or + other program which contains a notice placed by the copyright + holder or other authorized party saying it may be distributed + under the terms of this Lesser General Public License (also + called "this License"). Each licensee is addressed as "you". + </para> + + <para> + A "library" means a collection of software functions and/or data + prepared so as to be conveniently linked with application + programs (which use some of those functions and data) to form + executables. + </para> + + <para> + The "Library", below, refers to any such software library or + work which has been distributed under these terms. A "work based + on the Library" means either the Library or any derivative work + under copyright law: that is to say, a work containing the + Library or a portion of it, either verbatim or with + modifications and/or translated straightforwardly into another + language. (Hereinafter, translation is included without + limitation in the term "modification".) + </para> + + <para> + "Source code" for a work means the preferred form of the work + for making modifications to it. For a library, complete source + code means all the source code for all modules it contains, plus + any associated interface definition files, plus the scripts used + to control compilation and installation of the library. + </para> + + <para> + Activities other than copying, distribution and modification are + not covered by this License; they are outside its scope. The act + of running a program using the Library is not restricted, and + output from such a program is covered only if its contents + constitute a work based on the Library (independent of the use + of the Library in a tool for writing it). Whether that is true + depends on what the Library does and what the program that uses + the Library does. + </para> + + <para> + 1. You may copy and distribute verbatim copies of the Library's + complete source code as you receive it, in any medium, provided + that you conspicuously and appropriately publish on each copy an + appropriate copyright notice and disclaimer of warranty; keep + intact all the notices that refer to this License and to the + absence of any warranty; and distribute a copy of this License + along with the Library. + </para> + + <para> + You may charge a fee for the physical act of transferring a + copy, and you may at your option offer warranty protection in + exchange for a fee. + </para> + + <para> + 2. You may modify your copy or copies of the Library or any + portion of it, thus forming a work based on the Library, and + copy and distribute such modifications or work under the terms + of Section 1 above, provided that you also meet all of these + conditions: + </para> + + <para> + a) The modified work must itself be a software library. + </para> + + <para> + b) You must cause the files modified to carry prominent notices + stating that you changed the files and the date of any change. + </para> + + <para> + c) You must cause the whole of the work to be licensed at no + charge to all third parties under the terms of this License. + </para> + + <para> + d) If a facility in the modified Library refers to a function or + a table of data to be supplied by an application program that + uses the facility, other than as an argument passed when the + facility is invoked, then you must make a good faith effort to + ensure that, in the event an application does not supply such + function or table, the facility still operates, and performs + whatever part of its purpose remains meaningful. + </para> + + <para> + (For example, a function in a library to compute square roots + has a purpose that is entirely well-defined independent of the + application. Therefore, Subsection 2d requires that any + application-supplied function or table used by this function + must be optional: if the application does not supply it, the + square root function must still compute square roots.) + </para> + + <para> + These requirements apply to the modified work as a whole. If + identifiable sections of that work are not derived from the + Library, and can be reasonably considered independent and + separate works in themselves, then this License, and its terms, + do not apply to those sections when you distribute them as + separate works. But when you distribute the same sections as + part of a whole which is a work based on the Library, the + distribution of the whole must be on the terms of this License, + whose permissions for other licensees extend to the entire + whole, and thus to each and every part regardless of who wrote + it. + </para> + + <para> + Thus, it is not the intent of this section to claim rights or + contest your rights to work written entirely by you; rather, the + intent is to exercise the right to control the distribution of + derivative or collective works based on the Library. + </para> + + <para> + In addition, mere aggregation of another work not based on the + Library with the Library (or with a work based on the Library) + on a volume of a storage or distribution medium does not bring + the other work under the scope of this License. + </para> + + <para> + 3. You may opt to apply the terms of the ordinary GNU General + Public License instead of this License to a given copy of the + Library. To do this, you must alter all the notices that refer + to this License, so that they refer to the ordinary GNU General + Public License, version 2, instead of to this License. (If a + newer version than version 2 of the ordinary GNU General Public + License has appeared, then you can specify that version instead + if you wish.) Do not make any other change in these notices. + </para> + + <para> + Once this change is made in a given copy, it is irreversible for + that copy, so the ordinary GNU General Public License applies to + all subsequent copies and derivative works made from that copy. + </para> + + <para> + This option is useful when you wish to copy part of the code of + the Library into a program that is not a library. + </para> + + <para> + 4. You may copy and distribute the Library (or a portion or + derivative of it, under Section 2) in object code or executable + form under the terms of Sections 1 and 2 above provided that you + accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of + Sections 1 and 2 above on a medium customarily used for software + interchange. + </para> + + <para> + If distribution of object code is made by offering access to + copy from a designated place, then offering equivalent access to + copy the source code from the same place satisfies the + requirement to distribute the source code, even though third + parties are not compelled to copy the source along with the + object code. + </para> + + <para> + 5. A program that contains no derivative of any portion of the + Library, but is designed to work with the Library by being + compiled or linked with it, is called a "work that uses the + Library". Such a work, in isolation, is not a derivative work of + the Library, and therefore falls outside the scope of this + License. + </para> + + <para> + However, linking a "work that uses the Library" with the Library + creates an executable that is a derivative of the Library + (because it contains portions of the Library), rather than a + "work that uses the library". The executable is therefore + covered by this License. Section 6 states terms for distribution + of such executables. + </para> + + <para> + When a "work that uses the Library" uses material from a header + file that is part of the Library, the object code for the work + may be a derivative work of the Library even though the source + code is not. Whether this is true is especially significant if + the work can be linked without the Library, or if the work is + itself a library. The threshold for this to be true is not + precisely defined by law. + </para> + + <para> + If such an object file uses only numerical parameters, data + structure layouts and accessors, and small macros and small + inline functions (ten lines or less in length), then the use of + the object file is unrestricted, regardless of whether it is + legally a derivative work. (Executables containing this object + code plus portions of the Library will still fall under Section + 6.) Otherwise, if the work is a derivative of the Library, you + may distribute the object code for the work under the terms of + Section 6. Any executables containing that work also fall under + Section 6, whether or not they are linked directly with the + Library itself. + </para> + + <para> + 6. As an exception to the Sections above, you may also combine + or link a "work that uses the Library" with the Library to + produce a work containing portions of the Library, and + distribute that work under terms of your choice, provided that + the terms permit modification of the work for the customer's own + use and reverse engineering for debugging such modifications. + </para> + + <para> + You must give prominent notice with each copy of the work that + the Library is used in it and that the Library and its use are + covered by this License. You must supply a copy of this License. + If the work during execution displays copyright notices, you + must include the copyright notice for the Library among them, as + well as a reference directing the user to the copy of this + License. Also, you must do one of these things: + </para> + + <para> + a) Accompany the work with the complete corresponding + machine-readable source code for the Library including whatever + changes were used in the work (which must be distributed under + Sections 1 and 2 above); and, if the work is an executable + linked with the Library, with the complete machine-readable + "work that uses the Library", as object code and/or source code, + so that the user can modify the Library and then relink to + produce a modified executable containing the modified Library. + (It is understood that the user who changes the contents of + definitions files in the Library will not necessarily be able to + recompile the application to use the modified definitions.) + </para> + + <para> + b) Use a suitable shared library mechanism for linking with the + Library. A suitable mechanism is one that (1) uses at run time a + copy of the library already present on the user's computer + system, rather than copying library functions into the + executable, and (2) will operate properly with a modified + version of the library, if the user installs one, as long as the + modified version is interface-compatible with the version that + the work was made with. + </para> + + <para> + c) Accompany the work with a written offer, valid for at least + three years, to give the same user the materials specified in + Subsection 6a, above, for a charge no more than the cost of + performing this distribution. + </para> + + <para> + d) If distribution of the work is made by offering access to + copy from a designated place, offer equivalent access to copy + the above specified materials from the same place. + </para> + + <para> + e) Verify that the user has already received a copy of these + materials or that you have already sent this user a copy. + </para> + + <para> + For an executable, the required form of the "work that uses the + Library" must include any data and utility programs needed for + reproducing the executable from it. However, as a special + exception, the materials to be distributed need not include + anything that is normally distributed (in either source or + binary form) with the major components (compiler, kernel, and so + on) of the operating system on which the executable runs, unless + that component itself accompanies the executable. + </para> + + <para> + It may happen that this requirement contradicts the license + restrictions of other proprietary libraries that do not normally + accompany the operating system. Such a contradiction means you + cannot use both them and the Library together in an executable + that you distribute. + </para> + + <para> + 7. You may place library facilities that are a work based on the + Library side-by-side in a single library together with other + library facilities not covered by this License, and distribute + such a combined library, provided that the separate distribution + of the work based on the Library and of the other library + facilities is otherwise permitted, and provided that you do + these two things: + </para> + + <para> + a) Accompany the combined library with a copy of the same work + based on the Library, uncombined with any other library + facilities. This must be distributed under the terms of the + Sections above. + </para> + + <para> + b) Give prominent notice with the combined library of the fact + that part of it is a work based on the Library, and explaining + where to find the accompanying uncombined form of the same work. + </para> + + <para> + 8. You may not copy, modify, sublicense, link with, or + distribute the Library except as expressly provided under this + License. Any attempt otherwise to copy, modify, sublicense, link + with, or distribute the Library is void, and will automatically + terminate your rights under this License. However, parties who + have received copies, or rights, from you under this License + will not have their licenses terminated so long as such parties + remain in full compliance. + </para> + + <para> + 9. You are not required to accept this License, since you have + not signed it. However, nothing else grants you permission to + modify or distribute the Library or its derivative works. These + actions are prohibited by law if you do not accept this License. + Therefore, by modifying or distributing the Library (or any work + based on the Library), you indicate your acceptance of this + License to do so, and all its terms and conditions for copying, + distributing or modifying the Library or works based on it. + </para> + + <para> + 10. Each time you redistribute the Library (or any work based on + the Library), the recipient automatically receives a license + from the original licensor to copy, distribute, link with or + modify the Library subject to these terms and conditions. You + may not impose any further restrictions on the recipients' + exercise of the rights granted herein. You are not responsible + for enforcing compliance by third parties with this License. + </para> + + <para> + 11. If, as a consequence of a court judgment or allegation of + patent infringement or for any other reason (not limited to + patent issues), conditions are imposed on you (whether by court + order, agreement or otherwise) that contradict the conditions of + this License, they do not excuse you from the conditions of this + License. If you cannot distribute so as to satisfy + simultaneously your obligations under this License and any other + pertinent obligations, then as a consequence you may not + distribute the Library at all. For example, if a patent license + would not permit royalty-free redistribution of the Library by + all those who receive copies directly or indirectly through you, + then the only way you could satisfy both it and this License + would be to refrain entirely from distribution of the Library. + </para> + + <para> + If any portion of this section is held invalid or unenforceable + under any particular circumstance, the balance of the section is + intended to apply, and the section as a whole is intended to + apply in other circumstances. + </para> + + <para> + It is not the purpose of this section to induce you to infringe + any patents or other property right claims or to contest + validity of any such claims; this section has the sole purpose + of protecting the integrity of the free software distribution + system which is implemented by public license practices. Many + people have made generous contributions to the wide range of + software distributed through that system in reliance on + consistent application of that system; it is up to the + author/donor to decide if he or she is willing to distribute + software through any other system and a licensee cannot impose + that choice. + </para> + + <para> + This section is intended to make thoroughly clear what is + believed to be a consequence of the rest of this License. + </para> + + <para> + 12. If the distribution and/or use of the Library is restricted + in certain countries either by patents or by copyrighted + interfaces, the original copyright holder who places the Library + under this License may add an explicit geographical distribution + limitation excluding those countries, so that distribution is + permitted only in or among countries not thus excluded. In such + case, this License incorporates the limitation as if written in + the body of this License. + </para> + + <para> + 13. The Free Software Foundation may publish revised and/or new + versions of the Lesser General Public License from time to time. + Such new versions will be similar in spirit to the present + version, but may differ in detail to address new problems or + concerns. + </para> + + <para> + Each version is given a distinguishing version number. If the + Library specifies a version number of this License which applies + to it and "any later version", you have the option of following + the terms and conditions either of that version or of any later + version published by the Free Software Foundation. If the + Library does not specify a license version number, you may + choose any version ever published by the Free Software + Foundation. + </para> + + <para> + 14. If you wish to incorporate parts of the Library into other + free programs whose distribution conditions are incompatible + with these, write to the author to ask for permission. For + software which is copyrighted by the Free Software Foundation, + write to the Free Software Foundation; we sometimes make + exceptions for this. Our decision will be guided by the two + goals of preserving the free status of all derivatives of our + free software and of promoting the sharing and reuse of software + generally. + </para> + + <para> + NO WARRANTY + </para> + + <para> + 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO + WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE + LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT + HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT + WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, + BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE + QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE + LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY + SERVICING, REPAIR OR CORRECTION. + </para> + + <para> + 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO + IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY + MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE + LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, + INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR + INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS + OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY + YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH + ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN + ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + </para> + + <para> + END OF TERMS AND CONDITIONS + </para> + + </sect2> + + <sect2 id="licMPL"> + + <title>Mozilla Public License (MPL)</title> + + <para> + MOZILLA PUBLIC LICENSE Version 1.1 + </para> + + <para> + 1. Definitions. + </para> + + <para> + 1.0.1. "Commercial Use" means distribution or otherwise making + the Covered Code available to a third party. + </para> + + <para> + 1.1. "Contributor" means each entity that creates or contributes + to the creation of Modifications. + </para> + + <para> + 1.2. "Contributor Version" means the combination of the Original + Code, prior Modifications used by a Contributor, and the + Modifications made by that particular Contributor. + </para> + + <para> + 1.3. "Covered Code" means the Original Code or Modifications or + the combination of the Original Code and Modifications, in each + case including portions thereof. + </para> + + <para> + 1.4. "Electronic Distribution Mechanism" means a mechanism + generally accepted in the software development community for the + electronic transfer of data. + </para> + + <para> + 1.5. "Executable" means Covered Code in any form other than + Source Code. + </para> + + <para> + 1.6. "Initial Developer" means the individual or entity + identified as the Initial Developer in the Source Code notice + required by Exhibit A. + </para> + + <para> + 1.7. "Larger Work" means a work which combines Covered Code or + portions thereof with code not governed by the terms of this + License. + </para> + + <para> + 1.8. "License" means this document. + </para> + + <para> + 1.8.1. "Licensable" means having the right to grant, to the + maximum extent possible, whether at the time of the initial + grant or subsequently acquired, any and all of the rights + conveyed herein. + </para> + + <para> + 1.9. "Modifications" means any addition to or deletion from the + substance or structure of either the Original Code or any + previous Modifications. When Covered Code is released as a + series of files, a Modification is: + </para> + + <para> + A. Any addition to or deletion from the contents of a file + containing Original Code or previous Modifications. + </para> + + <para> + B. Any new file that contains any part of the Original Code or + previous Modifications. + </para> + + <para> + 1.10. "Original Code" means Source Code of computer software + code which is described in the Source Code notice required by + Exhibit A as Original Code, and which, at the time of its + release under this License is not already Covered Code governed + by this License. + </para> + + <para> + 1.10.1. "Patent Claims" means any patent claim(s), now owned or + hereafter acquired, including without limitation, method, + process, and apparatus claims, in any patent Licensable by + grantor. + </para> + + <para> + 1.11. "Source Code" means the preferred form of the Covered Code + for making modifications to it, including all modules it + contains, plus any associated interface definition files, + scripts used to control compilation and installation of an + Executable, or source code differential comparisons against + either the Original Code or another well known, available + Covered Code of the Contributor's choice. The Source Code can be + in a compressed or archival form, provided the appropriate + decompression or de-archiving software is widely available for + no charge. + </para> + + <para> + 1.12. "You" (or "Your") means an individual or a legal entity + exercising rights under, and complying with all of the terms of, + this License or a future version of this License issued under + Section 6.1. For legal entities, "You" includes any entity which + controls, is controlled by, or is under common control with You. + For purposes of this definition, "control" means (a) the power, + direct or indirect, to cause the direction or management of such + entity, whether by contract or otherwise, or (b) ownership of + more than fifty percent (50%) of the outstanding shares or + beneficial ownership of such entity. + </para> + + <para> + 2. Source Code License. + </para> + + <para> + 2.1. The Initial Developer Grant. The Initial Developer hereby + grants You a world-wide, royalty-free, non-exclusive license, + subject to third party intellectual property claims: + </para> + + <para> + (a) under intellectual property rights (other than patent or + trademark) Licensable by Initial Developer to use, reproduce, + modify, display, perform, sublicense and distribute the Original + Code (or portions thereof) with or without Modifications, and/or + as part of a Larger Work; and + </para> + + <para> + (b) under Patents Claims infringed by the making, using or + selling of Original Code, to make, have made, use, practice, + sell, and offer for sale, and/or otherwise dispose of the + Original Code (or portions thereof). + </para> + + <para> + (c) the licenses granted in this Section 2.1(a) and (b) are + effective on the date Initial Developer first distributes + Original Code under the terms of this License. + </para> + + <para> + (d) Notwithstanding Section 2.1(b) above, no patent license is + granted: 1) for code that You delete from the Original Code; 2) + separate from the Original Code; or 3) for infringements caused + by: i) the modification of the Original Code or ii) the + combination of the Original Code with other software or devices. + </para> + + <para> + 2.2. Contributor Grant. Subject to third party intellectual + property claims, each Contributor hereby grants You a + world-wide, royalty-free, non-exclusive license + </para> + + <para> + (a) under intellectual property rights (other than patent or + trademark) Licensable by Contributor, to use, reproduce, modify, + display, perform, sublicense and distribute the Modifications + created by such Contributor (or portions thereof) either on an + unmodified basis, with other Modifications, as Covered Code + and/or as part of a Larger Work; and + </para> + + <para> + (b) under Patent Claims infringed by the making, using, or + selling of Modifications made by that Contributor either alone + and/or in combination with its Contributor Version (or portions + of such combination), to make, use, sell, offer for sale, have + made, and/or otherwise dispose of: 1) Modifications made by that + Contributor (or portions thereof); and 2) the combination of + Modifications made by that Contributor with its Contributor + Version (or portions of such combination). + </para> + + <para> + (c) the licenses granted in Sections 2.2(a) and 2.2(b) are + effective on the date Contributor first makes Commercial Use of + the Covered Code. + </para> + + <para> + (d) Notwithstanding Section 2.2(b) above, no patent license is + granted: 1) for any code that Contributor has deleted from the + Contributor Version; 2) separate from the Contributor Version; + 3) for infringements caused by: i) third party modifications of + Contributor Version or ii) the combination of Modifications made + by that Contributor with other software (except as part of the + Contributor Version) or other devices; or 4) under Patent Claims + infringed by Covered Code in the absence of Modifications made + by that Contributor. + </para> + + <para> + 3. Distribution Obligations. + </para> + + <para> + 3.1. Application of License. The Modifications which You create + or to which You contribute are governed by the terms of this + License, including without limitation Section 2.2. The Source + Code version of Covered Code may be distributed only under the + terms of this License or a future version of this License + released under Section 6.1, and You must include a copy of this + License with every copy of the Source Code You distribute. You + may not offer or impose any terms on any Source Code version + that alters or restricts the applicable version of this License + or the recipients' rights hereunder. However, You may include an + additional document offering the additional rights described in + Section 3.5. + </para> + + <para> + 3.2. Availability of Source Code. Any Modification which You + create or to which You contribute must be made available in + Source Code form under the terms of this License either on the + same media as an Executable version or via an accepted + Electronic Distribution Mechanism to anyone to whom you made an + Executable version available; and if made available via + Electronic Distribution Mechanism, must remain available for at + least twelve (12) months after the date it initially became + available, or at least six (6) months after a subsequent version + of that particular Modification has been made available to such + recipients. You are responsible for ensuring that the Source + Code version remains available even if the Electronic + Distribution Mechanism is maintained by a third party. + </para> + + <para> + 3.3. Description of Modifications. You must cause all Covered + Code to which You contribute to contain a file documenting the + changes You made to create that Covered Code and the date of any + change. You must include a prominent statement that the + Modification is derived, directly or indirectly, from Original + Code provided by the Initial Developer and including the name of + the Initial Developer in (a) the Source Code, and (b) in any + notice in an Executable version or related documentation in + which You describe the origin or ownership of the Covered Code. + </para> + + <para> + 3.4. Intellectual Property Matters + </para> + + <para> + (a) Third Party Claims. If Contributor has knowledge that a + license under a third party's intellectual property rights is + required to exercise the rights granted by such Contributor + under Sections 2.1 or 2.2, Contributor must include a text file + with the Source Code distribution titled "LEGAL" which describes + the claim and the party making the claim in sufficient detail + that a recipient will know whom to contact. If Contributor + obtains such knowledge after the Modification is made available + as described in Section 3.2, Contributor shall promptly modify + the LEGAL file in all copies Contributor makes available + thereafter and shall take other steps (such as notifying + appropriate mailing lists or newsgroups) reasonably calculated + to inform those who received the Covered Code that new knowledge + has been obtained. + </para> + + <para> + (b) Contributor APIs. If Contributor's Modifications include an + application programming interface and Contributor has knowledge + of patent licenses which are reasonably necessary to implement + that API, Contributor must also include this information in the + LEGAL file. + </para> + + <para> + 3.5. Required Notices. You must duplicate the notice in Exhibit + A in each file of the Source Code. If it is not possible to put + such notice in a particular Source Code file due to its + structure, then You must include such notice in a location (such + as a relevant directory) where a user would be likely to look + for such a notice. If You created one or more Modification(s) + You may add your name as a Contributor to the notice described + in Exhibit A. You must also duplicate this License in any + documentation for the Source Code where You describe recipients' + rights or ownership rights relating to Covered Code. You may + choose to offer, and to charge a fee for, warranty, support, + indemnity or liability obligations to one or more recipients of + Covered Code. However, You may do so only on Your own behalf, + and not on behalf of the Initial Developer or any Contributor. + You must make it absolutely clear than any such warranty, + support, indemnity or liability obligation is offered by You + alone, and You hereby agree to indemnify the Initial Developer + and every Contributor for any liability incurred by the Initial + Developer or such Contributor as a result of warranty, support, + indemnity or liability terms You offer. + </para> + + <para> + 3.6. Distribution of Executable Versions. You may distribute + Covered Code in Executable form only if the requirements of + Section 3.1-3.5 have been met for that Covered Code, and if You + include a notice stating that the Source Code version of the + Covered Code is available under the terms of this License, + including a description of how and where You have fulfilled the + obligations of Section 3.2. The notice must be conspicuously + included in any notice in an Executable version, related + documentation or collateral in which You describe recipients' + rights relating to the Covered Code. You may distribute the + Executable version of Covered Code or ownership rights under a + license of Your choice, which may contain terms different from + this License, provided that You are in compliance with the terms + of this License and that the license for the Executable version + does not attempt to limit or alter the recipient's rights in the + Source Code version from the rights set forth in this License. + If You distribute the Executable version under a different + license You must make it absolutely clear that any terms which + differ from this License are offered by You alone, not by the + Initial Developer or any Contributor. You hereby agree to + indemnify the Initial Developer and every Contributor for any + liability incurred by the Initial Developer or such Contributor + as a result of any such terms You offer. + </para> + + <para> + 3.7. Larger Works. You may create a Larger Work by combining + Covered Code with other code not governed by the terms of this + License and distribute the Larger Work as a single product. In + such a case, You must make sure the requirements of this License + are fulfilled for the Covered Code. + </para> + + <para> + 4. Inability to Comply Due to Statute or Regulation.If it is + impossible for You to comply with any of the terms of this + License with respect to some or all of the Covered Code due to + statute, judicial order, or regulation then You must: (a) comply + with the terms of this License to the maximum extent possible; + and (b) describe the limitations and the code they affect. Such + description must be included in the LEGAL file described in + Section 3.4 and must be included with all distributions of the + Source Code. Except to the extent prohibited by statute or + regulation, such description must be sufficiently detailed for a + recipient of ordinary skill to be able to understand it. + </para> + + <para> + 5. Application of this License. This License applies to code to + which the Initial Developer has attached the notice in Exhibit A + and to related Covered Code. + </para> + + <para> + 6. Versions of the License. + </para> + + <para> + 6.1. New Versions. Netscape Communications Corporation + ("Netscape") may publish revised and/or new versions of the + License from time to time. Each version will be given a + distinguishing version number. + </para> + + <para> + 6.2. Effect of New Versions. Once Covered Code has been + published under a particular version of the License, You may + always continue to use it under the terms of that version. You + may also choose to use such Covered Code under the terms of any + subsequent version of the License published by Netscape. No one + other than Netscape has the right to modify the terms applicable + to Covered Code created under this License. + </para> + + <para> + 6.3. Derivative Works. If You create or use a modified version + of this License (which you may only do in order to apply it to + code which is not already Covered Code governed by this + License), You must (a) rename Your license so that the phrases + "Mozilla", "MOZILLAPL", "MOZPL", "Netscape", "MPL", "NPL" or any + confusingly similar phrase do not appear in your license (except + to note that your license differs from this License) and (b) + otherwise make it clear that Your version of the license + contains terms which differ from the Mozilla Public License and + Netscape Public License. (Filling in the name of the Initial + Developer, Original Code or Contributor in the notice described + in Exhibit A shall not of themselves be deemed to be + modifications of this License.) + </para> + + <para> + 7. DISCLAIMER OF WARRANTY. + </para> + + <para> + COVERED CODE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, + INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE COVERED CODE + IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE + OR NON-INFRINGING. THE ENTIRE RISK AS TO THE QUALITY AND + PERFORMANCE OF THE COVERED CODE IS WITH YOU. SHOULD ANY COVERED + CODE PROVE DEFECTIVE IN ANY RESPECT, YOU (NOT THE INITIAL + DEVELOPER OR ANY OTHER CONTRIBUTOR) ASSUME THE COST OF ANY + NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF + WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE + OF ANY COVERED CODE IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS + DISCLAIMER. + </para> + + <para> + 8. TERMINATION. + </para> + + <para> + 8.1. This License and the rights granted hereunder will + terminate automatically if You fail to comply with terms herein + and fail to cure such breach within 30 days of becoming aware of + the breach. All sublicenses to the Covered Code which are + properly granted shall survive any termination of this License. + Provisions which, by their nature, must remain in effect beyond + the termination of this License shall survive. + </para> + + <para> + 8.2. If You initiate litigation by asserting a patent + infringement claim (excluding declaratory judgment actions) + against Initial Developer or a Contributor (the Initial + Developer or Contributor against whom You file such action is + referred to as "Participant") alleging that: + </para> + + <para> + (a) such Participant's Contributor Version directly or + indirectly infringes any patent, then any and all rights granted + by such Participant to You under Sections 2.1 and/or 2.2 of this + License shall, upon 60 days notice from Participant terminate + prospectively, unless if within 60 days after receipt of notice + You either: (i) agree in writing to pay Participant a mutually + agreeable reasonable royalty for Your past and future use of + Modifications made by such Participant, or (ii) withdraw Your + litigation claim with respect to the Contributor Version against + such Participant. If within 60 days of notice, a reasonable + royalty and payment arrangement are not mutually agreed upon in + writing by the parties or the litigation claim is not withdrawn, + the rights granted by Participant to You under Sections 2.1 + and/or 2.2 automatically terminate at the expiration of the 60 + day notice period specified above. + </para> + + <para> + (b) any software, hardware, or device, other than such + Participant's Contributor Version, directly or indirectly + infringes any patent, then any rights granted to You by such + Participant under Sections 2.1(b) and 2.2(b) are revoked + effective as of the date You first made, used, sold, + distributed, or had made, Modifications made by that + Participant. + </para> + + <para> + 8.3. If You assert a patent infringement claim against + Participant alleging that such Participant's Contributor Version + directly or indirectly infringes any patent where such claim is + resolved (such as by license or settlement) prior to the + initiation of patent infringement litigation, then the + reasonable value of the licenses granted by such Participant + under Sections 2.1 or 2.2 shall be taken into account in + determining the amount or value of any payment or license. + </para> + + <para> + 8.4. In the event of termination under Sections 8.1 or 8.2 + above, all end user license agreements (excluding distributors + and resellers) which have been validly granted by You or any + distributor hereunder prior to termination shall survive + termination. + </para> + + <para> + 9. LIMITATION OF LIABILITY. UNDER NO CIRCUMSTANCES AND UNDER NO + LEGAL THEORY, WHETHER TORT (INCLUDING NEGLIGENCE), CONTRACT, OR + OTHERWISE, SHALL YOU, THE INITIAL DEVELOPER, ANY OTHER + CONTRIBUTOR, OR ANY DISTRIBUTOR OF COVERED CODE, OR ANY SUPPLIER + OF ANY OF SUCH PARTIES, BE LIABLE TO ANY PERSON FOR ANY + INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY + CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF + GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY + AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES, EVEN IF SUCH PARTY + SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. + THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR + DEATH OR PERSONAL INJURY RESULTING FROM SUCH PARTY'S NEGLIGENCE + TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION. SOME + JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF + INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS EXCLUSION AND + LIMITATION MAY NOT APPLY TO YOU. + </para> + + <para> + 10. U.S. GOVERNMENT END USERS. The Covered Code is a "commercial + item," as that term is defined in 48 C.F.R. 2.101 (Oct. 1995), + consisting of "commercial computer software" and "commercial + computer software documentation," as such terms are used in 48 + C.F.R. 12.212 (Sept. 1995). Consistent with 48 C.F.R. 12.212 and + 48 C.F.R. 227.7202-1 through 227.7202-4 (June 1995), all U.S. + Government End Users acquire Covered Code with only those rights + set forth herein. + </para> + + <para> + 11. MISCELLANEOUS. This License represents the complete + agreement concerning subject matter hereof. If any provision of + this License is held to be unenforceable, such provision shall + be reformed only to the extent necessary to make it enforceable. + This License shall be governed by California law provisions + (except to the extent applicable law, if any, provides + otherwise), excluding its conflict-of-law provisions. With + respect to disputes in which at least one party is a citizen of, + or an entity chartered or registered to do business in the + United States of America, any litigation relating to this + License shall be subject to the jurisdiction of the Federal + Courts of the Northern District of California, with venue lying + in Santa Clara County, California, with the losing party + responsible for costs, including without limitation, court costs + and reasonable attorneys' fees and expenses. The application of + the United Nations Convention on Contracts for the International + Sale of Goods is expressly excluded. Any law or regulation which + provides that the language of a contract shall be construed + against the drafter shall not apply to this License. + </para> + + <para> + 12. RESPONSIBILITY FOR CLAIMS. As between Initial Developer and + the Contributors, each party is responsible for claims and + damages arising, directly or indirectly, out of its utilization + of rights under this License and You agree to work with Initial + Developer and Contributors to distribute such responsibility on + an equitable basis. Nothing herein is intended or shall be + deemed to constitute any admission of liability. + </para> + + <para> + 13. MULTIPLE-LICENSED CODE. Initial Developer may designate + portions of the Covered Code as "Multiple-Licensed". + "Multiple-Licensed" means that the Initial Developer permits you + to utilize portions of the Covered Code under Your choice of the + NPL or the alternative licenses, if any, specified by the + Initial Developer in the file described in Exhibit A. + </para> + + <para> + EXHIBIT A -Mozilla Public License. + </para> + + <para> + ``The contents of this file are subject to the Mozilla Public + License Version 1.1 (the "License"); you may not use this file + except in compliance with the License. You may obtain a copy of + the License at http://www.mozilla.org/MPL/ + </para> + + <para> + Software distributed under the License is distributed on an "AS + IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + implied. See the License for the specific language governing + rights and limitations under the License. + </para> + + <para> + The Original Code is ______________________________________. + </para> + + <para> + The Initial Developer of the Original Code is + ________________________. Portions created by + ______________________ are Copyright (C) ______ + _______________________. All Rights Reserved. + </para> + + <para> + Contributor(s): ______________________________________. + </para> + + <para> + Alternatively, the contents of this file may be used under the + terms of the _____ license (the "[___] License"), in which case + the provisions of [______] License are applicable instead of + those above. If you wish to allow use of your version of this + file only under the terms of the [____] License and not to allow + others to use your version of this file under the MPL, indicate + your decision by deleting the provisions above and replace them + with the notice and other provisions required by the [___] + License. If you do not delete the provisions above, a recipient + may use your version of this file under either the MPL or the + [___] License." + </para> + + <para> + [NOTE: The text of this Exhibit A may differ slightly from the + text of the notices in the Source Code files of the Original + Code. You should use the text of this Exhibit A rather than the + text found in the Original Code Source Code for Your + Modifications.] + </para> + + </sect2> + + <sect2 id="licMIT"> + + <title>MIT License</title> + + <para> + Permission is hereby granted, free of charge, to any person + obtaining a copy of this software and associated documentation + files (the "Software"), to deal in the Software without + restriction, including without limitation the rights to use, + copy, modify, merge, publish, distribute, sublicense, and/or + sell copies of the Software, and to permit persons to whom the + Software is furnished to do so, subject to the following + conditions: + </para> + + <para> + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + </para> + + <para> + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES + OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR + OTHER DEALINGS IN THE SOFTWARE. + </para> + + </sect2> + + <sect2 id="licX11"> + + <title>X Consortium License (X11)</title> + + <para> + Permission is hereby granted, free of charge, to any person + obtaining a copy of this software and associated documentation + files (the "Software"), to deal in the Software without + restriction, including without limitation the rights to use, + copy, modify, merge, publish, distribute, sublicense, and/or + sell copies of the Software, and to permit persons to whom the + Software is furnished to do so, subject to the following + conditions: + </para> + + <para> + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + </para> + + <para> + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES + OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR + OTHER DEALINGS IN THE SOFTWARE. + </para> + + </sect2> + + <sect2 id="licZLIB"> + + <title>zlib License</title> + + <para> + This software is provided 'as-is', without any express or + implied warranty. In no event will the authors be held liable + for any damages arising from the use of this software. + </para> + + <para> + Permission is granted to anyone to use this software for any + purpose, including commercial applications, and to alter it and + redistribute it freely, subject to the following restrictions: + </para> + + <para> + 1. The origin of this software must not be misrepresented; you + must not claim that you wrote the original software. If you use + this software in a product, an acknowledgment in the product + documentation would be appreciated but is not required. + </para> + + <para> + 2. Altered source versions must be plainly marked as such, and + must not be misrepresented as being the original software. + </para> + + <para> + 3. This notice may not be removed or altered from any source + distribution. + </para> + +<screen>Jean-loup Gailly Mark Adler +jloup@gzip.org madler@alumni.caltech.edu</screen> + + </sect2> + + <sect2 id="licSSL"> + + <title>OpenSSL License</title> + + <para> + This package is an SSL implementation written by Eric Young + (eay@cryptsoft.com). The implementation was written so as to + conform with Netscape's SSL. + </para> + + <para> + This library is free for commercial and non-commercial use as + long as the following conditions are adhered to. The following + conditions apply to all code found in this distribution, be it + the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The + SSL documentation included with this distribution is covered by + the same copyright terms except that the holder is Tim Hudson + (tjh@cryptsoft.com). + </para> + + <para> + Copyright remains Eric Young's, and as such any Copyright + notices in the code are not to be removed. If this package is + used in a product, Eric Young should be given attribution as the + author of the parts of the library used. This can be in the form + of a textual message at program startup or in documentation + (online or textual) provided with the package. + </para> + + <para> + Redistribution and use in source and binary forms, with or + without modification, are permitted provided that the following + conditions are met: + </para> + + <para> + 1. Redistributions of source code must retain the copyright + notice, this list of conditions and the following disclaimer. + </para> + + <para> + 2. Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials provided + with the distribution. + </para> + + <para> + 3. All advertising materials mentioning features or use of this + software must display the following acknowledgement: "This + product includes cryptographic software written by Eric Young + (eay@cryptsoft.com)" The word 'cryptographic' can be left out if + the routines from the library being used are not cryptographic + related :-). + </para> + + <para> + 4. If you include any Windows specific code (or a derivative + thereof) from the apps directory (application code) you must + include an acknowledgement: "This product includes software + written by Tim Hudson (tjh@cryptsoft.com)" + </para> + + <para> + THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY + EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, + THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR + OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF + USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING + IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF + THE POSSIBILITY OF SUCH DAMAGE. + </para> + + <para> + The licence and distribution terms for any publicly available + version or derivative of this code cannot be changed. i.e. this + code cannot simply be copied and put under another distribution + licence [including the GNU Public Licence.] + </para> + + </sect2> + + <sect2 id="licSlirp"> + + <title>Slirp License</title> + + <para> + Copyright (c) 1995,1996 Danny Gasparovski. All rights reserved. + </para> + + <para> + Redistribution and use in source and binary forms, with or + without modification, are permitted provided that the following + conditions are met: + </para> + + <para> + 1. Redistributions of source code must retain the above + copyright notice, this list of conditions and the following + disclaimer. + </para> + + <para> + 2. Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials provided + with the distribution. + </para> + + <para> + 3. All advertising materials mentioning features or use of this + software must display the following acknowledgment: This product + includes software developed by Danny Gasparovski. + </para> + + <para> + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL DANNY GASPAROVSKI OR + CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF + USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING + IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF + THE POSSIBILITY OF SUCH DAMAGE. + </para> + + </sect2> + + <sect2 id="licLZF"> + + <title>liblzf License</title> + + <para> + Redistribution and use in source and binary forms, with or + without modification, are permitted provided that the following + conditions are met: + </para> + + <para> + 1. Redistributions of source code must retain the above + copyright notice, this list of conditions and the following + disclaimer. + </para> + + <para> + 2. Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials provided + with the distribution. + </para> + + <para> + 3. The name of the author may not be used to endorse or promote + products derived from this software without specific prior + written permission. + </para> + + <para> + THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY + EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, + THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR + BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING + IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF + THE POSSIBILITY OF SUCH DAMAGE. + </para> + + </sect2> + + <sect2 id="liclibping"> + + <title>libpng License</title> + + <para> + The PNG Reference Library is supplied "AS IS". The Contributing + Authors and Group 42, Inc. disclaim all warranties, expressed or + implied, including, without limitation, the warranties of + merchantability and of fitness for any purpose. The Contributing + Authors and Group 42, Inc. assume no liability for direct, + indirect, incidental, special, exemplary, or consequential + damages, which may result from the use of the PNG Reference + Library, even if advised of the possibility of such damage. + </para> + + <para> + Permission is hereby granted to use, copy, modify, and + distribute this source code, or portions hereof, for any + purpose, without fee, subject to the following restrictions: + </para> + + <para> + 1. The origin of this source code must not be misrepresented. + </para> + + <para> + 2. Altered versions must be plainly marked as such and must not + be misrepresented as being the original source. + </para> + + <para> + 3. This Copyright notice may not be removed or altered from any + source or altered source distribution. + </para> + + <para> + The Contributing Authors and Group 42, Inc. specifically permit, + without fee, and encourage the use of this source code as a + component to supporting the PNG file format in commercial + products. If you use this source code in a product, + acknowledgment is not required but would be appreciated. + </para> + + </sect2> + + <sect2 id="licLWIP"> + + <title>lwIP License</title> + + <para> + Redistribution and use in source and binary forms, with or + without modification, are permitted provided that the following + conditions are met: + </para> + + <para> + 1. Redistributions of source code must retain the above + copyright notice, this list of conditions and the following + disclaimer. + </para> + + <para> + 2. Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials provided + with the distribution. + </para> + + <para> + 3. The name of the author may not be used to endorse or promote + products derived from this software without specific prior + written permission. + </para> + + <para> + THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY + EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, + THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR + BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING + IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF + THE POSSIBILITY OF SUCH DAMAGE. + </para> + + </sect2> + + <sect2 id="licLibXML"> + + <title>libxml License</title> + + <para> + Except where otherwise noted in the source code (e.g. the files + hash.c, list.c and the trio files, which are covered by a + similar licence but with different Copyright notices) all the + files are: + </para> + + <para> + Copyright (C) 1998-2003 Daniel Veillard. All Rights Reserved. + </para> + + <para> + Permission is hereby granted, free of charge, to any person + obtaining a copy of this software and associated documentation + files (the "Software"), to deal in the Software without + restriction, including without limitation the rights to use, + copy, modify, merge, publish, distribute, sublicense, and/or + sell copies of the Software, and to permit persons to whom the + Software is furnished to do so, subject to the following + conditions: + </para> + + <para> + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + </para> + + <para> + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES + OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE DANIEL VEILLARD BE LIABLE + FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE. + </para> + + <para> + Except as contained in this notice, the name of Daniel Veillard + shall not be used in advertising or otherwise to promote the + sale, use or other dealings in this Software without prior + written authorization from him. + </para> + + </sect2> + + <sect2 id="licLibXSLT"> + + <title>libxslt Licenses</title> + + <para> + Licence for libxslt except libexslt: + </para> + + <para> + Copyright (C) 2001-2002 Daniel Veillard. All Rights Reserved. + </para> + + <para> + Permission is hereby granted, free of charge, to any person + obtaining a copy of this software and associated documentation + files (the "Software"), to deal in the Software without + restriction, including without limitation the rights to use, + copy, modify, merge, publish, distribute, sublicense, and/or + sell copies of the Software, and to permit persons to whom the + Software is furnished to do so, subject to the following + conditions: + </para> + + <para> + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + </para> + + <para> + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES + OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE DANIEL VEILLARD BE LIABLE + FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE. + </para> + + <para> + Except as contained in this notice, the name of Daniel Veillard + shall not be used in advertising or otherwise to promote the + sale, use or other dealings in this Software without prior + written authorization from him. + </para> + + <para> + Licence for libexslt: + </para> + + <para> + Copyright (C) 2001-2002 Thomas Broyer, Charlie Bozeman and + Daniel Veillard. All Rights Reserved. + </para> + + <para> + Permission is hereby granted, free of charge, to any person + obtaining a copy of this software and associated documentation + files (the "Software"), to deal in the Software without + restriction, including without limitation the rights to use, + copy, modify, merge, publish, distribute, sublicense, and/or + sell copies of the Software, and to permit persons to whom the + Software is furnished to do so, subject to the following + conditions: + </para> + + <para> + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + </para> + + <para> + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES + OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY + CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF + CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE. + </para> + + <para> + Except as contained in this notice, the name of the authors + shall not be used in advertising or otherwise to promote the + sale, use or other dealings in this Software without prior + written authorization from him. + </para> + + </sect2> + + <sect2 id="licgSOAP"> + + <title>gSOAP Public License Version 1.3a</title> + + <para> + The gSOAP public license is derived from the Mozilla Public + License (MPL1.1). The sections that were deleted from the + original MPL1.1 text are 1.0.1, 2.1.(c),(d), 2.2.(c),(d), + 8.2.(b), 10, and 11. Section 3.8 was added. The modified + sections are 2.1.(b), 2.2.(b), 3.2 (simplified), 3.5 (deleted + the last sentence), and 3.6 (simplified). + </para> + + <para> + 1 DEFINITIONS + </para> + + <para> + 1.1. "Contributor" means each entity that creates or contributes + to the creation of Modifications. + </para> + + <para> + 1.2. "Contributor Version" means the combination of the Original + Code, prior Modifications used by a Contributor, and the + Modifications made by that particular Contributor. + </para> + + <para> + 1.3. "Covered Code" means the Original Code, or Modifications or + the combination of the Original Code, and Modifications, in each + case including portions thereof. + </para> + + <para> + 1.4. "Electronic Distribution Mechanism" means a mechanism + generally accepted in the software development community for the + electronic transfer of data. + </para> + + <para> + 1.5. "Executable" means Covered Code in any form other than + Source Code. + </para> + + <para> + 1.6. "Initial Developer" means the individual or entity + identified as the Initial Developer in the Source Code notice + required by Exhibit A. + </para> + + <para> + 1.7. "Larger Work" means a work which combines Covered Code or + portions thereof with code not governed by the terms of this + License. + </para> + + <para> + 1.8. "License" means this document. + </para> + + <para> + 1.8.1. "Licensable" means having the right to grant, to the + maximum extent possible, whether at the time of the initial + grant or subsequently acquired, any and all of the rights + conveyed herein. + </para> + + <para> + 1.9. "Modifications" means any addition to or deletion from the + substance or structure of either the Original Code or any + previous Modifications. When Covered Code is released as a + series of files, a Modification is: + </para> + + <para> + A. Any addition to or deletion from the contents of a file + containing Original Code or previous Modifications. + </para> + + <para> + B. Any new file that contains any part of the Original Code, or + previous Modifications. + </para> + + <para> + 1.10. "Original Code" means Source Code of computer software + code which is described in the Source Code notice required by + Exhibit A as Original Code, and which, at the time of its + release under this License is not already Covered Code governed + by this License. + </para> + + <para> + 1.10.1. "Patent Claims" means any patent claim(s), now owned or + hereafter acquired, including without limitation, method, + process, and apparatus claims, in any patent Licensable by + grantor. + </para> + + <para> + 1.11. "Source Code" means the preferred form of the Covered Code + for making modifications to it, including all modules it + contains, plus any associated interface definition files, + scripts used to control compilation and installation of an + Executable, or source code differential comparisons against + either the Original Code or another well known, available + Covered Code of the Contributor's choice. The Source Code can be + in a compressed or archival form, provided the appropriate + decompression or de-archiving software is widely available for + no charge. + </para> + + <para> + 1.12. "You" (or "Your") means an individual or a legal entity + exercising rights under, and complying with all of the terms of, + this License or a future version of this License issued under + Section 6.1. For legal entities, "You" includes any entity which + controls, is controlled by, or is under common control with You. + For purposes of this definition, "control" means (a) the power, + direct or indirect, to cause the direction or management of such + entity, whether by contract or otherwise, or (b) ownership of + more than fifty percent (50%) of the outstanding shares or + beneficial ownership of such entity. + </para> + + <para> + 2 SOURCE CODE LICENSE. + </para> + + <para> + 2.1. The Initial Developer Grant. + </para> + + <para> + The Initial Developer hereby grants You a world-wide, + royalty-free, non-exclusive license, subject to third party + intellectual property claims: + </para> + + <para> + (a) under intellectual property rights (other than patent or + trademark) Licensable by Initial Developer to use, reproduce, + modify, display, perform, sublicense and distribute the Original + Code (or portions thereof) with or without Modifications, and/or + as part of a Larger Work; and + </para> + + <para> + (b) under patents now or hereafter owned or controlled by + Initial Developer, to make, have made, use and sell ("offer to + sell and import") the Original Code, Modifications, or portions + thereof, but solely to the extent that any such patent is + reasonably necessary to enable You to utilize, alone or in + combination with other software, the Original Code, + Modifications, or any combination or portions thereof. + </para> + + <para> + (c) + </para> + + <para> + (d) + </para> + + <para> + 2.2. Contributor Grant. + </para> + + <para> + Subject to third party intellectual property claims, each + Contributor hereby grants You a world-wide, royalty-free, + non-exclusive license + </para> + + <para> + (a) under intellectual property rights (other than patent or + trademark) Licensable by Contributor, to use, reproduce, modify, + display, perform, sublicense and distribute the Modifications + created by such Contributor (or portions thereof) either on an + unmodified basis, with other Modifications, as Covered Code + and/or as part of a Larger Work; and + </para> + + <para> + (b) under patents now or hereafter owned or controlled by + Contributor, to make, have made, use and sell ("offer to sell + and import") the Contributor Version (or portions thereof), but + solely to the extent that any such patent is reasonably + necessary to enable You to utilize, alone or in combination with + other software, the Contributor Version (or portions thereof). + </para> + + <para> + (c) + </para> + + <para> + (d) + </para> + + <para> + 3 DISTRIBUTION OBLIGATIONS. + </para> + + <para> + 3.1. Application of License. + </para> + + <para> + The Modifications which You create or to which You contribute + are governed by the terms of this License, including without + limitation Section 2.2. The Source Code version of Covered Code + may be distributed only under the terms of this License or a + future version of this License released under Section 6.1, and + You must include a copy of this License with every copy of the + Source Code You distribute. You may not offer or impose any + terms on any Source Code version that alters or restricts the + applicable version of this License or the recipients' rights + hereunder. However, You may include an additional document + offering the additional rights described in Section 3.5. + </para> + + <para> + 3.2. Availability of Source Code. + </para> + + <para> + Any Modification created by You will be provided to the Initial + Developer in Source Code form and are subject to the terms of + the License. 3.3. Description of Modifications. + </para> + + <para> + You must cause all Covered Code to which You contribute to + contain a file documenting the changes You made to create that + Covered Code and the date of any change. You must include a + prominent statement that the Modification is derived, directly + or indirectly, from Original Code provided by the Initial + Developer and including the name of the Initial Developer in (a) + the Source Code, and (b) in any notice in an Executable version + or related documentation in which You describe the origin or + ownership of the Covered Code. + </para> + + <para> + 3.4. Intellectual Property Matters. + </para> + + <para> + (a) Third Party Claims. If Contributor has knowledge that a + license under a third party's intellectual property rights is + required to exercise the rights granted by such Contributor + under Sections 2.1 or 2.2, Contributor must include a text file + with the Source Code distribution titled "LEGAL" which describes + the claim and the party making the claim in sufficient detail + that a recipient will know whom to contact. If Contributor + obtains such knowledge after the Modification is made available + as described in Section 3.2, Contributor shall promptly modify + the LEGAL file in all copies Contributor makes available + thereafter and shall take other steps (such as notifying + appropriate mailing lists or newsgroups) reasonably calculated + to inform those who received the Covered Code that new knowledge + has been obtained. + </para> + + <para> + (b) Contributor APIs. If Contributor's Modifications include an + application programming interface and Contributor has knowledge + of patent licenses which are reasonably necessary to implement + that API, Contributor must also include this information in the + LEGAL file. + </para> + + <para> + (c) Representations. Contributor represents that, except as + disclosed pursuant to Section 3.4(a) above, Contributor believes + that Contributor's Modifications are Contributor's original + creation(s) and/or Contributor has sufficient rights to grant + the rights conveyed by this License. + </para> + + <para> + 3.5. Required Notices. You must duplicate the notice in Exhibit + A in each file of the Source Code. If it is not possible to put + such notice in a particular Source Code file due to its + structure, then You must include such notice in a location (such + as a relevant directory) where a user would be likely to look + for such a notice. If You created one or more Modification(s) + You may add your name as a Contributor to the notice described + in Exhibit A. You must also duplicate this License in any + documentation for the Source Code where You describe recipients' + rights or ownership rights relating to Covered Code. You may + choose to offer, and to charge a fee for, warranty, support, + indemnity or liability obligations to one or more recipients of + Covered Code. However, You may do so only on Your own behalf, + and not on behalf of the Initial Developer or any Contributor. + </para> + + <para> + 3.6. Distribution of Executable Versions. You may distribute + Covered Code in Executable form only if the requirements of + Section 3.1-3.5 have been met for that Covered Code. You may + distribute the Executable version of Covered Code or ownership + rights under a license of Your choice, which may contain terms + different from this License, provided that You are in compliance + with the terms of this License and that the license for the + Executable version does not attempt to limit or alter the + recipient's rights in the Source Code version from the rights + set forth in this License. If You distribute the Executable + version under a different license You must make it absolutely + clear that any terms which differ from this License are offered + by You alone, not by the Initial Developer or any Contributor. + If you distribute executable versions containing Covered Code as + part of a product, you must reproduce the notice in Exhibit B in + the documentation and/or other materials provided with the + product. + </para> + + <para> + 3.7. Larger Works. You may create a Larger Work by combining + Covered Code with other code not governed by the terms of this + License and distribute the Larger Work as a single product. In + such a case, You must make sure the requirements of this License + are fulfilled for the Covered Code. + </para> + + <para> + 3.8. Restrictions. You may not remove any product + identification, copyright, proprietary notices or labels from + gSOAP. + </para> + + <para> + 4 INABILITY TO COMPLY DUE TO STATUTE OR REGULATION. + </para> + + <para> + If it is impossible for You to comply with any of the terms of + this License with respect to some or all of the Covered Code due + to statute, judicial order, or regulation then You must: (a) + comply with the terms of this License to the maximum extent + possible; and (b) describe the limitations and the code they + affect. Such description must be included in the LEGAL file + described in Section 3.4 and must be included with all + distributions of the Source Code. Except to the extent + prohibited by statute or regulation, such description must be + sufficiently detailed for a recipient of ordinary skill to be + able to understand it. + </para> + + <para> + 5 APPLICATION OF THIS LICENSE. + </para> + + <para> + This License applies to code to which the Initial Developer has + attached the notice in Exhibit A and to related Covered Code. + </para> + + <para> + 6 VERSIONS OF THE LICENSE. + </para> + + <para> + 6.1. New Versions. + </para> + + <para> + Grantor may publish revised and/or new versions of the License + from time to time. Each version will be given a distinguishing + version number. + </para> + + <para> + 6.2. Effect of New Versions. + </para> + + <para> + Once Covered Code has been published under a particular version + of the License, You may always continue to use it under the + terms of that version. You may also choose to use such Covered + Code under the terms of any subsequent version of the License. + </para> + + <para> + 6.3. Derivative Works. + </para> + + <para> + If You create or use a modified version of this License (which + you may only do in order to apply it to code which is not + already Covered Code governed by this License), You must (a) + rename Your license so that the phrase "gSOAP" or any + confusingly similar phrase do not appear in your license (except + to note that your license differs from this License) and (b) + otherwise make it clear that Your version of the license + contains terms which differ from the gSOAP Public License. + (Filling in the name of the Initial Developer, Original Code or + Contributor in the notice described in Exhibit A shall not of + themselves be deemed to be modifications of this License.) + </para> + + <para> + 7 DISCLAIMER OF WARRANTY. + </para> + + <para> + COVERED CODE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED OR + STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES + OF MERCHANTABILITY, OF FITNESS FOR A PARTICULAR PURPOSE, + NONINFRINGEMENT OF THIRD PARTY INTELLECTUAL PROPERTY RIGHTS, AND + ANY WARRANTY THAT MAY ARISE BY REASON OF TRADE USAGE, CUSTOM, OR + COURSE OF DEALING. WITHOUT LIMITING THE FOREGOING, YOU + ACKNOWLEDGE THAT THE SOFTWARE IS PROVIDED "AS IS" AND THAT THE + AUTHORS DO NOT WARRANT THE SOFTWARE WILL RUN UNINTERRUPTED OR + ERROR FREE. LIMITED LIABILITY THE ENTIRE RISK AS TO RESULTS AND + PERFORMANCE OF THE SOFTWARE IS ASSUMED BY YOU. UNDER NO + CIRCUMSTANCES WILL THE AUTHORS BE LIABLE FOR ANY SPECIAL, + INDIRECT, INCIDENTAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES OF ANY + KIND OR NATURE WHATSOEVER, WHETHER BASED ON CONTRACT, WARRANTY, + TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, + ARISING OUT OF OR IN ANY WAY RELATED TO THE SOFTWARE, EVEN IF + THE AUTHORS HAVE BEEN ADVISED ON THE POSSIBILITY OF SUCH DAMAGE + OR IF SUCH DAMAGE COULD HAVE BEEN REASONABLY FORESEEN, AND + NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY + EXCLUSIVE REMEDY PROVIDED. SUCH LIMITATION ON DAMAGES INCLUDES, + BUT IS NOT LIMITED TO, DAMAGES FOR LOSS OF GOODWILL, LOST + PROFITS, LOSS OF DATA OR SOFTWARE, WORK STOPPAGE, COMPUTER + FAILURE OR MALFUNCTION OR IMPAIRMENT OF OTHER GOODS. IN NO EVENT + WILL THE AUTHORS BE LIABLE FOR THE COSTS OF PROCUREMENT OF + SUBSTITUTE SOFTWARE OR SERVICES. YOU ACKNOWLEDGE THAT THIS + SOFTWARE IS NOT DESIGNED FOR USE IN ON-LINE EQUIPMENT IN + HAZARDOUS ENVIRONMENTS SUCH AS OPERATION OF NUCLEAR FACILITIES, + AIRCRAFT NAVIGATION OR CONTROL, OR LIFE-CRITICAL APPLICATIONS. + THE AUTHORS EXPRESSLY DISCLAIM ANY LIABILITY RESULTING FROM USE + OF THE SOFTWARE IN ANY SUCH ON-LINE EQUIPMENT IN HAZARDOUS + ENVIRONMENTS AND ACCEPTS NO LIABILITY IN RESPECT OF ANY ACTIONS + OR CLAIMS BASED ON THE USE OF THE SOFTWARE IN ANY SUCH ON-LINE + EQUIPMENT IN HAZARDOUS ENVIRONMENTS BY YOU. FOR PURPOSES OF THIS + PARAGRAPH, THE TERM "LIFE-CRITICAL APPLICATION" MEANS AN + APPLICATION IN WHICH THE FUNCTIONING OR MALFUNCTIONING OF THE + SOFTWARE MAY RESULT DIRECTLY OR INDIRECTLY IN PHYSICAL INJURY OR + LOSS OF HUMAN LIFE. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN + ESSENTIAL PART OF THIS LICENSE. NO USE OF ANY COVERED CODE IS + AUTHORIZED HEREUNDER EXCEPT UNDER THIS DISCLAIMER. + </para> + + <para> + 8 TERMINATION. + </para> + + <para> + 8.1. + </para> + + <para> + This License and the rights granted hereunder will terminate + automatically if You fail to comply with terms herein and fail + to cure such breach within 30 days of becoming aware of the + breach. All sublicenses to the Covered Code which are properly + granted shall survive any termination of this License. + Provisions which, by their nature, must remain in effect beyond + the termination of this License shall survive. + </para> + + <para> + 8.2. + </para> + + <para> + 8.3. + </para> + + <para> + If You assert a patent infringement claim against Participant + alleging that such Participant's Contributor Version directly or + indirectly infringes any patent where such claim is resolved + (such as by license or settlement) prior to the initiation of + patent infringement litigation, then the reasonable value of the + licenses granted by such Participant under Sections 2.1 or 2.2 + shall be taken into account in determining the amount or value + of any payment or license. + </para> + + <para> + 8.4. In the event of termination under Sections 8.1 or 8.2 + above, all end user license agreements (excluding distributors + and resellers) which have been validly granted by You or any + distributor hereunder prior to termination shall survive + termination. + </para> + + <para> + 9 LIMITATION OF LIABILITY. + </para> + + <para> + UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER TORT + (INCLUDING NEGLIGENCE), CONTRACT, OR OTHERWISE, SHALL YOU, THE + INITIAL DEVELOPER, ANY OTHER CONTRIBUTOR, OR ANY DISTRIBUTOR OF + COVERED CODE, OR ANY SUPPLIER OF ANY OF SUCH PARTIES, BE LIABLE + TO ANY PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR + CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT + LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, + COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER COMMERCIAL + DAMAGES OR LOSSES, EVEN IF SUCH PARTY SHALL HAVE BEEN INFORMED + OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF LIABILITY + SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY + RESULTING FROM SUCH PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE + LAW PROHIBITS SUCH LIMITATION. SOME JURISDICTIONS DO NOT ALLOW + THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL + DAMAGES, SO THIS EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. + </para> + + <para> + 10 U.S. GOVERNMENT END USERS. + </para> + + <para> + 11 MISCELLANEOUS. + </para> + + <para> + 12 RESPONSIBILITY FOR CLAIMS. + </para> + + <para> + As between Initial Developer and the Contributors, each party is + responsible for claims and damages arising, directly or + indirectly, out of its utilization of rights under this License + and You agree to work with Initial Developer and Contributors to + distribute such responsibility on an equitable basis. Nothing + herein is intended or shall be deemed to constitute any + admission of liability. + </para> + + <para> + EXHIBIT A. + </para> + + <para> + "The contents of this file are subject to the gSOAP Public + License Version 1.3 (the "License"); you may not use this file + except in compliance with the License. You may obtain a copy of + the License at + <ulink + url="http://www.cs.fsu.edu/~engelen/soaplicense.html">http://www.cs.fsu.edu/~engelen/soaplicense.html</ulink>. + Software distributed under the License is distributed on an "AS + IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + implied. See the License for the specific language governing + rights and limitations under the License. + </para> + + <para> + The Original Code of the gSOAP Software is: stdsoap.h, + stdsoap2.h, stdsoap.c, stdsoap2.c, stdsoap.cpp, stdsoap2.cpp, + soapcpp2.h, soapcpp2.c, soapcpp2_lex.l, soapcpp2_yacc.y, + error2.h, error2.c, symbol2.c, init2.c, soapdoc2.html, and + soapdoc2.pdf, httpget.h, httpget.c, stl.h, stldeque.h, + stllist.h, stlvector.h, stlset.h. + </para> + + <para> + The Initial Developer of the Original Code is Robert A. van + Engelen. Portions created by Robert A. van Engelen are Copyright + (C) 2001-2004 Robert A. van Engelen, Genivia inc. All Rights + Reserved. + </para> + + <para> + Contributor(s): "________________________." [Note: The text of + this Exhibit A may differ slightly form the text of the notices + in the Source Code files of the Original code. You should use + the text of this Exhibit A rather than the text found in the + Original Code Source Code for Your Modifications.] + </para> + + <para> + EXHIBIT B. + </para> + + <para> + "Part of the software embedded in this product is gSOAP + software. Portions created by gSOAP are Copyright (C) 2001-2004 + Robert A. van Engelen, Genivia inc. All Rights Reserved. THE + SOFTWARE IN THIS PRODUCT WAS IN PART PROVIDED BY GENIVIA INC AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR + BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING + IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF + THE POSSIBILITY OF SUCH DAMAGE." + </para> + + </sect2> + + <sect2 id="licChromium"> + + <title>Chromium Licenses</title> + + <sect3> + + <title>Main License</title> + + <para> + Copyright (c) 2002, Stanford University All rights reserved. + </para> + + <para> + Some portions of Chromium are copyrighted by individiual + organizations. Please see the files COPYRIGHT.LLNL and + COPYRIGHT.REDHAT for more information. + </para> + + <para> + Redistribution and use in source and binary forms, with or + without modification, are permitted provided that the + following conditions are met: + </para> + + <itemizedlist> + + <listitem> + <para> + Redistributions of source code must retain the above + copyright notice, this list of conditions and the + following disclaimer. + </para> + </listitem> + + <listitem> + <para> + Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the + following disclaimer in the documentation and/or other + materials provided with the distribution. + </para> + </listitem> + + <listitem> + <para> + Neither the name of Stanford University nor the names of + its contributors may be used to endorse or promote + products derived from this software without specific prior + written permission. + </para> + </listitem> + + </itemizedlist> + + <para> + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + </para> + + </sect3> + + <sect3> + + <title>COPYRIGHT.LLNL File</title> + + <para> + This Chromium distribution contains information and code which + is covered under the following notice: + </para> + + <para> + Copyright (c) 2002, The Regents of the University of + California. Produced at the Lawrence Livermore National + Laboratory For details, contact: Randall Frank + (rjfrank@llnl.gov). UCRL-CODE-2002-058 All rights reserved. + </para> + + <para> + This file is part of Chromium. For details, see accompanying + documentation. + </para> + + <para> + Redistribution and use in source and binary forms, with or + without modification, are permitted provided that the + following conditions are met: + </para> + + <para> + Redistributions of source code must retain the above copyright + notice, this list of conditions and the disclaimer below. + </para> + + <para> + Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the disclaimer + (as noted below) in the documentation and/or other materials + provided with the distribution. + </para> + + <para> + Neither the name of the UC/LLNL nor the names of its + contributors may be used to endorse or promote products + derived from this software without specific prior written + permission. + </para> + + <para> + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE REGENTS OF THE UNIVERSITY OF + CALIFORNIA, THE U.S. DEPARTMENT OF ENERGY OR CONTRIBUTORS BE + LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + </para> + + <para> + Additional BSD Notice + </para> + + <para> + 1. This notice is required to be provided under our contract + with the U.S. Department of Energy (DOE). This work was + produced at the University of California, Lawrence Livermore + National Laboratory under Contract No. W-7405-ENG-48 with the + DOE. + </para> + + <para> + 2. Neither the United States Government nor the University of + California nor any of their employees, makes any warranty, + express or implied, or assumes any liability or responsibility + for the accuracy, completeness, or usefulness of any + information, apparatus, product, or process disclosed, or + represents that its use would not infringe privately-owned + rights. + </para> + + <para> + 3. Also, reference herein to any specific commercial products, + process, or services by trade name, trademark, manufacturer or + otherwise does not necessarily constitute or imply its + endorsement, recommendation, or favoring by the United States + Government or the University of California. The views and + opinions of authors expressed herein do not necessarily state + or reflect those of the United States Government or the + University of California, and shall not be used for + advertising or product endorsement purposes. + </para> + + </sect3> + + <sect3> + + <title>COPYRIGHT.REDHAT File</title> + + <para> + This Chromium distribution contains information and code which + is covered under the following notice: + </para> + + <para> + Copyright 2001,2002 Red Hat Inc., Durham, North Carolina. + </para> + + <para> + All Rights Reserved. + </para> + + <para> + Permission is hereby granted, free of charge, to any person + obtaining a copy of this software and associated documentation + files (the "Software"), to deal in the Software without + restriction, including without limitation on the rights to + use, copy, modify, merge, publish, distribute, sublicense, + and/or sell copies of the Software, and to permit persons to + whom the Software is furnished to do so, subject to the + following conditions: + </para> + + <para> + The above copyright notice and this permission notice + (including the next paragraph) shall be included in all copies + or substantial portions of the Software. + </para> + + <para> + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY + KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE + WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL RED HAT AND/OR + THEIR SUPPLIERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR + OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + </para> + + </sect3> + + </sect2> + + <sect2 id="licLibCurl"> + + <title>curl License</title> + + <para> + COPYRIGHT AND PERMISSION NOTICE + </para> + + <para> + Copyright (c) 1996 - 2009, Daniel Stenberg, daniel@haxx.se. + </para> + + <para> + All rights reserved. + </para> + + <para> + Permission to use, copy, modify, and distribute this software + for any purpose with or without fee is hereby granted, provided + that the above copyright notice and this permission notice + appear in all copies. + </para> + + <para> + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES + OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR + OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR + OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + </para> + + <para> + Except as contained in this notice, the name of a copyright + holder shall not be used in advertising or otherwise to promote + the sale, use or other dealings in this Software without prior + written authorization of the copyright holder. + </para> + + </sect2> + + <sect2 id="licLibgd"> + + <title>libgd License</title> + + <para> + Portions copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, + 2001, 2002 by Cold Spring Harbor Laboratory. Funded under Grant + P41-RR02188 by the National Institutes of Health. + </para> + + <para> + Portions copyright 1996, 1997, 1998, 1999, 2000, 2001, 2002 by + Boutell.Com, Inc. + </para> + + <para> + Portions relating to GD2 format copyright 1999, 2000, 2001, 2002 + Philip Warner. + </para> + + <para> + Portions relating to PNG copyright 1999, 2000, 2001, 2002 Greg + Roelofs. + </para> + + <para> + Portions relating to gdttf.c copyright 1999, 2000, 2001, 2002 + John Ellson (ellson@lucent.com). + </para> + + <para> + Portions relating to gdft.c copyright 2001, 2002 John Ellson + (ellson@lucent.com). + </para> + + <para> + Portions copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, + 2007 Pierre-Alain Joye (pierre@libgd.org). + </para> + + <para> + Portions relating to JPEG and to color quantization copyright + 2000, 2001, 2002, Doug Becker and copyright (C) 1994, 1995, + 1996, 1997, 1998, 1999, 2000, 2001, 2002, Thomas G. Lane. This + software is based in part on the work of the Independent JPEG + Group. See the file README-JPEG.TXT for more information. + </para> + + <para> + Portions relating to WBMP copyright 2000, 2001, 2002 Maurice + Szmurlo and Johan Van den Brande. + </para> + + <para> + Permission has been granted to copy, distribute and modify gd in + any context without fee, including a commercial application, + provided that this notice is present in user-accessible + supporting documentation. + </para> + + <para> + This does not affect your ownership of the derived work itself, + and the intent is to assure proper credit for the authors of gd, + not to interfere with your productive use of gd. If you have + questions, ask. "Derived works" includes all programs that + utilize the library. Credit must be given in user-accessible + documentation. + </para> + + <para> + This software is provided "AS IS." The copyright holders + disclaim all warranties, either express or implied, including + but not limited to implied warranties of merchantability and + fitness for a particular purpose, with respect to this code and + accompanying documentation. + </para> + + <para> + Although their code does not appear in gd, the authors wish to + thank David Koblas, David Rowley, and Hutchison Avenue Software + Corporation for their prior contributions. + </para> + + </sect2> + + <sect2 id="licBsdIntel"> + + <title>BSD License from Intel</title> + + <para> + All rights reserved. + </para> + + <para> + Redistribution and use in source and binary forms, with or + without modification, are permitted provided that the following + conditions are met: + </para> + + <itemizedlist> + + <listitem> + <para> + Redistributions of source code must retain the above + copyright notice, this list of conditions and the following + disclaimer. + </para> + </listitem> + + <listitem> + <para> + Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials + provided with the distribution. + </para> + </listitem> + + <listitem> + <para> + Neither the name of the Intel Corporation nor the names of + its contributors may be used to endorse or promote products + derived from this software without specific prior written + permission. + </para> + </listitem> + + </itemizedlist> + + <para> + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF + USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING + IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF + THE POSSIBILITY OF SUCH DAMAGE. + </para> + + </sect2> + + <sect2 id="licJPEG"> + + <title>libjpeg License</title> + + <para> + The authors make NO WARRANTY or representation, either express + or implied, with respect to this software, its quality, + accuracy, merchantability, or fitness for a particular purpose. + This software is provided "AS IS", and you, its user, assume the + entire risk as to its quality and accuracy. + </para> + + <para> + This software is copyright (C) 1991-2010, Thomas G. Lane, Guido + Vollbeding. All Rights Reserved except as specified below. + </para> + + <para> + Permission is hereby granted to use, copy, modify, and + distribute this software (or portions thereof) for any purpose, + without fee, subject to these conditions: + </para> + + <para> + (1) If any part of the source code for this software is + distributed, then this README file must be included, with this + copyright and no-warranty notice unaltered; and any additions, + deletions, or changes to the original files must be clearly + indicated in accompanying documentation. + </para> + + <para> + (2) If only executable code is distributed, then the + accompanying documentation must state that "this software is + based in part on the work of the Independent JPEG Group". + </para> + + <para> + (3) Permission for use of this software is granted only if the + user accepts full responsibility for any undesirable + consequences; the authors accept NO LIABILITY for damages of any + kind. + </para> + + <para> + These conditions apply to any software derived from or based on + the IJG code, not just to the unmodified library. If you use our + work, you ought to acknowledge us. + </para> + + <para> + Permission is NOT granted for the use of any IJG author's name + or company name in advertising or publicity relating to this + software or products derived from it. This software may be + referred to only as "the Independent JPEG Group's software". + </para> + + <para> + We specifically permit and encourage the use of this software as + the basis of commercial products, provided that all warranty or + liability claims are assumed by the product vendor. + </para> + + <para> + ansi2knr.c is included in this distribution by permission of L. + Peter Deutsch, sole proprietor of its copyright holder, Aladdin + Enterprises of Menlo Park, CA. ansi2knr.c is NOT covered by the + above copyright and conditions, but instead by the usual + distribution terms of the Free Software Foundation; principally, + that you must include source code if you redistribute it. (See + the file ansi2knr.c for full details.) However, since ansi2knr.c + is not needed as part of any program generated from the IJG + code, this does not limit you more than the foregoing paragraphs + do. + </para> + + <para> + The Unix configuration script "configure" was produced with GNU + Autoconf. It is copyright by the Free Software Foundation but is + freely distributable. The same holds for its supporting scripts + (config.guess, config.sub, ltmain.sh). Another support script, + install-sh, is copyright by X Consortium but is also freely + distributable. + </para> + + <para> + The IJG distribution formerly included code to read and write + GIF files. To avoid entanglement with the Unisys LZW patent, GIF + reading support has been removed altogether, and the GIF writer + has been simplified to produce "uncompressed GIFs". This + technique does not use the LZW algorithm; the resulting GIF + files are larger than usual, but are readable by all standard + GIF decoders. + </para> + + <para> + We are required to state that + </para> + + <para> + "The Graphics Interchange Format(c) is the Copyright property of + CompuServe Incorporated. GIF(sm) is a Service Mark property of + CompuServe Incorporated." + </para> + + </sect2> + + <sect2 id="licJPEGSIMD"> + + <title>x86 SIMD Extension for IJG JPEG Library License</title> + + <para> + Copyright 2009 Pierre Ossman <ossman@cendio.se> for Cendio + AB + </para> + + <para> + Copyright 2010 D. R. Commander + </para> + + <para> + Based on + </para> + + <para> + x86 SIMD extension for IJG JPEG library - version 1.02 + </para> + + <para> + Copyright (C) 1999-2006, MIYASAKA Masaru. + </para> + + <para> + This software is provided 'as-is', without any express or + implied warranty. In no event will the authors be held liable + for any damages arising from the use of this software. + </para> + + <para> + Permission is granted to anyone to use this software for any + purpose, including commercial applications, and to alter it and + redistribute it freely, subject to the following restrictions: + </para> + + <para> + 1. The origin of this software must not be misrepresented; you + must not claim that you wrote the original software. If you use + this software in a product, an acknowledgment in the product + documentation would be appreciated but is not required. + </para> + + <para> + 2. Altered source versions must be plainly marked as such, and + must not be misrepresented as being the original software. + </para> + + <para> + 3. This notice may not be removed or altered from any source + distribution. + </para> + + </sect2> + + <sect2 id="licFreeBsd"> + + <title>FreeBSD License</title> + + <para> + The compilation of software known as FreeBSD is distributed + under the following terms: + </para> + + <para> + Copyright (c) 1992-2009 The FreeBSD Project. All rights + reserved. + </para> + + <para> + Redistribution and use in source and binary forms, with or + without modification, are permitted provided that the following + conditions are met: + </para> + + <orderedlist> + + <listitem> + <para> + Redistributions of source code must retain the above + copyright notice, this list of conditions and the following + disclaimer. + </para> + </listitem> + + <listitem> + <para> + Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials + provided with the distribution. + </para> + </listitem> + + </orderedlist> + + <para> + THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS + IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND + FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT + SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + </para> + + </sect2> + + <sect2 id="licNetBsd"> + + <title>NetBSD License</title> + + <para> + Copyright (c) 1992, 1993 The Regents of the University of + California. All rights reserved. + </para> + + <para> + This software was developed by the Computer Systems Engineering + group at Lawrence Berkeley Laboratory under DARPA contract BG + 91-66 and contributed to Berkeley. + </para> + + <para> + Redistribution and use in source and binary forms, with or + without modification, are permitted provided that the following + conditions are met: + </para> + + <orderedlist> + + <listitem> + <para> + Redistributions of source code must retain the above + copyright notice, this list of conditions and the following + disclaimer. + </para> + </listitem> + + <listitem> + <para> + Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials + provided with the distribution. + </para> + </listitem> + + <listitem> + <para> + Neither the name of the University nor the names of its + contributors may be used to endorse or promote products + derived from this software without specific prior written + permission. + </para> + </listitem> + + </orderedlist> + + <para> + THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS + IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND + FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT + SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + </para> + + </sect2> + + <sect2 id="licPcre"> + + <title>PCRE License</title> + + <para> + PCRE is a library of functions to support regular expressions + whose syntax and semantics are as close as possible to those of + the Perl 5 language. + </para> + + <para> + Release 8 of PCRE is distributed under the terms of the "BSD" + licence, as specified below. The documentation for PCRE, + supplied in the "doc" directory, is distributed under the same + terms as the software itself. + </para> + + <para> + The basic library functions are written in C and are + freestanding. Also included in the distribution is a set of C++ + wrapper functions, and a just-in-time compiler that can be used + to optimize pattern matching. These are both optional features + that can be omitted when the library is built. + </para> + + <para> + THE BASIC LIBRARY FUNCTIONS. Written by: Philip Hazel; Email + local part: ph10; Email domain: cam.ac.uk University of + Cambridge Computing Service, Cambridge, England. Copyright (c) + 1997-2012 University of Cambridge All rights reserved. + </para> + + <para> + PCRE JUST-IN-TIME COMPILATION SUPPORT. Written by: Zoltan + Herczeg; Email local part: hzmester; Emain domain: freemail.hu + Copyright(c) 2010-2012 Zoltan Herczeg All rights reserved. + </para> + + <para> + STACK-LESS JUST-IN-TIME COMPILER. Written by: Zoltan Herczeg; + Email local part: hzmester; Emain domain: freemail.hu + Copyright(c) 2009-2012 Zoltan Herczeg All rights reserved. + </para> + + <para> + THE C++ WRAPPER FUNCTIONS. Contributed by: Google Inc. Copyright + (c) 2007-2012, Google Inc. All rights reserved. + </para> + + <para> + THE "BSD" LICENCE. Redistribution and use in source and binary + forms, with or without modification, are permitted provided that + the following conditions are met: + </para> + + <itemizedlist> + + <listitem> + <para> + Redistributions of source code must retain the above + copyright notice, this list of conditions and the following + disclaimer. + </para> + </listitem> + + <listitem> + <para> + Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials + provided with the distribution. + </para> + </listitem> + + <listitem> + <para> + Neither the name of the University of Cambridge nor the name + of Google Inc. nor the names of their contributors may be + used to endorse or promote products derived from this + software without specific prior written permission. + </para> + </listitem> + + </itemizedlist> + + <para> + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF + USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING + IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF + THE POSSIBILITY OF SUCH DAMAGE. + </para> + + </sect2> + + <sect2 id="licLibffi"> + + <title>libffi License</title> + + <para> + Copyright (c) 1996-2012 Anthony Green, Red Hat, Inc and others. + See source files for details. + </para> + + <para> + Permission is hereby granted, free of charge, to any person + obtaining a copy of this software and associated documentation + files (the ``Software''), to deal in the Software without + restriction, including without limitation the rights to use, + copy, modify, merge, publish, distribute, sublicense, and/or + sell copies of the Software, and to permit persons to whom the + Software is furnished to do so, subject to the following + conditions: + </para> + + <para> + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + </para> + + <para> + THE SOFTWARE IS PROVIDED ``AS IS'', WITHOUT WARRANTY OF ANY + KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE + WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE + AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR + OTHER DEALINGS IN THE SOFTWARE. + </para> + + </sect2> + + <sect2 id="licFltk"> + + <title>FLTK License</title> + + <para> + December 11, 2001 + </para> + + <para> + The FLTK library and included programs are provided under the + terms of the GNU Library General Public License (LGPL) with the + following exceptions: + </para> + + <orderedlist> + + <listitem> + <para> + Modifications to the FLTK configure script, config header + file, and makefiles by themselves to support a specific + platform do not constitute a modified or derivative work. + </para> + + <para> + The authors do request that such modifications be + contributed to the FLTK project - send all contributions + through the "Software Trouble Report" on the following page: + </para> + + <para> + http://www.fltk.org/str.php + </para> + </listitem> + + <listitem> + <para> + Widgets that are subclassed from FLTK widgets do not + constitute a derivative work. + </para> + </listitem> + + <listitem> + <para> + Static linking of applications and widgets to the FLTK + library does not constitute a derivative work and does not + require the author to provide source code for the + application or widget, use the shared FLTK libraries, or + link their applications or widgets against a user-supplied + version of FLTK. + </para> + + <para> + If you link the application or widget to a modified version + of FLTK, then the changes to FLTK must be provided under the + terms of the LGPL in sections 1, 2, and 4. + </para> + </listitem> + + <listitem> + <para> + You do not have to provide a copy of the FLTK license with + programs that are linked to the FLTK library, nor do you + have to identify the FLTK license in your program or + documentation as required by section 6 of the LGPL. + </para> + + <para> + However, programs must still identify their use of FLTK. The + following example statement can be included in user + documentation to satisfy this requirement: + </para> + + <para> + [program/widget] is based in part on the work of the FLTK + project (http://www.fltk.org). + </para> + </listitem> + + </orderedlist> + + </sect2> + + <sect2 id="licExpat"> + + <title>Expat License</title> + + <para> + Copyright (c) 1998, 1999, 2000 Thai Open Source Software Center + Ltd and Clark Cooper + </para> + + <para> + Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006 Expat + maintainers. + </para> + + <para> + Permission is hereby granted, free of charge, to any person + obtaining a copy of this software and associated documentation + files (the "Software"), to deal in the Software without + restriction, including without limitation the rights to use, + copy, modify, merge, publish, distribute, sublicense, and/or + sell copies of the Software, and to permit persons to whom the + Software is furnished to do so, subject to the following + conditions: + </para> + + <para> + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + </para> + + <para> + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES + OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR + OTHER DEALINGS IN THE SOFTWARE. + </para> + + </sect2> + + <sect2 id="licFontconfig"> + + <title>Fontconfig License</title> + + <para> + Copyright (C) 2001, 2003 Keith Packard + </para> + + <para> + Permission to use, copy, modify, distribute, and sell this + software and its documentation for any purpose is hereby granted + without fee, provided that the above copyright notice appear in + all copies and that both that copyright notice and this + permission notice appear in supporting documentation, and that + the name of the author(s) not be used in advertising or + publicity pertaining to distribution of the software without + specific, written prior permission. The authors make no + representations about the suitability of this software for any + purpose. It is provided "as is" without express or implied + warranty. + </para> + + <para> + THE AUTHOR(S) DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS + SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS, IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY + SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER + IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, + ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF + THIS SOFTWARE. + </para> + + </sect2> + + <sect2 id="licFreetype"> + + <title>Freetype License</title> + + <para> + 2006-Jan-27 + </para> + + <para> + Copyright 1996-2002, 2006 by David Turner, Robert Wilhelm, and + Werner Lemberg + </para> + + <sect3> + + <title>Introduction</title> + + <para> + The FreeType Project is distributed in several archive + packages; some of them may contain, in addition to the + FreeType font engine, various tools and contributions which + rely on, or relate to, the FreeType Project. + </para> + + <para> + This license applies to all files found in such packages, and + which do not fall under their own explicit license. The + license affects thus the FreeType font engine, the test + programs, documentation and makefiles, at the very least. + </para> + + <para> + This license was inspired by the BSD, Artistic, and IJG + (Independent JPEG Group) licenses, which all encourage + inclusion and use of free software in commercial and freeware + products alike. As a consequence, its main points are that: + </para> + + <itemizedlist> + + <listitem> + <para> + We don't promise that this software works. However, we + will be interested in any kind of bug reports. (`as is' + distribution) + </para> + </listitem> + + <listitem> + <para> + You can use this software for whatever you want, in parts + or full form, without having to pay us. (`royalty-free' + usage) + </para> + </listitem> + + <listitem> + <para> + You may not pretend that you wrote this software. If you + use it, or only parts of it, in a program, you must + acknowledge somewhere in your documentation that you have + used the FreeType code. (`credits') + </para> + </listitem> + + </itemizedlist> + + <para> + We specifically permit and encourage the inclusion of this + software, with or without modifications, in commercial + products. We disclaim all warranties covering The FreeType + Project and assume no liability related to The FreeType + Project. + </para> + + <para> + Finally, many people asked us for a preferred form for a + credit/disclaimer to use in compliance with this license. We + thus encourage you to use the following text: + </para> + + <para> + Portions of this software are copyright (C) <year> The + FreeType Project (www.freetype.org). All rights reserved. + </para> + + <para> + Please replace <year> with the value from the FreeType + version you actually use. + </para> + + </sect3> + + <sect3> + + <title>Legal Terms</title> + + <para> + 0. Definitions + </para> + + <para> + Throughout this license, the terms `package', `FreeType + Project', and `FreeType archive' refer to the set of files + originally distributed by the authors (David Turner, Robert + Wilhelm, and Werner Lemberg) as the `FreeType Project', be + they named as alpha, beta or final release. + </para> + + <para> + `You' refers to the licensee, or person using the project, + where `using' is a generic term including compiling the + project's source code as well as linking it to form a + `program' or `executable'. This program is referred to as `a + program using the FreeType engine'. + </para> + + <para> + This license applies to all files distributed in the original + FreeType Project, including all source code, binaries and + documentation, unless otherwise stated in the file in its + original, unmodified form as distributed in the original + archive. If you are unsure whether or not a particular file is + covered by this license, you must contact us to verify this. + </para> + + <para> + The FreeType Project is copyright (C) 1996-2000 by David + Turner, Robert Wilhelm, and Werner Lemberg. All rights + reserved except as specified below. + </para> + + <para> + 1. No Warranty + </para> + + <para> + THE FREETYPE PROJECT IS PROVIDED `AS IS' WITHOUT WARRANTY OF + ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT + LIMITED TO, WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + PARTICULAR PURPOSE. IN NO EVENT WILL ANY OF THE AUTHORS OR + COPYRIGHT HOLDERS BE LIABLE FOR ANY DAMAGES CAUSED BY THE USE + OR THE INABILITY TO USE, OF THE FREETYPE PROJECT. + </para> + + <para> + 2. Redistribution + </para> + + <para> + This license grants a worldwide, royalty-free, perpetual and + irrevocable right and license to use, execute, perform, + compile, display, copy, create derivative works of, distribute + and sublicense the FreeType Project (in both source and object + code forms) and derivative works thereof for any purpose; and + to authorize others to exercise some or all of the rights + granted herein, subject to the following conditions: + </para> + + <itemizedlist> + + <listitem> + <para> + Redistribution of source code must retain this license + file (`FTL.TXT') unaltered; any additions, deletions or + changes to the original files must be clearly indicated in + accompanying documentation. The copyright notices of the + unaltered, original files must be preserved in all copies + of source files. + </para> + </listitem> + + <listitem> + <para> + Redistribution in binary form must provide a disclaimer + that states that the software is based in part of the work + of the FreeType Team, in the distribution documentation. + We also encourage you to put an URL to the FreeType web + page in your documentation, though this isn't mandatory. + </para> + </listitem> + + </itemizedlist> + + <para> + These conditions apply to any software derived from or based + on the FreeType Project, not just the unmodified files. If you + use our work, you must acknowledge us. However, no fee need be + paid to us. + </para> + + <para> + 3. Advertising + </para> + + <para> + Neither the FreeType authors and contributors nor you shall + use the name of the other for commercial, advertising, or + promotional purposes without specific prior written + permission. + </para> + + <para> + We suggest, but do not require, that you use one or more of + the following phrases to refer to this software in your + documentation or advertising materials: `FreeType Project', + `FreeType Engine', `FreeType library', or `FreeType + Distribution'. + </para> + + <para> + As you have not signed this license, you are not required to + accept it. However, as the FreeType Project is copyrighted + material, only this license, or another one contracted with + the authors, grants you the right to use, distribute, and + modify it. Therefore, by using, distributing, or modifying the + FreeType Project, you indicate that you understand and accept + all the terms of this license. + </para> + + <para> + 4. Contacts + </para> + + <para> + There are two mailing lists related to FreeType: + </para> + + <itemizedlist> + + <listitem> + <para> + freetype@nongnu.org + </para> + + <para> + Discusses general use and applications of FreeType, as + well as future and wanted additions to the library and + distribution. If you are looking for support, start in + this list if you haven't found anything to help you in the + documentation. + </para> + </listitem> + + <listitem> + <para> + freetype-devel@nongnu.org + </para> + + <para> + Discusses bugs, as well as engine internals, design + issues, specific licenses, porting, etc. + </para> + </listitem> + + </itemizedlist> + + <para> + Our home page can be found at + </para> + + <para> + http://www.freetype.org + </para> + + </sect3> + + </sect2> + + <sect2 id="licVPX"> + + <title>VPX License</title> + + <para> + Copyright (c) 2010, The WebM Project authors. All rights + reserved. + </para> + + <para> + Redistribution and use in source and binary forms, with or + without modification, are permitted provided that the following + conditions are met: + </para> + + <itemizedlist> + + <listitem> + <para> + Redistributions of source code must retain the above + copyright notice, this list of conditions and the following + disclaimer. + </para> + </listitem> + + <listitem> + <para> + Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials + provided with the distribution. + </para> + </listitem> + + <listitem> + <para> + Neither the name of Google, nor the WebM Project, nor the + names of its contributors may be used to endorse or promote + products derived from this software without specific prior + written permission. + </para> + </listitem> + + </itemizedlist> + + <para> + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR + CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF + USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING + IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF + THE POSSIBILITY OF SUCH DAMAGE. + </para> + + </sect2> + + <sect2 id="licOpus"> + + <title>Opus License</title> + + <para> + Copyright 2001-2011 Xiph.Org, Skype Limited, Octasic, Jean-Marc + Valin, Timothy B. Terriberry, CSIRO, Gregory Maxwell, Mark + Borgerding, Erik de Castro Lopo + </para> + + <para> + Redistribution and use in source and binary forms, with or + without modification, are permitted provided that the following + conditions are met: + </para> + + <itemizedlist> + + <listitem> + <para> + Redistributions of source code must retain the above + copyright notice, this list of conditions and the following + disclaimer. + </para> + </listitem> + + <listitem> + <para> + Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials + provided with the distribution. + </para> + </listitem> + + <listitem> + <para> + Neither the name of Internet Society, IETF or IETF Trust, + nor the names of specific contributors, may be used to + endorse or promote products derived from this software + without specific prior written permission. + </para> + </listitem> + + </itemizedlist> + + <para> + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + CONTRIBUTORS ''AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF + USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING + IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF + THE POSSIBILITY OF SUCH DAMAGE. Opus is subject to the + royalty-free patent licenses which are specified at: Xiph.Org + Foundation: https://datatracker.ietf.org/ipr/1524/ Microsoft + Corporation: https://datatracker.ietf.org/ipr/1914/ Broadcom + Corporation: https://datatracker.ietf.org/ipr/1526/ + </para> + + </sect2> + + <sect2 id="licOsxFuse"> + + <title>FUSE for macOS License</title> + + <para> + Copyright (c) 2011-2017 Benjamin Fleischer; Copyright (c) + 2011-2012 Erik Larsson; All rights reserved. + </para> + + <para> + Redistribution and use in source and binary forms, with or + without modification, are permitted provided that the following + conditions are met: + </para> + + <itemizedlist> + + <listitem> + <para> + Redistributions of source code must retain the above + copyright notice, this list of conditions and the following + disclaimer. + </para> + </listitem> + + <listitem> + <para> + Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials + provided with the distribution. + </para> + </listitem> + + <listitem> + <para> + Neither the name of the copyright holder nor the names of + its contributors may be used to endorse or promote products + derived from this software without specific prior written + permission. + </para> + </listitem> + + </itemizedlist> + + <para> + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + CONTRIBUTORS ''AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF + USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING + IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF + THE POSSIBILITY OF SUCH DAMAGE. + </para> + + </sect2> + + </sect1> + +</appendix> diff --git a/doc/manual/en_US/user_Troubleshooting.xml b/doc/manual/en_US/user_Troubleshooting.xml new file mode 100644 index 00000000..da6f6dd3 --- /dev/null +++ b/doc/manual/en_US/user_Troubleshooting.xml @@ -0,0 +1,2267 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" +"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"[ +<!ENTITY % all.entities SYSTEM "all-entities.ent"> +%all.entities; +]> +<chapter id="Troubleshooting"> + + <title>Troubleshooting</title> + + <para> + This chapter provides answers to commonly asked questions. In order + to improve your user experience with &product-name;, it is + recommended to read this section to learn more about common pitfalls + and get recommendations on how to use the product. + </para> + + <sect1 id="ts_procs-tools"> + + <title>Procedures and Tools</title> + + <sect2 id="ts_categorize-isolate"> + + <title>Categorizing and Isolating Problems</title> + + <para> + More often than not, a virtualized guest behaves like a physical + system. Any problems that a physical machine would encounter, a + virtual machine will encounter as well. If, for example, + Internet connectivity is lost due to external issues, virtual + machines will be affected just as much as physical ones. + </para> + + <para> + If a true &product-name; problem is encountered, it helps to + categorize and isolate the problem first. Here are some of the + questions that should be answered before reporting a problem: + </para> + + <itemizedlist> + + <listitem> + <para> + Is the problem specific to a certain guest OS? Or a specific + release of a guest OS? Especially with Linux guest related + problems, the issue may be specific to a certain + distribution and version of Linux. + </para> + </listitem> + + <listitem> + <para> + Is the problem specific to a certain host OS? Problems are + usually not host OS specific, because most of the + &product-name; code base is shared across all supported + platforms, but especially in the areas of networking and USB + support, there are significant differences between host + platforms. Some GUI related issues are also host specific. + </para> + </listitem> + + <listitem> + <para> + Is the problem specific to certain host hardware? This + category of issues is typically related to the host CPU. + Because of significant differences between VT-x and AMD-V, + problems may be specific to one or the other technology. The + exact CPU model may also make a difference, even for + software virtualization, because different CPUs support + different features, which may affect certain aspects of + guest CPU operation. + </para> + </listitem> + + <listitem> + <para> + Is the problem specific to a certain virtualization mode? + Some problems may only occur in software virtualization + mode, others may be specific to hardware virtualization. + </para> + </listitem> + + <listitem> + <para> + Is the problem specific to guest SMP? That is, is it related + to the number of virtual CPUs (VCPUs) in the guest? Using + more than one CPU usually significantly affects the internal + operation of a guest OS. + </para> + </listitem> + + <listitem> + <para> + Is the problem specific to the Guest Additions? In some + cases, this is obvious, such as a shared folders problem. In + other cases such as display problems, it may be less + obvious. If the problem is Guest Additions specific, is it + also specific to a certain version of the Guest Additions? + </para> + </listitem> + + <listitem> + <para> + Is the problem specific to a certain environment? Some + problems are related to a particular environment external to + the VM. This usually involves network setup. Certain + configurations of external servers such as DHCP or PXE may + expose problems which do not occur with other, similar + servers. + </para> + </listitem> + + <listitem> + <para> + Is the problem a regression? Knowing that an issue is a + regression usually makes it significantly easier to find the + solution. In this case, it is crucial to know which version + is affected and which is not. + </para> + </listitem> + + </itemizedlist> + + </sect2> + + <sect2 id="collect-debug-info"> + + <title>Collecting Debugging Information</title> + + <para> + For problem determination, it is often important to collect + debugging information which can be analyzed by &product-name; + support. This section contains information about what kind of + information can be obtained. + </para> + + <para> + Every time &product-name; starts up a VM, a so-called + <emphasis>release log file</emphasis> is created, containing + lots of information about the VM configuration and runtime + events. The log file is called + <computeroutput>VBox.log</computeroutput> and resides in the VM + log file folder. Typically this will be a directory as follows: + </para> + +<screen>$HOME/VirtualBox VMs/{machinename}/Logs</screen> + + <para> + When starting a VM, the configuration file of the last run will + be renamed to <computeroutput>.1</computeroutput>, up to + <computeroutput>.3</computeroutput>. Sometimes when there is a + problem, it is useful to have a look at the logs. Also when + requesting support for &product-name;, supplying the + corresponding log file is mandatory. + </para> + + <para> + For convenience, for each virtual machine, the VirtualBox + Manager window can show these logs in a window. To access it, + select a virtual machine from the list on the left and select + <emphasis role="bold">Show Log</emphasis> from the + <emphasis role="bold">Machine</emphasis> menu. + </para> + + <para> + The release log file, VBox.log, contains a wealth of diagnostic + information, such as Host OS type and version, &product-name; + version and build (32-bit or 64-bit). It also includes a + complete dump of the guest's configuration (CFGM), detailed + information about the host CPU type and supported features, + whether hardware virtualization is enabled, information about + VT-x/AMD-V setup, state transitions (such as creating, running, + paused, stopping), guest BIOS messages, Guest Additions + messages, device-specific log entries and, at the end of + execution, final guest state and condensed statistics. + </para> + + <para> + In case of crashes, it is very important to collect + <emphasis>crash dumps</emphasis>. This is true for both host and + guest crashes. For information about enabling core dumps on + Linux, Oracle Solaris, and OS X systems, refer to the following + core dump article on the &product-name; website: + </para> + + <para> + <ulink + url="http://www.virtualbox.org/wiki/Core_dump">http://www.virtualbox.org/wiki/Core_dump</ulink>. + </para> + + <para> + You can also use <command>VBoxManage debugvm</command> to create + a dump of a complete virtual machine. See + <xref linkend="vboxmanage-debugvm" />. + </para> + + <para> + For network related problems, it is often helpful to capture a + trace of network traffic. If the traffic is routed through an + adapter on the host, it is possible to use Wireshark or a + similar tool to capture the traffic there. However, this often + also includes a lot of traffic unrelated to the VM. + </para> + + <para> + &product-name; provides an ability to capture network traffic + only on a specific VM's network adapter. Refer to the following + network tracing article on the &product-name; website for + information on enabling this capture: + </para> + + <para> + <ulink + url="http://www.virtualbox.org/wiki/Network_tips">http://www.virtualbox.org/wiki/Network_tips</ulink>. + </para> + + <para> + The trace files created by &product-name; are in + <computeroutput>.pcap</computeroutput> format and can be easily + analyzed with Wireshark. + </para> + + </sect2> + + <sect2 id="ts_debugger"> + + <title>The Built-In VM Debugger</title> + + <para> + &product-name; includes a built-in VM debugger, which advanced + users may find useful. This debugger enables you to examine and, + to some extent, control the VM state. + </para> + + <warning> + <para> + Use the VM debugger at your own risk. There is no support for + it, and the following documentation is only made available for + advanced users with a very high level of familiarity with the + x86/AMD64 machine instruction set, as well as detailed + knowledge of the PC architecture. A degree of familiarity with + the internals of the guest OS in question may also be very + helpful. + </para> + </warning> + + <para> + The VM debugger is available in all regular production versions + of &product-name;, but it is disabled by default because the + average user will have little use for it. There are two ways to + access the debugger: + </para> + + <itemizedlist> + + <listitem> + <para> + Using a debugger console window displayed alongside the VM + </para> + </listitem> + + <listitem> + <para> + Using the <computeroutput>telnet</computeroutput> protocol + on port 5000 + </para> + </listitem> + + </itemizedlist> + + <para> + The debugger can be enabled in the following ways: + </para> + + <itemizedlist> + + <listitem> + <para> + Start the VM directly using <command>VirtualBox + --startvm</command>, with an additional + <computeroutput>--dbg</computeroutput>, + <computeroutput>--debug</computeroutput>, or + <computeroutput>--debug-command-line</computeroutput> + argument. See the <command>VirtualBox</command> command + usage help for details. + </para> + </listitem> + + <listitem> + <para> + Set the + <computeroutput>VBOX_GUI_DBG_ENABLED</computeroutput> or + <computeroutput>VBOX_GUI_DBG_AUTO_SHOW</computeroutput> + environment variable to + <computeroutput>true</computeroutput> before launching the + &product-name; process. Setting these variables, only their + presence is checked, is effective even when the first + &product-name; process is the VM selector window. VMs + subsequently launched from the selector will have the + debugger enabled. + </para> + </listitem> + + <listitem> + <para> + Set the <computeroutput>GUI/Dbg/Enabled</computeroutput> + extra data item to <computeroutput>true</computeroutput> + before launching the VM. This can be set globally or on a + per VM basis. + </para> + </listitem> + + </itemizedlist> + + <para> + A new <emphasis role="bold">Debug</emphasis> menu entry is added + to the &product-name; application. This menu enables the user to + open the debugger console. + </para> + + <para> + The VM debugger command syntax is loosely modeled on Microsoft + and IBM debuggers used on DOS, OS/2, and Windows. Users familiar + with symdeb, CodeView, or the OS/2 kernel debugger will find the + &product-name; VM debugger familiar. + </para> + + <para> + The most important command is <command>help</command>. This will + print brief usage help for all debugger commands. The set of + commands supported by the VM debugger changes frequently and the + <command>help</command> command is always up-to-date. + </para> + + <para> + A brief summary of frequently used commands is as follows: + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>stop</computeroutput>: Stops the VM + execution and enables single stepping + </para> + </listitem> + + <listitem> + <para> + <computeroutput>g</computeroutput>: Continue VM execution + </para> + </listitem> + + <listitem> + <para> + <computeroutput>t</computeroutput>: Single step an + instruction + </para> + </listitem> + + <listitem> + <para> + <computeroutput>rg/rh/r</computeroutput>: Print the + guest/hypervisor/current registers + </para> + </listitem> + + <listitem> + <para> + <computeroutput>kg/kh/k</computeroutput>: Print the + guest/hypervisor/current call stack + </para> + </listitem> + + <listitem> + <para> + <computeroutput>da/db/dw/dd/dq</computeroutput>: Print + memory contents as ASCII/bytes/words/dwords/qwords + </para> + </listitem> + + <listitem> + <para> + <computeroutput>u</computeroutput>: Unassemble memory + </para> + </listitem> + + <listitem> + <para> + <computeroutput>dg</computeroutput>: Print the guest's GDT + </para> + </listitem> + + <listitem> + <para> + <computeroutput>di</computeroutput>: Print the guest's IDT + </para> + </listitem> + + <listitem> + <para> + <computeroutput>dl</computeroutput>: Print the guest's LDT + </para> + </listitem> + + <listitem> + <para> + <computeroutput>dt</computeroutput>: Print the guest's TSS + </para> + </listitem> + + <listitem> + <para> + <computeroutput>dp*</computeroutput>: Print the guest's page + table structures + </para> + </listitem> + + <listitem> + <para> + <computeroutput>bp/br</computeroutput>: Set a + normal/recompiler breakpoint + </para> + </listitem> + + <listitem> + <para> + <computeroutput>bl</computeroutput>: List breakpoints + </para> + </listitem> + + <listitem> + <para> + <computeroutput>bc</computeroutput>: Clear a breakpoint + </para> + </listitem> + + <listitem> + <para> + <computeroutput>writecore</computeroutput>: Write a VM core + file to disk. See <xref linkend="ts_guest-core-format" /> + </para> + </listitem> + + </itemizedlist> + + <para> + See the built-in <computeroutput>help</computeroutput> for other + available commands. + </para> + + <para> + The VM debugger supports symbolic debugging, although symbols + for guest code are often not available. For Oracle Solaris + guests, the <command>detect</command> command automatically + determines the guest OS version and locates kernel symbols in + guest's memory. Symbolic debugging is then available. For Linux + guests, the <command>detect</command> commands also determines + the guest OS version, but there are no symbols in the guest's + memory. Kernel symbols are available in the file + <computeroutput>/proc/kallsyms</computeroutput> on Linux guests. + This file must be copied to the host, for example using + <command>scp</command>. The <command>loadmap</command> debugger + command can be used to make the symbol information available to + the VM debugger. Note that the + <computeroutput>kallsyms</computeroutput> file contains the + symbols for the currently loaded modules. If the guest's + configuration changes, the symbols will change as well and must + be updated. + </para> + + <para> + For all guests, a simple way to verify that the correct symbols + are loaded is the <command>k</command> command. The guest is + normally idling and it should be clear from the symbolic + information that the guest operating system's idle loop is being + executed. + </para> + + <para> + Another group of debugger commands is the set of + <command>info</command> commands. Running <command>info + help</command> provides complete usage information. The + information commands provide ad-hoc data pertinent to various + emulated devices and aspects of the VMM. There is no general + guideline for using the <command>info</command> commands, the + right command to use depends entirely on the problem being + investigated. Some of the <command>info</command> commands are + as follows: + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>cfgm</computeroutput>: Print a branch of the + configuration tree + </para> + </listitem> + + <listitem> + <para> + <computeroutput>cpuid</computeroutput>: Display the guest + CPUID leaves + </para> + </listitem> + + <listitem> + <para> + <computeroutput>ioport</computeroutput>: Print registered + I/O port ranges + </para> + </listitem> + + <listitem> + <para> + <computeroutput>mmio</computeroutput>: Print registered MMIO + ranges + </para> + </listitem> + + <listitem> + <para> + <computeroutput>mode</computeroutput> -- print the current + paging mode + </para> + </listitem> + + <listitem> + <para> + <computeroutput>pit</computeroutput>: Print the i8254 PIT + state + </para> + </listitem> + + <listitem> + <para> + <computeroutput>pic</computeroutput>: Print the i8259A PIC + state + </para> + </listitem> + + <listitem> + <para> + <computeroutput>ohci/ehci/xhci</computeroutput>: Print a + subset of the OHCI/EHCI/xHCI USB controller state + </para> + </listitem> + + <listitem> + <para> + <computeroutput>pcnet0</computeroutput>: Print the PCnet + state + </para> + </listitem> + + <listitem> + <para> + <computeroutput>vgatext</computeroutput>: Print the contents + of the VGA framebuffer formatted as standard text mode + </para> + </listitem> + + <listitem> + <para> + <computeroutput>timers</computeroutput>: Print all VM timers + </para> + </listitem> + + </itemizedlist> + + <para> + The output of the <command>info</command> commands generally + requires in-depth knowledge of the emulated device or + &product-name; VMM internals. However, when used properly, the + information provided can be invaluable. + </para> + + </sect2> + + <sect2 id="ts_guest-core-format"> + + <title>VM Core Format</title> + + <para> + &product-name; uses the 64-bit ELF format for its VM core files + created by <command>VBoxManage debugvm</command>, see + <xref linkend="vboxmanage-debugvm" />. The VM core file contain + the memory and CPU dumps of the VM and can be useful for + debugging your guest OS. The 64-bit ELF object format + specification can be obtained at: + </para> + + <para> + <ulink + url="http://downloads.openwatcom.org/ftp/devel/docs/elf-64-gen.pdf">http://downloads.openwatcom.org/ftp/devel/docs/elf-64-gen.pdf</ulink>. + </para> + + <para> + The overall layout of the VM core format is as follows: + </para> + +<screen>[ ELF 64 Header] +[ Program Header, type PT_NOTE ] + → offset to COREDESCRIPTOR +[ Program Header, type PT_LOAD ] - one for each contiguous physical memory range + → Memory offset of range + → File offset +[ Note Header, type NT_VBOXCORE ] +[ COREDESCRIPTOR ] + → Magic + → VM core file version + → VBox version + → Number of vCPUs etc. +[ Note Header, type NT_VBOXCPU ] - one for each vCPU +[ vCPU 1 Note Header ] + [ DBGFCORECPU - vCPU 1 dump ] +[ Additional Notes + Data ] - currently unused +[ Memory dump ]</screen> + + <para> + The memory descriptors contain physical addresses relative to + the guest and not virtual addresses. Regions of memory such as + MMIO regions are not included in the core file. + </para> + + <para> + The relevant data structures and definitions can be found in the + &product-name; sources under the following header files: + <computeroutput>include/VBox/dbgfcorefmt.h</computeroutput>, + <computeroutput>include/iprt/x86.h</computeroutput> and + <computeroutput>src/VBox/Runtime/include/internal/ldrELFCommon.h</computeroutput>. + </para> + + <para> + The VM core file can be inspected using + <computeroutput>elfdump</computeroutput> and GNU + <computeroutput>readelf</computeroutput> or other similar + utilities. + </para> + + </sect2> + + </sect1> + + <sect1 id="ts_general"> + + <title>General Troubleshooting</title> + + <sect2 id="ts_config-periodic-flush"> + + <title>Guest Shows IDE/SATA Errors for File-Based Images on Slow Host File + System</title> + + <para> + Occasionally, some host file systems provide very poor writing + performance and as a consequence cause the guest to time out + IDE/SATA commands. This is normal behavior and should normally + cause no real problems, as the guest should repeat commands that + have timed out. However, guests such as some Linux versions have + severe problems if a write to an image file takes longer than + about 15 seconds. Some file systems however require more than a + minute to complete a single write, if the host cache contains a + large amount of data that needs to be written. + </para> + + <para> + The symptom for this problem is that the guest can no longer + access its files during large write or copying operations, + usually leading to an immediate hang of the guest. + </para> + + <para> + In order to work around this problem, the true fix is to use a + faster file system that does not exhibit such unacceptable write + performance, it is possible to flush the image file after a + certain amount of data has been written. This interval is + normally infinite, but can be configured individually for each + disk of a VM. + </para> + + <para> + For IDE disks use the following command: + </para> + +<screen>VBoxManage setextradata "VM name" +"VBoxInternal/Devices/piix3ide/0/LUN#[x]/Config/FlushInterval" [b]</screen> + + <para> + For SATA disks use the following command: + </para> + +<screen>VBoxManage setextradata "VM name" +"VBoxInternal/Devices/ahci/0/LUN#[x]/Config/FlushInterval" [b]</screen> + + <para> + The value [x] that selects the disk for IDE is 0 for the master + device on the first channel, 1 for the slave device on the first + channel, 2 for the master device on the second channel or 3 for + the slave device on the second channel. For SATA use values + between 0 and 29. Only disks support this configuration option; + it must not be set for CD/DVD drives. + </para> + + <para> + The unit of the interval [b] is the number of bytes written + since the last flush. The value for it must be selected so that + the occasional long write delays do not occur. Since the proper + flush interval depends on the performance of the host and the + host filesystem, finding the optimal value that makes the + problem disappear requires some experimentation. Values between + 1000000 and 10000000 (1 to 10 megabytes) are a good starting + point. Decreasing the interval both decreases the probability of + the problem and the write performance of the guest. Setting the + value unnecessarily low will cost performance without providing + any benefits. An interval of 1 will cause a flush for each write + operation and should solve the problem in any case, but has a + severe write performance penalty. + </para> + + <para> + Providing a value of 0 for [b] is treated as an infinite flush + interval, effectively disabling this workaround. Removing the + extra data key by specifying no value for [b] has the same + effect. + </para> + + </sect2> + + <sect2 id="ts_ide-sata-flush"> + + <title>Responding to Guest IDE/SATA Flush Requests</title> + + <para> + If desired, the virtual disk images can be flushed when the + guest issues the IDE FLUSH CACHE command. Normally these + requests are ignored for improved performance. The parameters + below are only accepted for disk drives. They must not be set + for DVD drives. + </para> + + <para> + To enable flushing for IDE disks, issue the following command: + </para> + +<screen>VBoxManage setextradata "VM name" "VBoxInternal/Devices/piix3ide/0/LUN#[x]/Config/IgnoreFlush" 0</screen> + + <para> + The value [x] that selects the disk is 0 for the master device + on the first channel, 1 for the slave device on the first + channel, 2 for the master device on the second channel or 3 for + the master device on the second channel. + </para> + + <para> + To enable flushing for SATA disks, issue the following command: + </para> + +<screen>VBoxManage setextradata "VM name" "VBoxInternal/Devices/ahci/0/LUN#[x]/Config/IgnoreFlush" 0</screen> + + <para> + The value [x] that selects the disk can be a value between 0 and + 29. + </para> + + <para> + Note that this does not affect the flushes performed according + to the configuration described in + <xref linkend="ts_config-periodic-flush" + xrefstyle="template: %n" />. + Restoring the default of ignoring flush commands is possible by + setting the value to 1 or by removing the key. + </para> + + </sect2> + + <sect2 id="ts_host-freq-boost"> + + <title>Performance Variation with Frequency Boosting</title> + + <para> + Many newer multi-core processors support some form of frequency + boosting, which means that if only one core is utilized, it can + run possibly 50% faster or even more than the rated CPU + frequency. This causes measured performance to vary somewhat as + a function of the momentary overall system load. The exact + behavior depends strongly on the specific processor model. + </para> + + <para> + As a consequence, benchmarking on systems which utilize + frequency boosting may produce unstable and non-repeatable + results. This is especially true if benchmark runs are short, of + the order of seconds. To obtain stable results, benchmarks must + be run over longer periods of time and with a constant system + load apart from the VM being tested. + </para> + + </sect2> + + <sect2 id="ts_host-freq-scaling"> + + <title>Frequency Scaling Effect on CPU Usage</title> + + <para> + On some hardware platforms and operating systems, CPU frequency + scaling may cause CPU usage reporting to be highly misleading. + This happens in situations when the host CPU load is significant + but not heavy, such as 15-30% of the maximum. + </para> + + <para> + Most operating systems determine CPU usage in terms of time + spent, measuring for example how many nanoseconds the systems or + a process was active within one second. However, in order to + save energy, modern systems can significantly scale down CPU + speed when the system is not fully loaded. Naturally, when the + CPU is running at for example one half of its maximum speed, the + same number of instructions will take roughly twice as long to + execute compared to running at full speed. + </para> + + <para> + Depending on the specific hardware and host OS, this effect can + very significantly skew the CPU usage reported by the OS. The + reported CPU usage can be several times higher than what it + would have been had the CPU been running at full speed. The + effect can be observed both on the host OS and in a guest OS. + </para> + + </sect2> + + <sect2 id="ts_win-cpu-usage-rept"> + + <title>Inaccurate Windows CPU Usage Reporting</title> + + <para> + CPU usage reporting tools which come with Windows, such as Task + Manager or Resource Monitor, do not take the time spent + processing hardware interrupts into account. If the interrupt + load is heavy, with thousands of interrupts per second, CPU + usage may be significantly underreported. + </para> + + <para> + This problem affects Windows as both host and guest OS. + Sysinternals tools, such as Process Explorer, do not suffer from + this problem. + </para> + + </sect2> + + <sect2 id="ts_host-powermgmt"> + + <title>Poor Performance Caused by Host Power Management</title> + + <para> + On some hardware platforms and operating systems, virtualization + performance is negatively affected by host CPU power management. + The symptoms may be choppy audio in the guest or erratic guest + clock behavior. + </para> + + <para> + Some of the problems may be caused by firmware and/or host + operating system bugs. Therefore, updating the firmware and + applying operating systems fixes is recommended. + </para> + + <para> + For optimal virtualization performance, the C1E power state + support in the system's BIOS should be disabled, if such a + setting is available. Not all systems support the C1E power + state. On Intel systems, the <computeroutput>Intel C + State</computeroutput> setting should be disabled. Disabling + other power management settings may also improve performance. + However, a balance between performance and power consumption + must always be considered. + </para> + + </sect2> + + <sect2 id="ts_gui-2d-grayed-out"> + + <title>GUI: 2D Video Acceleration Option is Grayed Out</title> + + <para> + To use 2D Video Acceleration within &product-name;, your host's + video card should support certain OpenGL extensions. On startup, + &product-name; checks for those extensions, and, if the test + fails, this option is silently grayed out. + </para> + + <para> + To find out why it has failed, you can manually execute the + following command: + </para> + +<screen>VBoxTestOGL --log "log_file_name" --test 2D</screen> + + <para> + It will list the required OpenGL extensions one by one and will + show you which one failed the test. This usually means that you + are running an outdated or misconfigured OpenGL driver on your + host. It can also mean that your video chip is lacking required + functionality. + </para> + + </sect2> + + </sect1> + + <sect1 id="ts_win-guests"> + + <title>Windows Guests</title> + + <sect2 id="ts_win7-guest-usb3-support"> + + <title>No USB 3.0 Support in Windows 7 Guests</title> + + <para> + If a Windows 7 or Windows Server 2008 R2 guest is configured for + USB 3.0 (xHCI) support, the guest OS will not have any USB + support at all. This happens because Windows 7 predates USB 3.0 + and therefore does not ship with any xHCI drivers. Microsoft + also does not offer any vendor-provided xHCI drivers through + Windows Update. + </para> + + <para> + To solve this problem, it is necessary to download and install + the Intel xHCI driver in the guest. Intel offers the driver as + the USB 3.0 eXtensible Host Controller (xHCI) driver for Intel 7 + Series/C216 chipsets. + </para> + + <para> + Note that the driver only supports Windows 7 and Windows Server + 2008 R2. The driver package includes support for both 32-bit and + 64-bit OS variants. + </para> + + </sect2> + + <sect2 id="ts_win-guest-bluescreen"> + + <title>Windows Bluescreens After Changing VM Configuration</title> + + <para> + Changing certain virtual machine settings can cause Windows + guests to fail during start up with a bluescreen. This may + happen if you change VM settings after installing Windows, or if + you copy a disk image with an already installed Windows to a + newly created VM which has settings that differ from the + original machine. + </para> + + <para> + This applies in particular to the following settings: + </para> + + <itemizedlist> + + <listitem> + <para> + The ACPI and I/O APIC settings should never be changed after + installing Windows. Depending on the presence of these + hardware features, the Windows installation program chooses + special kernel and device driver versions and will fail to + startup should these hardware features be removed. Enabling + them for a Windows VM which was installed without them does + not cause any harm. However, Windows will not use these + features in this case. + </para> + </listitem> + + <listitem> + <para> + Changing the storage controller hardware will cause bootup + failures as well. This might also apply to you if you copy a + disk image from an older version of &product-name; to a + virtual machine created with a newer &product-name; version. + The default subtype of IDE controller hardware was changed + from PIIX3 to PIIX4 with &product-name; 2.2. Make sure these + settings are identical. + </para> + </listitem> + + </itemizedlist> + + </sect2> + + <sect2 id="ts_win-guest-bluescreen-smp"> + + <title>Windows 0x101 Bluescreens with SMP Enabled (IPI Timeout)</title> + + <para> + If a VM is configured to have more than one processor + (symmetrical multiprocessing, SMP), some configurations of + Windows guests crash with an 0x101 error message, indicating a + timeout for interprocessor interrupts (IPIs). These interrupts + synchronize memory management between processors. + </para> + + <para> + According to Microsoft, this is due to a race condition in + Windows. A hotfix is available. See + <ulink + url="http://support.microsoft.com/kb/955076">http://support.microsoft.com/kb/955076</ulink>. + </para> + + <para> + If this does not help, please reduce the number of virtual + processors to 1. + </para> + + </sect2> + + <sect2 id="ts_win2k-guest-install"> + + <title>Windows 2000 Installation Failures</title> + + <para> + When installing Windows 2000 guests, you might run into one of + the following issues: + </para> + + <itemizedlist> + + <listitem> + <para> + Installation reboots, usually during component registration. + </para> + </listitem> + + <listitem> + <para> + Installation fills the whole hard disk with empty log files. + </para> + </listitem> + + <listitem> + <para> + Installation complains about a failure installing + <computeroutput>msgina.dll</computeroutput>. + </para> + </listitem> + + </itemizedlist> + + <para> + These problems are all caused by a bug in the hard disk driver + of Windows 2000. After issuing a hard disk request, there is a + race condition in the Windows driver code which leads to + corruption if the operation completes too fast. For example, the + hardware interrupt from the IDE controller arrives too soon. + With physical hardware, there is a guaranteed delay in most + systems so the problem is usually hidden there. However, it + should be possible to also reproduce it on physical hardware. In + a virtual environment, it is possible for the operation to be + done immediately, especially on very fast systems with multiple + CPUs, and the interrupt is signaled sooner than on a physical + system. The solution is to introduce an artificial delay before + delivering such interrupts. This delay can be configured for a + VM using the following command: + </para> + +<screen>VBoxManage setextradata "VM name" "VBoxInternal/Devices/piix3ide/0/Config/IRQDelay" 1</screen> + + <para> + This sets the delay to one millisecond. In case this does not + help, increase it to a value between 1 and 5 milliseconds. + Please note that this slows down disk performance. After + installation, you should be able to remove the key, or set it to + 0. + </para> + + </sect2> + + <sect2 id="ts_win-guest-bluescreen-record-info"> + + <title>How to Record Bluescreen Information from Windows Guests</title> + + <para> + When Windows guests run into a kernel crash, they display the + infamous bluescreen. Depending on how Windows is configured, the + information will remain on the screen until the machine is + restarted or it will reboot automatically. During installation, + Windows is usually configured to reboot automatically. With + automatic reboots, there is no chance to record the bluescreen + information which might be important for problem determination. + </para> + + <para> + &product-name; provides a method of halting a guest when it + wants to perform a reset. In order to enable this feature, use + the following command: + </para> + +<screen>VBoxManage setextradata "VM name" "VBoxInternal/PDM/HaltOnReset" 1</screen> + + </sect2> + + <sect2 id="ts_pcnet-driver-win-2003-server-guest"> + + <title>PCnet Driver Failure in 32-bit Windows Server 2003 Guests</title> + + <para> + Certain editions of Windows 2000 and 2003 servers support more + than 4 GB RAM on 32-bit systems. The AMD PCnet network driver + shipped with Windows Server 2003 fails to load if the 32-bit + guest OS uses paging extensions, which will occur with more than + approximately 3.5 GB RAM assigned to the VM. + </para> + + <para> + This problem is known to occur with version 4.38.0.0 of the + PCnet driver. The issue was fixed in version 4.51.0.0 of the + driver, which is available as a separate download. An + alternative solution may be changing the emulated NIC type to + Intel PRO/1000 MT Desktop (82540EM), or reducing the RAM + assigned to the VM to approximately 3.5 GB or less. + </para> + + </sect2> + + <sect2 id="ts_win-vista-guest-networking"> + + <title>No Networking in Windows Vista Guests</title> + + <para> + With Windows Vista, Microsoft dropped support for the AMD PCNet + card that &product-name; used to provide as the default virtual + network card before version 1.6.0. For Windows Vista guests, + &product-name; now uses an Intel E1000 card by default. + </para> + + <para> + If, for some reason, you still want to use the AMD card, you + need to download the PCNet driver from the AMD website. This + driver is available for 32-bit Windows only. You can transfer it + into the virtual machine using a shared folder. See + <xref linkend="sharedfolders" />. + </para> + + </sect2> + + <sect2 id="ts_win-guest-high-cpu"> + + <title>Windows Guests may Cause a High CPU Load</title> + + <para> + Several background applications of Windows guests, especially + virus scanners, are known to increases the CPU load notably even + if the guest appears to be idle. We recommend to deactivate + virus scanners within virtualized guests if possible. + </para> + + </sect2> + + <sect2 id="ts_win-guest-shared-folders-access-delay"> + + <title>Long Delays When Accessing Shared Folders</title> + + <para> + The performance for accesses to shared folders from a Windows + guest might be decreased due to delays during the resolution of + the &product-name; shared folders name service. To fix these + delays, add the following entries to the file + <computeroutput>\windows\system32\drivers\etc\lmhosts</computeroutput> + of the Windows guest: + </para> + +<screen>255.255.255.255 VBOXSVR #PRE +255.255.255.255 VBOXSRV #PRE</screen> + + <para> + After doing this change, a reboot of the guest is required. + </para> + + </sect2> + + <sect2 id="ts_win98-guest-usb-tablet-coordinates"> + + <title>USB Tablet Coordinates Wrong in Windows 98 Guests</title> + + <para> + If a Windows 98 VM is configured to use the emulated USB tablet + (absolute pointing device), the coordinate translation may be + incorrect and the pointer is restricted to the upper left + quarter of the guest's screen. + </para> + + <para> + The USB HID (Human Interface Device) drivers in Windows 98 are + very old and do not handle tablets the same way as more recent + operating systems do. For example, Windows 2000 and later, Mac + OS X, and Oracle Solaris. To work around the problem, use the + following command: + </para> + +<screen>VBoxManage setextradata "VM name" "VBoxInternal/USB/HidMouse/0/Config/CoordShift" 0</screen> + + <para> + To restore the default behavior, remove the key or set its value + to 1. + </para> + + </sect2> + + <sect2 id="ts_win-guest-active-dir-domain"> + + <title>Windows Guests are Removed From an Active Directory Domain After + Restoring a Snapshot</title> + + <para> + If a Windows guest is a member of an Active Directory domain and + the snapshot feature of &product-name; is used, it could happen + it loses this status after you restore an older snapshot. + </para> + + <para> + The reason is the automatic machine password changing performed + by Windows at regular intervals for security purposes. You can + disable this feature by following the instruction of the + following article from Microsoft: + <ulink + url="http://support.microsoft.com/kb/154501">http://support.microsoft.com/kb/154501</ulink> + </para> + + </sect2> + + <sect2 id="ts_d3d8-d3d9-restore"> + + <title>Restoring d3d8.dll and d3d9.dll</title> + + <para> + &product-name; Guest Additions for Windows prior to 4.1.8 did + not properly back up the original d3d8.dll and d3d9.dll system + files when selecting and installing the experimental Direct3D + support. This process replaces both system files with files from + the Guest Additions so that Direct3D calls can be handled + correctly. Although this issue was fixed with &product-name; + 4.1.8, there is no way the Windows Guest Additions installer can + repair these files. + </para> + + <para> + Corruption of these files has no implications if 3D acceleration + is enabled and basic Direct3D support is installed. That is, + without WDDM on Windows Vista or later, or on older Windows + systems like Windows XP. With the basic Direct3D support all + Direct3D 8.0 and Direct3D 9.0 applications will utilize + &product-name; Direct3D files directly and thus will run as + expected. + </para> + + <para> + For WDDM Direct3D support however, the originally shipped + d3d8.dll and d3d9.dll files are required in order to run + Direct3D 8.0 and Direct3D 9.0 applications. As a result of the + above mentioned system files corruption these applications will + not work anymore. See below for a step-by-step guide for + restoring the original d3d8.dll and d3d9.dll system files in + case the &product-name; Guest Additions installer warned about + those incorrect files or when having trouble running Direct3D + applications. + </para> + + <note> + <para> + Starting at Windows 7 the 3D desktop, called Aero, uses + DirectX 10 for rendering so that corrupted d3d8.dll and + d3d9.dll system files will have no effect on the actual + rendering. + </para> + </note> + + <para> + This is why such a detected file corruption is not considered as + fatal for the basic Direct3D installation on all supported + Windows guests, and for WDDM Direct3D installation on Windows 7 + and later guests. + </para> + + <para> + <emphasis role="bold">Extracting d3d8 and d3d9.dll from a + Windows XP installation CD:</emphasis> + </para> + + <orderedlist> + + <listitem> + <para> + Download and install the latest version of 7-Zip File + Manager. + </para> + </listitem> + + <listitem> + <para> + Browse into the installation CD. For example E:\i386, or + E:\amd64 for the 64-bit version. + </para> + </listitem> + + <listitem> + <para> + Locate the entries d3d8.dl_ and d3d9.dl_. Double-click on + the file names and extract d3d8.dll and d3d9.dll. + </para> + </listitem> + + <listitem> + <para> + Reboot Windows in Safe mode. + </para> + </listitem> + + <listitem> + <para> + Copy the extracted d3d8.dll and d3d9.dll files to + C:\Windows\system32 and C:\Windows\system32\dllcache. + </para> + </listitem> + + <listitem> + <para> + Reboot Windows. + </para> + </listitem> + + </orderedlist> + + <para> + <emphasis role="bold">Extracting d3d8 and d3d9.dll from a + Windows XP Service pack:</emphasis> + </para> + + <orderedlist> + + <listitem> + <para> + Download and install the latest version of 7-Zip File + Manager. + </para> + </listitem> + + <listitem> + <para> + Choose Open Inside, to open WindowsXP-KB936929-SP3-x86.exe + as an archive and browse the i386 directory. + </para> + </listitem> + + <listitem> + <para> + Locate the entries d3d8.dl_ and d3d9.dl_. Double-click on + the file names and extract d3d8.dll and d3d9.dll. + </para> + </listitem> + + <listitem> + <para> + Reboot Windows in Safe mode. + </para> + </listitem> + + <listitem> + <para> + Copy the extracted d3d8.dll and d3d9.dll files to + C:\Windows\system32 and C:\Windows\system32\dllcache. + </para> + </listitem> + + <listitem> + <para> + Reboot Windows. + </para> + </listitem> + + </orderedlist> + + <para> + Extracting d3d8 and d3d9.dll from a Vista/Windows7 installation + CD or Service Pack ISO: + </para> + + <orderedlist> + + <listitem> + <para> + Download and install the latest version of 7-Zip File + Manager. + </para> + </listitem> + + <listitem> + <para> + Browse into the installation CD. For example E:\sources. + </para> + </listitem> + + <listitem> + <para> + Locate file install.wim and double-click the file. After the + 7-Zip utility unzips the file, you will see a few numbered + folders. Each numeric subfolder represents a different + version of Windows such as Starter or Home Basic. + </para> + </listitem> + + <listitem> + <para> + Open one of the numeric folders and browse to the + Windows\System32 directory, or C:\Windows\SysWOW64 for the + 64-bit version. Locate and extract the d3d8.dll and d3d9.dll + files. + </para> + </listitem> + + <listitem> + <para> + Copy extracted the d3d8.dll and d3d9.dll files to + C:\Windows\system32 or C:\Windows\SysWOW64. Files from + system32 should go to system32, from SysWOW64 to SysWOW64. + </para> + </listitem> + + <listitem> + <para> + Reboot Windows. + </para> + </listitem> + + </orderedlist> + + </sect2> + + <sect2 id="ts_win31-ram-limitations"> + + <title>Windows 3.x Limited to 64 MB RAM</title> + + <para> + Windows 3.x guests are typically limited to 64 MB RAM, even if a + VM is assigned much more memory. While Windows 3.1 is + theoretically capable of using up to 512 MB RAM, it only uses + memory available through the XMS interface. Versions of + HIMEM.SYS, the Microsoft XMS manager, shipped with MS-DOS and + Microsoft Windows 3.x can only use up to 64 MB on standard PCs. + </para> + + <para> + This is a HIMEM.SYS limitation documented by Microsoft in + Knowledge base article KB 116256. Windows 3.1 memory limits are + described in detail in Microsoft Knowledge base article KB + 84388. + </para> + + <para> + It is possible for Windows 3.x guests to utilize more than 64 MB + RAM if a different XMS provider is used. That could be a newer + HIMEM.SYS version, such as that shipped with Windows 98, or a + more capable third-party memory manager, such as QEMM. + </para> + + </sect2> + + </sect1> + + <sect1 id="ts_lin-x11-guests"> + + <title>Linux and X11 Guests</title> + + <sect2 id="ts_linux-guest-high-cpu"> + + <title>Linux Guests May Cause a High CPU load</title> + + <para> + Some Linux guests may cause a high CPU load even if the guest + system appears to be idle. This can be caused by a high timer + frequency of the guest kernel. Some Linux distributions, for + example Fedora, ship a Linux kernel configured for a timer + frequency of 1000Hz. We recommend to recompile the guest kernel + and to select a timer frequency of 100Hz. + </para> + + <para> + Linux kernels shipped with Red Hat Enterprise Linux (RHEL) as of + release 4.7 and 5.1 as well as kernels of related Linux + distributions, such as CentOS and Oracle Linux, support a kernel + parameter <emphasis>divider=N</emphasis>. Hence, such kernels + support a lower timer frequency without recompilation. We + suggest you add the kernel parameter + <emphasis>divider=10</emphasis> to select a guest kernel timer + frequency of 100Hz. + </para> + + </sect2> + + <sect2 id="ts_linux-guest-amd-barcelona"> + + <title>AMD Barcelona CPUs</title> + + <para> + Most Linux-based guests will fail with AMD Phenoms or + Barcelona-level Opterons due to a bug in the Linux kernel. + Enable the I/O-APIC to work around the problem. See + <xref + linkend="settings-system" />. + </para> + + </sect2> + + <sect2 id="ts_linux-buggy"> + + <title>Buggy Linux 2.6 Kernel Versions</title> + + <para> + The following bugs in Linux kernels prevent them from executing + correctly in &product-name;, causing VM boot crashes: + </para> + + <itemizedlist> + + <listitem> + <para> + The Linux kernel version 2.6.18, and some 2.6.17 versions, + introduced a race condition that can cause boot crashes in + &product-name;. Please use a kernel version 2.6.19 or later. + </para> + </listitem> + + <listitem> + <para> + With hardware virtualization and the I/O APIC enabled, + kernels before 2.6.24-rc6 may panic on boot with the + following message: + </para> + +<screen>Kernel panic - not syncing: IO-APIC + timer doesn't work! Boot with +apic=debug and send a report. Then try booting with the 'noapic' option</screen> + + <para> + If you see this message, either disable hardware + virtualization or the I/O APIC as described in + <xref + linkend="settings-system" />, or upgrade + the guest to a newer kernel. + </para> + + <para> + See + <ulink + url="http://www.mail-archive.com/git-commits-head@vger.kernel.org/msg30813.html">http://www.mail-archive.com/git-commits-head@vger.kernel.org/msg30813.html</ulink> + for details about the kernel fix. + </para> + </listitem> + + </itemizedlist> + + </sect2> + + <sect2 id="ts_linux-guest-x11-services"> + + <title>Shared Clipboard, Auto-Resizing, and Seamless Desktop in X11 Guests</title> + + <para> + Guest desktop services in guests running the X11 window system + such as Oracle Solaris and Linux, are provided by a guest + service called <computeroutput>VBoxClient</computeroutput>, + which runs under the ID of the user who started the desktop + session and is automatically started using the following command + lines when your X11 user session is started if you are using a + common desktop environment such as Gnome or KDE. + </para> + +<screen>VBoxClient --clipboard +VBoxClient --display +VBoxClient --seamless</screen> + + <para> + If a particular desktop service is not working correctly, it is + worth checking whether the process which should provide it is + running. + </para> + + <para> + The <computeroutput>VBoxClient</computeroutput> processes create + files in the user's home directory with names of the form + <computeroutput>.vboxclient-*.pid</computeroutput> when they are + running in order to prevent a given service from being started + twice. It can happen due to misconfiguration that these files + are created owned by root and not deleted when the services are + stopped, which will prevent them from being started in future + sessions. If the services cannot be started, you may wish to + check whether these files still exist. + </para> + + </sect2> + + </sect1> + + <sect1 id="ts_sol-guests"> + + <title>Oracle Solaris Guests</title> + + <sect2 id="ts_solaris-10-guest-crash"> + + <title>Older Oracle Solaris 10 Releases Crash in 64-bit Mode</title> + + <para> + Oracle Solaris 10 releases up to and including Oracle Solaris 10 + 8/07 incorrectly detect newer Intel processors produced since + 2007. This problem leads to the 64-bit Oracle Solaris kernel + crashing, and usually causing a triple fault, almost immediately + during startup, in both virtualized and physical environments. + </para> + + <para> + The recommended solution is upgrading to at least Oracle Solaris + 10 5/08. Alternative solutions include forcing Oracle Solaris to + always boot the 32-bit kernel or applying a patch for bug + 6574102 while Oracle Solaris is using the 32-bit kernel. + </para> + + </sect2> + + <sect2 id="ts_solaris-10-guest-slow-boot-smp"> + + <title>Certain Oracle Solaris 10 Releases May Take a Long Time to Boot with SMP</title> + + <para> + When using more than one CPU, Oracle Solaris 10 5/08, Oracle + Solaris 10 10/08, and Oracle Solaris 10 5/09 may take a long + time to boot and may print warnings on the system console + regarding failures to read from disk. This is a bug in Oracle + Solaris 10 which affects specific physical and virtual + configurations. It is caused by trying to read microcode updates + from the boot disk when the disk interrupt is reassigned to a + not yet fully initialized secondary CPU. Disk reads will time + out and fail, triggering delays of about 45 seconds and + warnings. + </para> + + <para> + The recommended solution is upgrading to at least Oracle Solaris + 10 10/09 which includes a fix for this problem. Alternative + solutions include restricting the number of virtual CPUs to one + or possibly using a different storage controller. + </para> + + </sect2> + + <sect2 id="ts_solaris-8-guest-crash"> + + <title>Solaris 8 5/01 and Earlier May Crash on Startup</title> + + <para> + Solaris 2.6, 7 and 8 releases up to and including Solaris 8 4/01 + ("S8U4") incorrectly set up Machine Check Exception (MCE) MSRs + on Pentium 4 and some later Intel CPUs. The problem leads to the + Solaris kernel crashing, and usually causing a triple fault, + almost immediately during startup, in both virtualized and + physical environments. Solaris 9 and later releases are not + affected by this problem, and neither is Solaris 2.5.1 and + earlier. + </para> + + <para> + The recommended solution is upgrading to at least Solaris 8 7/01 + ("S8U5"). Alternative solutions include applying a patch for + bugs 4408508 and 4414557 on an unaffected system. + </para> + + </sect2> + + </sect1> + + <sect1 id="ts_fbsd-guests"> + + <title>FreeBSD Guests</title> + + <sect2 id="ts_fbsd-guest-xhci"> + + <title>FreeBSD 10.0 May Hang with xHCI</title> + + <para> + If xHCI (USB 3.0) emulation is enabled for FreeBSD 10.0 guests, + the guest OS will hang. This is caused by the guest OS + incorrectly handling systems where Message Signaled Interrupts + (MSIs) are not used with the xHCI device. + </para> + + <para> + The problem does not exist in earlier FreeBSD releases and was + fixed in FreeBSD 10.1. + </para> + + </sect2> + + </sect1> + + <sect1 id="ts_win-hosts"> + + <title>Windows Hosts</title> + + <sect2 id="ts_win-host-com-server"> + + <title>VBoxSVC Out-of-Process COM Server Issues</title> + + <para> + &product-name; makes use of the Microsoft Component Object Model + (COM) for interprocess and intraprocess communication. This + enables &product-name; to share a common configuration among + different virtual machine processes and provide several user + interface options based on a common architecture. All global + status information and configuration is maintained by the + process <computeroutput>VBoxSVC.exe</computeroutput>, which is + an out-of-process COM server. Whenever an &product-name; process + is started, it requests access to the COM server and Windows + automatically starts the process. Note that it should never be + started by the end user. + </para> + + <para> + When the last process disconnects from the COM server, it will + terminate itself after some seconds. The &product-name; + configuration (XML files) is maintained and owned by the COM + server and the files are locked whenever the server runs. + </para> + + <para> + In some cases, such as when a virtual machine is terminated + unexpectedly, the COM server will not notice that the client is + disconnected and stay active for a longer period of 10 minutes + or so, keeping the configuration files locked. In other rare + cases the COM server might experience an internal error and + subsequently other processes fail to initialize it. In these + situations, it is recommended to use the Windows task manager to + kill the process <computeroutput>VBoxSVC.exe</computeroutput>. + </para> + + </sect2> + + <sect2 id="ts_win-host-cd-dvd-changes"> + + <title>CD/DVD Changes Not Recognized</title> + + <para> + In case you have assigned a physical CD/DVD drive to a guest and + the guest does not notice when the medium changes, make sure + that the Windows media change notification (MCN) feature is not + turned off. This is represented by the following key in the + Windows registry: + </para> + +<screen>HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Cdrom\Autorun</screen> + + <para> + Certain applications may disable this key against Microsoft's + advice. If it is set to 0, change it to 1 and reboot your + system. &product-name; relies on Windows notifying it of media + changes. + </para> + + </sect2> + + <sect2 id="ts_win-host-rdp-client"> + + <title>Sluggish Response When Using Microsoft RDP Client</title> + + <para> + If connecting to a Virtual Machine using the Microsoft RDP + client, called a Remote Desktop Connection, there can be large + delays between input such as moving the mouse over a menu and + output. This is because this RDP client collects input for a + certain time before sending it to the RDP server. + </para> + + <para> + The interval can be decreased by setting a Windows registry key + to smaller values than the default of 100. The key does not + exist initially and must be of type DWORD. The unit for its + values is milliseconds. Values around 20 are suitable for + low-bandwidth connections between the RDP client and server. + Values around 4 can be used for a gigabit Ethernet connection. + Generally values below 10 achieve a performance that is very + close to that of the local input devices and screen of the host + on which the Virtual Machine is running. + </para> + + <para> + Depending whether the setting should be changed for an + individual user or for the system, set either of the following. + </para> + +<screen>HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Min Send Interval</screen> + +<screen>HKEY_LOCAL_MACHINE\Software\Microsoft\Terminal Server Client\Min Send Interval</screen> + + </sect2> + + <sect2 id="ts_win-host-iscsi"> + + <title>Running an iSCSI Initiator and Target on a Single System</title> + + <para> + Deadlocks can occur on a Windows host when attempting to access + an iSCSI target running in a guest virtual machine with an iSCSI + initiator, such as a Microsoft iSCSI Initiator, that is running + on the host. This is caused by a flaw in the Windows cache + manager component, and causes sluggish host system response for + several minutes, followed by a "Delayed Write Failed" error + message in the system tray or in a separate message window. The + guest is blocked during that period and may show error messages + or become unstable. + </para> + + <para> + Setting the environment variable + <computeroutput>VBOX_DISABLE_HOST_DISK_CACHE</computeroutput> to + 1 will enable a workaround for this problem until Microsoft + addresses the issue. For example, open a command prompt window + and start &product-name; like this: + </para> + +<screen>set VBOX_DISABLE_HOST_DISK_CACHE=1 +VirtualBox</screen> + + <para> + While this will decrease guest disk performance, especially + writes, it does not affect the performance of other applications + running on the host. + </para> + + </sect2> + + <sect2 id="ts_win-host-bridged-network-adapters"> + + <title>Bridged Networking Adapters Missing</title> + + <para> + If no bridged adapters show up in the + <emphasis role="bold">Networking</emphasis> section of the VM + settings, this typically means that the bridged networking + driver was not installed properly on your host. This could be + due to the following reasons: + </para> + + <itemizedlist> + + <listitem> + <para> + The maximum allowed filter count was reached on the host. In + this case, the MSI log would mention the + <computeroutput>0x8004a029</computeroutput> error code + returned on NetFlt network component install, as follows: + </para> + +<screen>VBoxNetCfgWinInstallComponent: Install failed, hr (0x8004a029)</screen> + + <para> + You can try to increase the maximum filter count in the + Windows registry using the following key: + </para> + +<screen>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\MaxNumFilters</screen> + + <para> + The maximum number allowed is 14. After a reboot, try to + reinstall &product-name;. + </para> + </listitem> + + <listitem> + <para> + The INF cache is corrupt. In this case, the install log + (<computeroutput>%windir%\inf\setupapi.log</computeroutput> + on XP or + <computeroutput>%windir%\inf\setupapi.dev.log</computeroutput> + on Vista or later) would typically mention the failure to + find a suitable driver package for either the + <computeroutput>sun_VBoxNetFlt</computeroutput> or + <computeroutput>sun_VBoxNetFltmp</computeroutput> + components. The solution then is to uninstall + &product-name;, remove the INF cache + (<computeroutput>%windir%\inf\INFCACHE.1</computeroutput>), + reboot and try to reinstall &product-name;. + </para> + </listitem> + + </itemizedlist> + + </sect2> + + <sect2 id="ts_win-host-host-only-network-adapters"> + + <title>Host-Only Networking Adapters Cannot be Created</title> + + <para> + If a host-only adapter cannot be created, either with the + VirtualBox Manager or the <command>VBoxManage</command> command, + then the INF cache is probably corrupt. In this case, the + install log + (<computeroutput>%windir%\inf\setupapi.log</computeroutput> on + Windows XP or + <computeroutput>%windir%\inf\setupapi.dev.log</computeroutput> + on Windows Vista or later) would typically mention the failure + to find a suitable driver package for the + <computeroutput>sun_VBoxNetAdp</computeroutput> component. + Again, as with the bridged networking problem described above, + the solution is to uninstall &product-name;, remove the INF + cache + (<computeroutput>%windir%\inf\INFCACHE.1</computeroutput>), + reboot and try to reinstall &product-name;. + </para> + + </sect2> + + </sect1> + + <sect1 id="ts_lin-hosts"> + + <title>Linux Hosts</title> + + <sect2 id="ts_linux-kernelmodule-fails-to-load"> + + <title>Linux Kernel Module Refuses to Load</title> + + <para> + If the &product-name; kernel module, + <computeroutput>vboxdrv</computeroutput>, refuses to load you + may see an "Error inserting vboxdrv: Invalid argument" message. + As root, check the output of the <command>dmesg</command> + command to find out why the load failed. Most probably the + kernel disagrees with the version of <command>gcc</command> used + to compile the module. Make sure that you use the same compiler + as used to build the kernel. + </para> + + </sect2> + + <sect2 id="ts_linux-host-cd-dvd-not-found"> + + <title>Linux Host CD/DVD Drive Not Found</title> + + <para> + If you have configured a virtual machine to use the host's + CD/DVD drive, but this does not appear to work, make sure that + the current user has permission to access the corresponding + Linux device file. This is + <computeroutput>/dev/hdc</computeroutput>, + <computeroutput>/dev/scd0</computeroutput>, + <computeroutput>/dev/cdrom</computeroutput> or similar. On most + distributions, the user must be added to a corresponding group, + usually called <computeroutput>cdrom</computeroutput> or + <computeroutput>cdrw</computeroutput>. + </para> + + </sect2> + + <sect2 id="ts_linux-host-cd-dvd-not-found-legacy"> + + <title>Linux Host CD/DVD Drive Not Found (Older Distributions)</title> + + <para> + On older Linux distributions, if your CD/DVD device has a + different name, &product-name; may be unable to find it. On + older Linux hosts, &product-name; performs the following steps + to locate your CD/DVD drives: + </para> + + <orderedlist> + + <listitem> + <para> + &product-name; checks if the environment variable + <computeroutput>VBOX_CDROM</computeroutput> is defined. If + so, &product-name; omits all the following checks. + </para> + </listitem> + + <listitem> + <para> + &product-name; tests if + <computeroutput>/dev/cdrom</computeroutput> works. + </para> + </listitem> + + <listitem> + <para> + &product-name; checks if any CD/DVD drives are currently + mounted by checking + <computeroutput>/etc/mtab</computeroutput>. + </para> + </listitem> + + <listitem> + <para> + &product-name; checks if any of the entries in + <computeroutput>/etc/fstab</computeroutput> point to CD/DVD + devices. + </para> + </listitem> + + </orderedlist> + + <para> + You can set the VBOX_CDROM environment variable to contain a + list of your CD/DVD devices, separated by colons. For example: + </para> + +<screen>export VBOX_CDROM='/dev/cdrom0:/dev/cdrom1'</screen> + + <para> + On modern Linux distributions, &product-name; uses the hardware + abstraction layer (HAL) to locate CD and DVD hardware. + </para> + + </sect2> + + <sect2 id="ts_linux-host-floppy-not-found"> + + <title>Linux Host Floppy Not Found</title> + + <para> + <xref linkend="ts_linux-host-cd-dvd-not-found-legacy"/> appplies + also to floppy disks, except that on older distributions + &product-name; tests for + <computeroutput>/dev/fd*</computeroutput> devices by default. + This can be overridden with the + <computeroutput>VBOX_FLOPPY</computeroutput> environment + variable. + </para> + + </sect2> + + <sect2 id="ts_linux-host-ide-messages"> + + <title>Strange Guest IDE Error Messages When Writing to CD/DVD</title> + + <para> + If the experimental CD/DVD writer support is enabled with an + incorrect &product-name;, host or guest configuration, it is + possible that any attempt to access the CD/DVD writer fails and + simply results in guest kernel error messages for Linux guests + or application error messages for Windows guests. &product-name; + performs the usual consistency checks when a VM is powered up. + In particular, it aborts with an error message if the device for + the CD/DVD writer is not writable by the user starting the VM. + But &product-name; cannot detect all misconfigurations. The + necessary host and guest OS configuration is not specific for + &product-name;, but a few frequent problems are listed here + which occurred in connection with &product-name;. + </para> + + <para> + Special care must be taken to use the correct device. The + configured host CD/DVD device file name, in most cases + <computeroutput>/dev/cdrom</computeroutput>, must point to the + device that allows writing to the CD/DVD unit. For CD/DVD writer + units connected to a SCSI controller or to a IDE controller that + interfaces to the Linux SCSI subsystem, common for some SATA + controllers, this must refer to the SCSI device node, such as + <computeroutput>/dev/scd0</computeroutput>. Even for IDE CD/DVD + writer units this must refer to the appropriate SCSI CD-ROM + device node, such as <computeroutput>/dev/scd0</computeroutput>, + if the <computeroutput>ide-scsi</computeroutput> kernel module + is loaded. This module is required for CD/DVD writer support + with all Linux 2.4 kernels and some early 2.6 kernels. Many + Linux distributions load this module whenever a CD/DVD writer is + detected in the system, even if the kernel would support CD/DVD + writers without the module. &product-name; supports the use of + IDE device files, such as + <computeroutput>/dev/hdc</computeroutput>, provided the kernel + supports this and the <computeroutput>ide-scsi</computeroutput> + module is not loaded. + </para> + + <para> + Similar rules, except that within the guest the CD/DVD writer is + always an IDE device, apply to the guest configuration. Since + this setup is very common, it is likely that the default + configuration of the guest works as expected. + </para> + + </sect2> + + <sect2 id="ts_linux-host-vboxsvc"> + + <title>VBoxSVC IPC Issues</title> + + <para> + On Linux, &product-name; makes use of a custom version of + Mozilla XPCOM (cross platform component object model) for + interprocess and intraprocess communication (IPC). The process + <computeroutput>VBoxSVC</computeroutput> serves as a + communication hub between different &product-name; processes and + maintains the global configuration, such as the XML database. + When starting an &product-name; component, the processes + <computeroutput>VBoxSVC</computeroutput> and + <computeroutput>VBoxXPCOMIPCD</computeroutput> are started + automatically. They are only accessible from the user account + they are running under. <computeroutput>VBoxSVC</computeroutput> + owns the &product-name; configuration database which normally + resides in + <computeroutput>~/.config/VirtualBox</computeroutput>, or the + appropriate configuration directory for your operating system. + While it is running, the configuration files are locked. + Communication between the various &product-name; components and + <computeroutput>VBoxSVC</computeroutput> is performed through a + local domain socket residing in + <computeroutput>/tmp/.vbox-<username>-ipc</computeroutput>. + In case there are communication problems, such as an + &product-name; application cannot communicate with + <computeroutput>VBoxSVC</computeroutput>, terminate the daemons + and remove the local domain socket directory. + </para> + + </sect2> + + <sect2 id="ts_usb-linux"> + + <title>USB Not Working</title> + + <para> + If USB is not working on your Linux host, make sure that the + current user is a member of the + <computeroutput>vboxusers</computeroutput> group. Please keep in + mind that group membership does not take effect immediately but + rather at the next login. If available, the + <command>newgrp</command> command may avoid the need for a + logout and login. + </para> + + </sect2> + + <sect2 id="ts_linux-host-grsec"> + + <title>PAX/grsec Kernels</title> + + <para> + Linux kernels including the grsec patch, see + <ulink + url="http://www.grsecurity.net/">http://www.grsecurity.net/</ulink>, + and derivates have to disable PAX_MPROTECT for the VBox binaries + to be able to start a VM. The reason is that VBox has to create + executable code on anonymous memory. + </para> + + </sect2> + + <sect2 id="ts_linux-host-malloc"> + + <title>Linux Kernel vmalloc Pool Exhausted</title> + + <para> + When running a large number of VMs with a lot of RAM on a Linux + system, say 20 VMs with 1 GB of RAM each, additional VMs might + fail to start with a kernel error saying that the vmalloc pool + is exhausted and should be extended. The error message also + tells you to specify + <computeroutput>vmalloc=256MB</computeroutput> in your kernel + parameter list. If adding this parameter to your GRUB or LILO + configuration makes the kernel fail to boot, with an error + message such as "failed to mount the root partition", then you + have probably run into a memory conflict of your kernel and + initial RAM disk. This can be solved by adding the following + parameter to your GRUB configuration: + </para> + +<screen>uppermem 524288</screen> + + </sect2> + + </sect1> + + <sect1 id="ts_sol-hosts"> + + <title>Oracle Solaris Hosts</title> + + <sect2 id="ts_sol-host-zfs"> + + <title>Cannot Start VM, Not Enough Contiguous Memory</title> + + <para> + The ZFS file system is known to use nearly all available RAM as + cache if the default system settings are not changed. This may + lead to a heavy fragmentation of the host memory preventing + &product-name; VMs from being started. We recommend to limit the + ZFS cache by adding the following line to /etc/system, where + <computeroutput>xxxx</computeroutput> bytes is the amount of + memory usable for the ZFS cache. + </para> + +<screen>set zfs:zfs_arc_max = xxxx</screen> + + </sect2> + + <sect2 id="ts_sol-host-swap-space"> + + <title>VM Aborts With Out of Memory Errors on Oracle Solaris 10 Hosts</title> + + <para> + 32-bit Oracle Solaris 10 hosts (bug 1225025) require swap space + equal to, or greater than the host's physical memory size. For + example, 8 GB physical memory would require at least 8 GB swap. + This can be configured during an Oracle Solaris 10 install by + choosing a Custom Install and changing the default partitions. + </para> + + <note> + <para> + This restriction applies only to 32-bit Oracle Solaris hosts, + 64-bit hosts are not affected. + </para> + </note> + + <para> + For existing Oracle Solaris 10 installs, an additional swap + image needs to be mounted and used as swap. Hence if you have 1 + GB swap and 8 GB of physical memory, you require to add 7 GB + more swap. This can be done as follows: + </para> + + <para> + For ZFS, run the following as root user: + </para> + +<screen>zfs create -V 8gb /_<ZFS volume>_/swap +swap -a /dev/zvol/dsk/_<ZFS volume>_/swap</screen> + + <para> + To mount if after reboot, add the following line to /etc/vfstab: + </para> + +<screen>/dev/zvol/dsk/_<ZFS volume>_/swap - - swap - no -</screen> + + <para> + Alternatively, you could grow the existing swap using: + </para> + +<screen>zfs set volsize=8G rpool/swap</screen> + + <para> + And reboot the system for the changes to take effect. + </para> + + <para> + For UFS (as root user): + </para> + +<screen>mkfile 7g /path/to/swapfile.img +swap -a /path/to/swapfile.img</screen> + + <para> + To mount it after reboot, add the following line to /etc/vfstab: + </para> + +<screen>/path/to/swap.img - - swap - no -</screen> + + </sect2> + + </sect1> + +</chapter> diff --git a/doc/manual/en_US/user_VBoxManage.xml b/doc/manual/en_US/user_VBoxManage.xml new file mode 100644 index 00000000..f758bbe5 --- /dev/null +++ b/doc/manual/en_US/user_VBoxManage.xml @@ -0,0 +1,9270 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + user_VBoxManage.xml: + VBoxManage documentation for the user manual. + + This XML document is also be used for generating the help text + built into VBoxManage as well as manpages (hacking in progress). + + Copyright (C) 2006-2018 Oracle Corporation + + This file is part of VirtualBox Open Source Edition (OSE), as + available from http://www.virtualbox.org. This file is free software; + you can redistribute it and/or modify it under the terms of the GNU + General Public License (GPL) as published by the Free Software + Foundation, in version 2 as it comes in the "COPYING" file of the + VirtualBox OSE distribution. VirtualBox OSE is distributed in the + hope that it will be useful, but WITHOUT ANY WARRANTY of any kind. + --> +<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" + "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"[ +<!ENTITY % all.entities SYSTEM "all-entities.ent"> +%all.entities; +]> +<chapter id="vboxmanage"> + + <title>VBoxManage</title> + + <sect1 id="vboxmanage-intro"> + + <title>Introduction</title> + + <para> + As briefly mentioned in <xref linkend="frontends" />, + <command>VBoxManage</command> is the command-line interface to + &product-name;. With it, you can completely control &product-name; + from the command line of your host operating system. + <command>VBoxManage</command> supports all the features that the + graphical user interface gives you access to, but it supports a + lot more than that. It exposes all the features of the + virtualization engine, even those that cannot be accessed from the + GUI. + </para> + + <para> + You will need to use the command line if you want to do the + following: + </para> + + <itemizedlist> + + <listitem> + <para> + Use a different user interface than the main GUI such as the + VBoxHeadless server. + </para> + </listitem> + + <listitem> + <para> + Control some of the more advanced and experimental + configuration settings for a VM. + </para> + </listitem> + + </itemizedlist> + + <para> + There are two main things to keep in mind when using + <command>VBoxManage</command>. First, + <command>VBoxManage</command> must always be used with a specific + subcommand, such as <command>list</command> or + <command>createvm</command> or <command>startvm</command>. All the + subcommands that <command>VBoxManage</command> supports are + described in detail in <xref linkend="vboxmanage" />. + </para> + + <para> + Second, most of these subcommands require that you specify a + particular virtual machine after the subcommand. There are two + ways you can do this: + </para> + + <itemizedlist> + + <listitem> + <para> + You can specify the VM name, as it is shown in the + &product-name; GUI. Note that if that name contains spaces, + then you must enclose the entire name in double quotes. This + is always required with command line arguments that contain + spaces. For example: + </para> + +<screen>VBoxManage startvm "Windows XP"</screen> + </listitem> + + <listitem> + <para> + You can specify the UUID, which is the internal unique + identifier that &product-name; uses to refer to the virtual + machine. Assuming that the VM called "Windows XP" has the UUID + shown below, the following command has the same effect as the + previous example: + </para> + +<screen>VBoxManage startvm 670e746d-abea-4ba6-ad02-2a3b043810a5</screen> + </listitem> + + </itemizedlist> + + <para> + You can enter <command>VBoxManage list vms</command> to have all + currently registered VMs listed with all their settings, including + their respective names and UUIDs. + </para> + + <para> + Some typical examples of how to control &product-name; from the + command line are listed below: + </para> + + <itemizedlist> + + <listitem> + <para> + To create a new virtual machine from the command line and + immediately register it with &product-name;, use + <command>VBoxManage createvm</command> with the + <option>--register</option> option, as follows: + </para> + +<screen>$ VBoxManage createvm --name "SUSE 10.2" --register +VirtualBox Command Line Management Interface Version <replaceable>version-number</replaceable> +(C) 2005-2018 Oracle Corporation +All rights reserved. + +Virtual machine 'SUSE 10.2' is created. +UUID: c89fc351-8ec6-4f02-a048-57f4d25288e5 +Settings file: '/home/username/.config/VirtualBox/Machines/SUSE 10.2/SUSE 10.2.xml'</screen> + + <para> + As can be seen from the above output, a new virtual machine + has been created with a new UUID and a new XML settings file. + </para> + + <para> + For more details, see + <xref + linkend="vboxmanage-createvm" />. + </para> + </listitem> + + <listitem> + <para> + To show the configuration of a particular VM, use + <command>VBoxManage showvminfo</command>. See + <xref + linkend="vboxmanage-showvminfo" /> for details + and an example. + </para> + </listitem> + + <listitem> + <para> + To change settings while a VM is powered off, use + <command>VBoxManage modifyvm</command>. For example: + </para> + +<screen>VBoxManage modifyvm "Windows XP" --memory 512</screen> + + <para> + See also <xref linkend="vboxmanage-modifyvm" />. + </para> + </listitem> + + <listitem> + <para> + To change the storage configuration, such as to add a storage + controller and then a virtual disk, use <command>VBoxManage + storagectl</command> and <command>VBoxManage + storageattach</command>. See + <xref + linkend="vboxmanage-storagectl" /> and + <xref + linkend="vboxmanage-storageattach" />. + </para> + </listitem> + + <listitem> + <para> + To control VM operation, use one of the following: + </para> + + <itemizedlist> + + <listitem> + <para> + To start a VM that is currently powered off, use + <command>VBoxManage startvm</command>. See + <xref + linkend="vboxmanage-startvm" />. + </para> + </listitem> + + <listitem> + <para> + To pause or save a VM that is currently running or change + some of its settings, use <command>VBoxManage + controlvm</command>. See + <xref + linkend="vboxmanage-controlvm" />. + </para> + </listitem> + + </itemizedlist> + </listitem> + + </itemizedlist> + + </sect1> + + <sect1 id="vboxmanage-cmd-overview"> + + <title>Commands Overview</title> + + <para> + When running <command>VBoxManage</command> without parameters or + when supplying an invalid command line, the following command + syntax list is shown. Note that the output will be slightly + different depending on the host platform. If in doubt, check the + output of <command>VBoxManage</command> for the commands available + on your particular host. + </para> + + <xi:include href="user_VBoxManage_CommandsOverview.xml" xpointer="xpointer(/sect1/*)" + xmlns:xi="http://www.w3.org/2001/XInclude" /> + + <para> + Each time <command>VBoxManage</command> is invoked, only one + command can be executed. However, a command might support several + subcommands which then can be invoked in one single call. The + following sections provide detailed reference information on the + different commands. + </para> + + </sect1> + + <sect1 id="vboxmanage-general"> + + <title>General Options</title> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>-v|--version</computeroutput>: Show the + version of this tool and exit. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--nologo</computeroutput>: Suppress the output + of the logo information. This option is useful for scripts. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--settingspw</computeroutput>: Specifiy a + settings password. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--settingspwfile</computeroutput>: Specify a + file containing the settings password. + </para> + </listitem> + + </itemizedlist> + + <para> + The settings password is used for certain settings which need to + be stored in encrypted form for security reasons. At the moment, + the only encrypted setting is the iSCSI initiator secret, see + <xref linkend="vboxmanage-storageattach" />. As long as no + settings password is specified, this information is stored in + <emphasis>plain text</emphasis>. After using the + <computeroutput>--settingspw|--settingspwfile</computeroutput> + option once, it must be always used. Otherwise, the encrypted + setting cannot be unencrypted. + </para> + + </sect1> + + <sect1 id="vboxmanage-list"> + + <title>VBoxManage list</title> + + <para> + The <command>list</command> command gives relevant information + about your system and information about &product-name;'s current + settings. + </para> + + <para> + The following subcommands are available with <command>VBoxManage + list</command>: + </para> + + <itemizedlist> + + <listitem> + <para> + <command>vms</command>: Lists all virtual machines currently + registered with &product-name;. By default this displays a + compact list with each VM's name and UUID. If you also specify + <computeroutput>--long</computeroutput> or + <computeroutput>-l</computeroutput>, this will be a detailed + list as with the <command>showvminfo</command> command, see + <xref linkend="vboxmanage-showvminfo"/>. + </para> + </listitem> + + <listitem> + <para> + <command>runningvms</command>: Lists all currently running + virtual machines by their unique identifiers (UUIDs) in the + same format as with <command>vms</command>. + </para> + </listitem> + + <listitem> + <para> + <command>ostypes</command>: Lists all guest operating systems + presently known to &product-name;, along with the identifiers + used to refer to them with the <command>modifyvm</command> + command. + </para> + </listitem> + + <listitem> + <para> + <command>hostdvds</command>, <command>hostfloppies</command>: + Lists the DVD, floppy, bridged networking, and host-only + networking interfaces on the host, along with the name used to + access them from within &product-name;. + </para> + </listitem> + + <listitem> + <para> + <command>intnets</command>: Displays information about the + internal networks. + </para> + </listitem> + + <listitem> + <para> + <command>bridgedifs</command>, <command>hostonlyifs</command>, + <command>natnets</command>, <command>dhcpservers</command>: + Lists the bridged network interfaces, host-only network + interfaces, NAT network interfaces, and DHCP servers currently + available on the host. See + <xref linkend="networkingdetails" />. + </para> + </listitem> + + <listitem> + <para> + <command>hostinfo</command>: Displays information about the + host system, such as CPUs, memory size, and operating system + version. + </para> + </listitem> + + <listitem> + <para> + <command>hostcpuids</command>: Lists the CPUID parameters for + the host CPUs. This can be used for a more fine grained + analyis of the host's virtualization capabilities. + </para> + </listitem> + + <listitem> + <para> + <command>hddbackends</command>: Lists all known virtual disk + back-ends of &product-name;. For each such format, such as + VDI, VMDK, or RAW, this subcommand lists the back-end's + capabilities and configuration. + </para> + </listitem> + + <listitem> + <para> + <command>hdds</command>, <command>dvds</command>, + <command>floppies</command>: Shows information about virtual + disk images currently in use by &product-name;, including all + their settings, the unique identifiers (UUIDs) associated with + them by &product-name; and all files associated with them. + This is the command-line equivalent of the Virtual Media + Manager. See <xref linkend="vdis" />. + </para> + </listitem> + + <listitem> + <para> + <command>usbhost</command>: Shows information about USB + devices attached to the host, including information useful for + constructing USB filters and whether they are currently in use + by the host. + </para> + </listitem> + + <listitem> + <para> + <command>usbfilters</command>: Lists all global USB filters + registered with &product-name; and displays the filter + parameters. Global USB filters are for devices which are + accessible to all virtual machines. + </para> + </listitem> + + <listitem> + <para> + <command>systemproperties</command>: Displays some global + &product-name; settings, such as minimum and maximum guest RAM + and virtual hard disk size, folder settings and the current + authentication library in use. + </para> + </listitem> + + <listitem> + <para> + <command>extpacks</command>: Displays all &product-name; + extension packs that are currently installed. See + <xref linkend="intro-installing" /> and + <xref linkend="vboxmanage-extpack" />. + </para> + </listitem> + + <listitem> + <para> + <command>groups</command>: Displays details of the VM Groups. + See <xref linkend="gui-vmgroups" />. + </para> + </listitem> + + <listitem> + <para> + <command>webcams</command>: Displays a list of webcams + attached to the running VM. The output format is a list of + absolute paths or aliases that were used for attaching the + webcams to the VM using the webcam attach command. + </para> + </listitem> + + <listitem> + <para> + <command>screenshotformats</command>: Displays a list of + available screenshot formats. + </para> + </listitem> + + <listitem> + <para> + <command>cloudproviders</command>: Displays a list of cloud + providers that are supported by &product-name;. &oci; is an + example of a cloud provider. + </para> + </listitem> + + <listitem> + <para> + <command>cloudprofiles</command>: Displays a list of cloud + profiles that have been configured. + </para> + + <para> + Cloud profiles are used when exporting VMs to a cloud service. + See <xref linkend="ovf-export-oci"/>. + </para> + </listitem> + + </itemizedlist> + + </sect1> + + <sect1 id="vboxmanage-showvminfo"> + + <title>VBoxManage showvminfo</title> + + <para> + The <command>showvminfo</command> command shows information about + a particular virtual machine. This is the same information as + <command>VBoxManage list vms --long</command> would show for all + virtual machines. + </para> + + <para> + You will see information as shown in the following example. + </para> + +<screen>$ VBoxManage showvminfo "Windows XP" +VirtualBox Command Line Management Interface Version <replaceable>version-number</replaceable> +(C) 2005-2018 Oracle Corporation +All rights reserved. + +Name: Windows XP +Guest OS: Other/Unknown +UUID: 1bf3464d-57c6-4d49-92a9-a5cc3816b7e7 +Config file: /home/username/.config/VirtualBox/Machines/Windows XP/Windows XP.xml +Memory size: 512MB +VRAM size: 12MB +Number of CPUs: 2 +Boot menu mode: message and menu +Boot Device (1): DVD +Boot Device (2): HardDisk +Boot Device (3): Not Assigned +Boot Device (4): Not Assigned +ACPI: on +IOAPIC: on +... + </screen> + + <para> + Use the <computeroutput>--machinereadable</computeroutput> option + to produce the same output, but in machine readable format with a + property=value string on each line. For example: + </para> + +<screen> +... +groups="/" +ostype="Oracle (64-bit)" +UUID="457af700-bc0a-4258-aa3c-13b03da171f2" +... + </screen> + + </sect1> + + <sect1 id="vboxmanage-registervm"> + + <title>VBoxManage registervm/unregistervm</title> + + <para> + The <computeroutput>registervm</computeroutput> command enables + you to import a virtual machine definition in an XML file into + &product-name;. The machine must not conflict with one already + registered in &product-name; and it may not have any hard or + removable disks attached. It is advisable to place the definition + file in the machines folder before registering it. + </para> + + <note> + <para> + When creating a new virtual machine with <command>VBoxManage + createvm</command>, as shown in + <xref linkend="vboxmanage-createvm"/>, you can directly specify + the <option>--register</option> option to avoid having to + register it separately. + </para> + </note> + + <para> + The <command>unregistervm</command> command unregisters a virtual + machine. If <option>--delete</option> is also specified, the + following files will also be deleted automatically: + </para> + + <itemizedlist> + + <listitem> + <para> + All hard disk image files, including differencing files, which + are used by the machine and not shared with other machines. + </para> + </listitem> + + <listitem> + <para> + Saved state files that the machine created. One if the machine + was in Saved state and one for each online snapshot. + </para> + </listitem> + + <listitem> + <para> + The machine XML file and its backups. + </para> + </listitem> + + <listitem> + <para> + The machine log files. + </para> + </listitem> + + <listitem> + <para> + The machine directory, if it is empty after having deleted all + of the above files. + </para> + </listitem> + + </itemizedlist> + + </sect1> + + <sect1 id="vboxmanage-createvm"> + + <title>VBoxManage createvm</title> + + <para> + The <command>VBoxManage createvm</command> command creates a new + XML virtual machine definition file. + </para> + + <para> + You must specify the name of the VM by using <option>--name + <replaceable>name</replaceable></option>. This name is used by + default as the file name of the settings file that has the + <computeroutput>.xml</computeroutput> extension and the machine + folder, which is a subfolder of the + <computeroutput>.config/VirtualBox/Machines</computeroutput> + folder. Note that the machine folder path name varies based on the + OS type and the &product-name; version. + </para> + + <para> + Ensure that the VM name conforms to the host OS's file name + requirements. If you later rename the VM, the file and folder + names will be updated to match the new name automatically. + </para> + + <para> + The <option>--basefolder <replaceable>path</replaceable></option> + option specifies the machine folder path name. Note that the names + of the file and the folder do not change if you rename the VM. + </para> + + <para> + The <option>--group <replaceable>group-ID</replaceable>, + ...</option> option assigns the VM to the specified groups. Note + that group IDs always start with + <computeroutput>/</computeroutput> so that they can be nested. By + default, each VM is assigned membership to the + <computeroutput>/</computeroutput> group. + </para> + + <para> + The <option>--ostype <replaceable>ostype</replaceable></option> + option specifies the guest OS to run in the VM. Run the + <command>VBoxManage list ostypes</command> command to see the + available OS types. + </para> + + <para> + The <option>--uuid <replaceable>uuid</replaceable></option> option + specifies the universal unique identifier (UUID) of the VM. The + UUID must be unique within the namespace of the host or of its VM + group memberships. By default, the <command>VBoxManage</command> + command automatically generates the UUID. + </para> + + <para> + The <computeroutput>--default</computeroutput> option applies a + default hardware configuration for the specified guest OS. By + default, the VM is created with minimal hardware. + </para> + + <para> + The <option>--register</option> option registers the VM with your + &product-name; installation. By default, the <command>VBoxManage + createvm</command> command creates only the XML configuration for + the VM but does not registered the VM. If you do not register the + VM at creation, you can run the <command>VBoxManage + registervm</command> command after you create the VM. + </para> + + </sect1> + + <sect1 id="vboxmanage-modifyvm"> + + <title>VBoxManage modifyvm</title> + + <para> + This command changes the properties of a registered virtual + machine which is not running. Most of the properties that this + command makes available correspond to the VM settings that + &product-name; graphical user interface displays in each VM's + <emphasis role="bold">Settings</emphasis> dialog. These are + described in <xref linkend="BasicConcepts" />. However, some of + the more advanced settings are only available through the + <command>VBoxManage</command> interface. + </para> + + <para> + These commands require that the machine is powered off, neither + running nor in a Saved state. Some machine settings can also be + changed while a machine is running. Those settings will then have + a corresponding subcommand with the <command>VBoxManage + controlvm</command> subcommand. See + <xref linkend="vboxmanage-controlvm" />. + </para> + + <sect2 id="vboxmanage-modifyvm-general"> + + <title>General Settings</title> + + <para> + The following general settings are available through + <command>VBoxManage modifyvm</command>: + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>--name <name></computeroutput>: + Changes the VM's name and can be used to rename the internal + virtual machine files, as described in + <xref linkend="vboxmanage-createvm"/>. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--groups <group>, + ...</computeroutput>: Changes the group membership of a VM. + Groups always start with a + <computeroutput>/</computeroutput> and can be nested. By + default VMs are in group <computeroutput>/</computeroutput>. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--description <desc></computeroutput>: + Changes the VM's description, which is a way to record + details about the VM in a way which is meaningful for the + user. The GUI interprets HTML formatting, the command line + allows arbitrary strings potentially containing multiple + lines. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--ostype <ostype></computeroutput>: + Specifies what guest operating system is supposed to run in + the VM. To learn about the various identifiers that can be + used here, use <command>VBoxManage list ostypes</command>. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--iconfile + <filename></computeroutput>: Specifies the absolute + path on the host file system for the &product-name; icon to + be displayed in the VM. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--memory + <memorysize></computeroutput>: Sets the amount of RAM, + in MB, that the virtual machine should allocate for itself + from the host. See <xref linkend="gui-createvm" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--pagefusion on|off</computeroutput>: + Enables and disables the Page Fusion feature. Page Fusion is + disabled by default. The Page Fusion feature minimises + memory duplication between VMs with similar configurations + running on the same host. See + <xref linkend="guestadd-pagefusion" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--vram <vramsize></computeroutput>: + Sets the amount of RAM that the virtual graphics card should + have. See <xref linkend="settings-display" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--acpi on|off</computeroutput> and + <computeroutput>--ioapic on|off</computeroutput>: Determines + whether the VM has ACPI and I/O APIC support. See + <xref linkend="settings-motherboard" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--pciattach <host PCI address [@ guest + PCI bus address]></computeroutput>: Attaches a specified + PCI network controller on the host to a specified PCI bus on + the guest. See <xref linkend="pcipassthrough" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--pcidetach <host PCI + address></computeroutput>: Detaches a specified PCI + network controller on the host from the attached PCI bus on + the guest. See <xref linkend="pcipassthrough" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--hardwareuuid + <uuid></computeroutput>: The UUID presented to the + guest through memory tables (DMI/SMBIOS), hardware, and + guest properties. By default this is the same as the VM + UUID. This setting is useful when cloning a VM. Teleporting + takes care of this automatically. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--cpus <cpucount></computeroutput>: + Sets the number of virtual CPUs for the virtual machine, see + <xref linkend="settings-processor" />. If CPU hot-plugging + is enabled, this then sets the <emphasis>maximum</emphasis> + number of virtual CPUs that can be plugged into the virtual + machines. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--cpuhotplug on|off</computeroutput>: + Enables CPU hot-plugging. When enabled, virtual CPUs can be + added to and removed from a virtual machine while it is + running. See <xref linkend="cpuhotplug" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--plugcpu|unplugcpu + <id></computeroutput>: If CPU hot-plugging is enabled, + this setting adds or removes a virtual CPU on the virtual + machine. <computeroutput><id></computeroutput> + specifies the index of the virtual CPU to be added or + removed and must be a number from 0 to the maximum number of + CPUs configured with the + <computeroutput>--cpus</computeroutput> option. CPU 0 can + never be removed. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--cpuexecutioncap + <1-100></computeroutput>: Controls how much CPU time a + virtual CPU can use. A value of 50 implies a single virtual + CPU can use up to 50% of a single host CPU. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--pae on|off</computeroutput>: Enables and + disables PAE. See <xref linkend="settings-processor" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--longmode on|off</computeroutput>: Enables + and disables long mode. See + <xref linkend="settings-processor" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--spec-ctrl on|off</computeroutput>: Enables + and disables the exposure of speculation control interfaces + to the guest, provided they are available on the host. + Depending on the host CPU and workload, enabling speculation + control may significantly reduce performance. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--cpu-profile <host|intel + 80[86|286|386]></computeroutput>: Enables specification + of a profile for guest CPU emulation. Specify either one + based on the host system CPU (host), or one from a number of + older Intel Micro-architectures: 8086, 80286, 80386. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--hpet on|off</computeroutput>: Enables and + disables a High Precision Event Timer (HPET) which can + replace the legacy system timers. This is turned off by + default. Note that Windows supports a HPET only from Vista + onwards. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--hwvirtex on|off</computeroutput>: Enables + and disables the use of hardware virtualization extensions, + such as Intel VT-x or AMD-V, in the processor of your host + system. See <xref linkend="hwvirt" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--triplefaultreset on|off</computeroutput>: + Enables resetting of the guest instead of triggering a Guru + Meditation. Some guests raise a triple fault to reset the + CPU so sometimes this is desired behavior. Works only for + non-SMP guests. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--apic on|off</computeroutput>: Enables and + disables I/O APIC. With I/O APIC, operating systems can use + more than 16 interrupt requests (IRQs) thus avoiding IRQ + sharing for improved reliability. This setting is enabled by + default. See <xref linkend="settings-motherboard" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--x2apic on|off</computeroutput>: Enables + and disables CPU x2APIC support. CPU x2APIC support helps + operating systems run more efficiently on high core count + configurations, and optimizes interrupt distribution in + virtualized environments. This setting is enabled by + default. Disable this setting when using host or guest + operating systems that are incompatible with x2APIC support. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--paravirtprovider + none|default|legacy|minimal|hyperv|kvm</computeroutput>: + Specifies which paravirtualization interface to provide to + the guest operating system. Specifying + <computeroutput>none</computeroutput> explicitly turns off + exposing any paravirtualization interface. The option + <computeroutput>default</computeroutput> selects an + appropriate interface when starting the VM, depending on the + guest OS type. This is the default option chosen when + creating new VMs. The + <computeroutput>legacy</computeroutput> option is used for + VMs which were created with older &product-name; versions + and will pick a paravirtualization interface when starting + the VM with &product-name; 5.0 and newer. The + <computeroutput>minimal</computeroutput> provider is + mandatory for Mac OS X guests. + <computeroutput>kvm</computeroutput> and + <computeroutput>hyperv</computeroutput> are recommended for + Linux and Windows guests respectively. These options are + explained in <xref linkend="gimproviders" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--paravirtdebug <keyword=value> + [,<keyword=value> ...]</computeroutput>: Specifies + debugging options specific to the paravirtualization + provider configured for this VM. See the provider specific + options in <xref linkend="gimdebug" /> for a list of + supported keyword-value pairs for each provider. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--nestedpaging on|off</computeroutput>: If + hardware virtualization is enabled, this additional setting + enables or disables the use of the nested paging feature in + the processor of your host system. See + <xref linkend="hwvirt" /> and + <xref linkend="sec-rec-cve-2018-3646" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--largepages on|off</computeroutput>: If + hardware virtualization <emphasis>and</emphasis> nested + paging are enabled, for Intel VT-x only, an additional + performance improvement of up to 5% can be obtained by + enabling this setting. This causes the hypervisor to use + large pages to reduce TLB use and overhead. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--vtxvpid on|off</computeroutput>: If + hardware virtualization is enabled, for Intel VT-x only, + this additional setting enables or disables the use of the + tagged TLB (VPID) feature in the processor of your host + system. See <xref linkend="hwvirt" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--vtxux on|off</computeroutput>: If hardware + virtualization is enabled, for Intel VT-x only, this setting + enables or disables the use of the unrestricted guest mode + feature for executing your guest. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--accelerate3d on|off</computeroutput>: If + the Guest Additions are installed, this setting enables or + disables hardware 3D acceleration. See + <xref linkend="guestadd-3d" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--accelerate2dvideo on|off</computeroutput>: + If the Guest Additions are installed, this setting enables + or disables 2D video acceleration. See + <xref linkend="guestadd-2d" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--chipset piix3|ich9</computeroutput>: By + default, &product-name; emulates an Intel PIIX3 chipset. + Usually there is no reason to change the default setting + unless this is required to relax some of its constraints. + See <xref linkend="settings-motherboard" />. + </para> + </listitem> + + <listitem> + <para> + You can influence the BIOS logo that is displayed when a + virtual machine starts up with a number of settings. By + default, an &product-name; logo is displayed. + </para> + + <para> + With <computeroutput>--bioslogofadein + on|off</computeroutput> and + <computeroutput>--bioslogofadeout on|off</computeroutput>, + you can determine whether the logo should fade in and out, + respectively. + </para> + + <para> + With <computeroutput>--bioslogodisplaytime + <msec></computeroutput> you can set how long the logo + should be visible, in milliseconds. + </para> + + <para> + With <computeroutput>--bioslogoimagepath + <imagepath></computeroutput> you can replace the image + that is shown with your own logo. The image must be an + uncompressed 256 color BMP file without color space + information (Windows 3.0 format). The image must not be + bigger than 640 x 480. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--biosbootmenu + disabled|menuonly|messageandmenu</computeroutput>: Specifies + whether the BIOS enables the user to select a temporary boot + device. The <computeroutput>menuonly</computeroutput> option + suppresses the message, but the user can still press F12 to + select a temporary boot device. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--biosapic + x2apic|apic|disabled</computeroutput>: Specifies the + firmware APIC level to be used. Options are: x2apic, apic or + disabled (no apic or x2apic) respectively. + </para> + + <para> + Note that if x2apic is specified and x2APIC is unsupported + by the VCPU, biosapic downgrades to apic, if supported. + Otherwise biosapic downgrades to disabled. Similarly, if + apic is specified, and APIC is unsupported, a downgrade to + disabled results. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--biossystemtimeoffset + <ms></computeroutput>: Specifies a fixed time offset, + in milliseconds, of the guest relative to the host time. If + the offset is positive, the guest time runs ahead of the + host time. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--biospxedebug on|off</computeroutput>: + Enables additional debugging output when using the Intel PXE + boot ROM. The output is written to the release log file. See + <xref linkend="collect-debug-info" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--boot<1-4> + none|floppy|dvd|disk|net</computeroutput>: Specifies the + boot order for the virtual machine. There are four + <emphasis>slots</emphasis>, which the VM will try to access + from 1 to 4, and for each of which you can set a device that + the VM should attempt to boot from. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--rtcuseutc on|off</computeroutput>: Sets + the real-time clock (RTC) to operate in UTC time. See + <xref linkend="settings-motherboard" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--graphicscontroller + none|vboxvga|vmsvga|vboxsvga</computeroutput>: Specifies the + use of a graphics controller, with an option to choose a + specific type. See <xref linkend="settings-screen" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--snapshotfolder + default|<path></computeroutput>: Specifies the folder + where snapshots are kept for a virtual machine. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--firmware + bios|efi|efi32|efi64</computeroutput>: Specifies the + firmware to be used to boot the VM: Available options are: + BIOS, or one of the EFI options: efi, efi32, or efi64. Use + EFI options with care. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--guestmemoryballoon + <size></computeroutput> Sets the default size of the + guest memory balloon. This is the memory allocated by the + &product-name; Guest Additions from the guest operating + system and returned to the hypervisor for reuse by other + virtual machines. + <computeroutput><size></computeroutput> must be + specified in megabytes. The default size is 0 megabytes. See + <xref linkend="guestadd-balloon" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--defaultfrontend + default|<name></computeroutput>: Specifies the default + frontend to be used when starting this VM. See + <xref linkend="vboxmanage-startvm" />. + </para> + </listitem> + + </itemizedlist> + + </sect2> + + <sect2 id="vboxmanage-modifyvm-networking"> + + <title>Networking Settings</title> + + <para> + The following networking settings are available through + <command>VBoxManage modifyvm</command>. With all these settings, + the decimal number directly following the option name, 1-N in + the list below, specifies the virtual network adapter whose + settings should be changed. + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>--nic<1-N> + none|null|nat|natnetwork|bridged|intnet|hostonly|generic</computeroutput>: + Configures the type of networking for each of the VM's + virtual network cards. Options are: not present + (<computeroutput>none</computeroutput>), not connected to + the host (<computeroutput>null</computeroutput>), use + network address translation + (<computeroutput>nat</computeroutput>), use the new network + address translation engine + (<computeroutput>natnetwork</computeroutput>), bridged + networking (<computeroutput>bridged</computeroutput>), or + use internal networking + (<computeroutput>intnet</computeroutput>), host-only + networking (<computeroutput>hostonly</computeroutput>), or + access rarely used sub-modes + (<computeroutput>generic</computeroutput>). These options + correspond to the modes described in + <xref + linkend="networkingmodes" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--nictype<1-N> + Am79C970A|Am79C973|82540EM|82543GC|82545EM|virtio</computeroutput>: + Enables you to specify the networking hardware that + &product-name; presents to the guest for a specified VM + virtual network card. See <xref linkend="nichardware" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--cableconnected<1-N> + on|off</computeroutput>: Enables you to temporarily + disconnect a virtual network interface, as if a network + cable had been pulled from a real network card. This might + be useful, for example for resetting certain software + components in the VM. + </para> + </listitem> + + <listitem> + <para> + With the <computeroutput>nictrace</computeroutput> options, + you can optionally trace network traffic by dumping it to a + file, for debugging purposes. + </para> + + <para> + With <computeroutput>--nictrace<1-N> + on|off</computeroutput>, you can enable network tracing for + a particular virtual network card. + </para> + + <para> + If enabled, you must specify with + <computeroutput>--nictracefile<1-N> + <filename></computeroutput> the absolute path of the + file the trace should be logged to. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--nicproperty<1-N> + <paramname>="paramvalue"</computeroutput>: This + option, in combination with + <computeroutput>nicgenericdrv</computeroutput> enables you + to pass parameters to rarely-used network backends. + </para> + + <para> + These parameters are backend engine-specific, and are + different between UDP Tunnel and the VDE backend drivers. + For examples, see <xref linkend="network_udp_tunnel" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--nicspeed<1-N> + <kbps></computeroutput>: Only has an effect if generic + networking has been enabled for a particular virtual network + card. See the <computeroutput>--nic</computeroutput> option. + This mode enables access to rarely used networking + sub-modes, such as VDE network or UDP Tunnel. This option + specifies the throughput rate in KBps. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--nicbootprio<1-N> + <priority></computeroutput>: Specifies the order in + which NICs are tried for booting over the network, using + PXE. The priority is an integer in the 0 to 4 range. + Priority 1 is the highest, priority 4 is low. Priority 0, + which is the default unless otherwise specified, is the + lowest. + </para> + + <para> + Note that this option only has an effect when the Intel PXE + boot ROM is used. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--nicpromisc<1-N> + deny|allow-vms|allow-all</computeroutput>: Enables you to + specify how promiscuous mode is handled for the specified VM + virtual network card. This setting is only relevant for + bridged networking. <computeroutput>deny</computeroutput>, + the default setting, hides any traffic not intended for the + VM. <computeroutput>allow-vms</computeroutput> hides all + host traffic from the VM, but allows the VM to see traffic + to and from other VMs. + <computeroutput>allow-all</computeroutput> removes this + restriction completely. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--nicbandwidthgroup<1-N> + none|<name></computeroutput>: Adds and removes an + assignment of a bandwidth group for the specified virtual + network interface. Specifying + <computeroutput>none</computeroutput> removes any current + bandwidth group assignment from the specified virtual + network interface. Specifying + <computeroutput><name></computeroutput> adds an + assignment of a bandwidth group to the specified virtual + network interface. + </para> + + <para> + See <xref linkend="network_bandwidth_limit" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--bridgeadapter<1-N> + none|<devicename></computeroutput>: Only has an effect + if bridged networking has been enabled for a virtual network + card. See the <computeroutput>--nic</computeroutput> option. + Use this option to specify which host interface the given + virtual network interface will use. See + <xref linkend="network_bridged" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--hostonlyadapter<1-N> + none|<devicename></computeroutput>: Only has an effect + if host-only networking has been enabled for a virtual + network card. See the <computeroutput>--nic</computeroutput> + option. Use this option to specify which host-only + networking interface the given virtual network interface + will use. See <xref linkend="network_hostonly" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--intnet<1-N> + network</computeroutput>: Only has an effect if internal + networking has been enabled for a virtual network card. See + the <computeroutput>--nic</computeroutput> option. Use this + option to specify the name of the internal network. See + <xref linkend="network_internal" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--nat-network<1-N> <network + name></computeroutput>: If the networking type is set to + <computeroutput>natnetwork</computeroutput>, not + <computeroutput>nat</computeroutput>, then this setting + specifies the name of the NAT network this adapter is + connected to. Optional. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--nicgenericdrv<1-N> <backend + driver></computeroutput>: Only has an effect if generic + networking has been enabled for a virtual network card. See + the <computeroutput>--nic</computeroutput> option. This mode + enables you to access rarely used networking sub-modes, such + as VDE network or UDP Tunnel. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--macaddress<1-N> + auto|<mac></computeroutput>: With this option you can + set the MAC address of a particular network adapter on the + VM. Normally, each network adapter is assigned a random + address by &product-name; at VM creation. + </para> + </listitem> + + </itemizedlist> + + <sect3 id="vboxmanage-modifyvm-networking-nat"> + + <title>NAT Networking Settings</title> + + <para> + The following NAT networking settings are available through + <command>VBoxManage modifyvm</command>. With all these + settings, the decimal number directly following the option + name, 1-N in the list below, specifies the virtual network + adapter whose settings should be changed. + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>--natnet<1-N> + <network>|default</computeroutput>: If the + networking type is set to + <computeroutput>nat</computeroutput>, not + <computeroutput>natnetwork</computeroutput>, then this + setting specifies the IP address range to be used for this + network. See <xref linkend="changenat" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--natpf<1-N> + [<name>],tcp|udp,[<hostip>],<hostport>,[<guestip>], + <guestport></computeroutput>: Defines a NAT + port-forwarding rule. See <xref linkend="natforward" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--natpf<1-N> delete + <name></computeroutput>: Deletes a NAT + port-forwarding rule. See <xref linkend="natforward" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--nattftpprefix<1-N> + <prefix></computeroutput>: Defines a prefix for the + built-in TFTP server. For example, where the boot file is + located. See <xref linkend="nat-tftp" /> and + <xref linkend="nat-adv-tftp" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--nattftpfile<1-N> + <bootfile></computeroutput>: Defines the TFT boot + file. See <xref linkend="nat-adv-tftp" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--nattftpserver<1-N> + <tftpserver></computeroutput>: Defines the TFTP + server address to boot from. See + <xref linkend="nat-adv-tftp" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--nattbindip<1-N> + <ip;></computeroutput>: &product-name;'s NAT engine + normally routes TCP/IP packets through the default + interface assigned by the host's TCP/IP stack. Use this + setting to instruct the NAT engine to bind to a specified + IP address instead. See + <xref linkend="nat-adv-settings" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--natdnspassdomain<1-N> + on|off</computeroutput>: Specifies whether the built-in + DHCP server passes the domain name for network name + resolution. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--natdnsproxy<1-N> + on|off</computeroutput>: Makes the NAT engine proxy all + guest DNS requests to the host's DNS servers. See + <xref linkend="nat-adv-dns" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--natdnshostresolver<1-N> + on|off</computeroutput>: Makes the NAT engine use the + host's resolver mechanisms to handle DNS requests. See + <xref linkend="nat-adv-dns" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--natsettings<1-N> + [<mtu>],[<socksnd>],[<sockrcv>],[<tcpsnd>], + [<tcprcv>]</computeroutput>: Controls several NAT + settings. See <xref linkend="nat-adv-settings" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--nataliasmode<1-N> + default|[log],[proxyonly],[sameports]</computeroutput>: + Defines behaviour of the NAT engine core: log - enables + logging, proxyonly - switches off aliasing mode and makes + NAT transparent, sameports - enforces the NAT engine to + send packets through the same port as they originated on, + default - disable all aliasing modes. See + <xref linkend="nat-adv-alias" />. + </para> + </listitem> + + </itemizedlist> + + </sect3> + + </sect2> + + <sect2 id="vboxmanage-modifyvm-other"> + + <title>Miscellaneous Settings</title> + + <para> + The following hardware settings, such as serial port, audio, + clipboard, drag and drop, monitor, and USB settings are + available through <command>VBoxManage modifyvm</command>: + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>--mouse + <ps2|usb|usbtablet|usbmultitouch></computeroutput>: + Specifies the mode of the mouse to be used in the VM. + Available options are: ps2, usb, usbtablet, usbmultitouch. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--keyboard <ps2|usb></computeroutput>: + Specifies the mode of the keyboard to be used in the VM. + Available options are: ps2, usb. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--uart<1-N> off|<I/O base> + <IRQ></computeroutput>: Configures virtual serial + ports for the VM. See <xref linkend="serialports" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--uartmode<1-N> + <arg></computeroutput>: Controls how &product-name; + connects a given virtual serial port, configured with the + <computeroutput>--uartX</computeroutput> setting, to the + host on which the virtual machine is running. As described + in <xref linkend="serialports" />, for each such port, you + can specify <computeroutput><arg></computeroutput> as + one of the following options: + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>disconnected</computeroutput>: Even + though the serial port is shown to the guest, it has no + "other end". This is like a real COM port without a + cable. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>server + <pipename></computeroutput>: On a Windows host, + this tells &product-name; to create a named pipe on the + host named + <computeroutput><pipename></computeroutput> and + connect the virtual serial device to it. Note that + Windows requires that the name of a named pipe begins + with <computeroutput>\\.\pipe\</computeroutput>. + </para> + + <para> + On a Linux host, instead of a named pipe, a local domain + socket is used. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>client + <pipename></computeroutput>: Operates as for + <computeroutput>server</computeroutput>, except that the + pipe, or local domain socket, is not created by + &product-name; but is assumed to exist already. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>tcpserver <port></computeroutput>: + Configures &product-name; to create a TCP socket on the + host with TCP + <computeroutput><port></computeroutput> and + connect the virtual serial device to it. Note that + UNIX-like systems require ports over 1024 for normal + users. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>tcpclient + <hostname:port></computeroutput>: Operates as for + <computeroutput>tcpserver</computeroutput>, except that + the TCP socket is not created by &product-name;, but is + assumed to exist already. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>uarttype <1-N> + 16450|16550A|16750</computeroutput>: Confgures the UART + type for a virtual serial port. The default UART type is + 16550A. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>file <file></computeroutput>: + Redirects the serial port output to a raw file + <file> specified by its absolute path on the host + file system. + </para> + </listitem> + + <listitem> + <para> + <computeroutput><devicename></computeroutput>: If, + instead of the above options, the device name of a + physical hardware serial port of the host is specified, + the virtual serial port is connected to that hardware + port. On a Windows host, the device name will be a COM + port such as <computeroutput>COM1</computeroutput>. On a + Linux host, the device name will be + <computeroutput>/dev/ttyS0</computeroutput> or similar. + This enables you to wire up a real serial port to a + virtual machine. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + <computeroutput>--lptmode<1-N> + <Device></computeroutput>: Specifies the Device Name + of the parallel port that the Parallel Port feature will be + using. Use this <emphasis>before</emphasis> + <computeroutput>--lpt</computeroutput>. This feature depends + on the host operating system. For Windows hosts, use a + device name such as lpt1. On Linux hosts, use a device name + such as /dev/lp0. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--lpt<1-N> <I/O base> + <IRQ></computeroutput>: Specifies the I/O address of + the parallel port and the IRQ number that the Parallel Port + feature will be using. Optional. Use this + <emphasis>after</emphasis> + <computeroutput>--lptmod</computeroutput>. I/O base address + and IRQ are the values that guest sees. For example, the + values avalable under guest Device Manager. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--audio + none|null|dsound|oss|alsa|pulse|coreaudio</computeroutput>: + Specifies whether the VM should have audio support, and if + so, which type. The list of supported audio types depends on + the host and can be determined with <command>VBoxManage + modifyvm</command>. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--audiocontroller + ac97|hda|sb16</computeroutput>: Specifies the audio + controller to be used with the VM. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--audiocodec + stac9700|ad1980|stac9221|sb16</computeroutput>: Specifies + the audio codec to be used with the VM. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--audioin on</computeroutput>: Specifies + whether capturing audio from the host is enabled or + disabled. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--audioout on</computeroutput>: Specifies + whether audio playback from the guest is enabled or + disabled. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--clipboard + disabled|hosttoguest|guesttohost|bidirectional</computeroutput>: + Configues how the guest or host operating system's clipboard + should be shared with the host or guest. See + <xref linkend="generalsettings" />. This setting requires + that the Guest Additions be installed in the virtual + machine. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--draganddrop + disabled|hosttoguest|guesttohost|bidirectional</computeroutput>: + Specifies the drag and drop mode to use between the host and + the virtual machine. See <xref linkend="guestadd-dnd" />. + This requires that the Guest Additions be installed in the + virtual machine. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--monitorcount + <count></computeroutput>: Enables multi-monitor + support. See <xref linkend="settings-display" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--usb on|off</computeroutput>: Enables and + disables the VM's virtual USB controller. See + <xref linkend="settings-usb" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--usbehci on|off</computeroutput>: Enables + and disables the VM's virtual USB 2.0 controller. See + <xref linkend="settings-usb" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--usbxhci on|off</computeroutput>: Enables + and disables the VM's virtual USB 3.0 controller. See + <xref linkend="settings-usb" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--usbrename <oldname> + <newname></computeroutput>: Enables renaming of the + VM's virtual USB controller from <oldname> to + <newname>. + </para> + </listitem> + + </itemizedlist> + + </sect2> + + <sect2 id="vboxmanage-modifyvm-recording"> + + <title>Recording Settings</title> + + <para> + The <command>VBoxManage modifyvm</command> command enables you + to modify recording settings for video recording, audio + recording, or both. + </para> + + <para> + Use the following options to update the recording settings: + </para> + + <itemizedlist> + + <listitem> + <para> + <option>--recording on|off</option> enables or disables the + recording of a VM session into a WebM/VP8 file. When this + option value is <computeroutput>on</computeroutput>, + recording begins when the VM session starts. + </para> + </listitem> + + <listitem> + <para> + <option>--recordingscreens + all|<replaceable>screen-ID</replaceable> + [<replaceable>screen-ID</replaceable> ...]</option> enables + you to specify which VM screens to record. The recording for + each screen that you specify is saved to its own file. + </para> + </listitem> + + <listitem> + <para> + <option>--recordingfile + <replaceable>filename</replaceable></option> specifies the + file in which to save the recording. + </para> + </listitem> + + <listitem> + <para> + <option>--recordingmaxsize + <replaceable>MB</replaceable></option> specifies the maximum + size of the recorded video file in megabytes. The recording + stops when the file reaches the specified size. If this + value is zero, the recording continues until you stop the + recording. + </para> + </listitem> + + <listitem> + <para> + <option>--recordingmaxtime + <replaceable>seconds</replaceable></option> specifies the + maximum amount time to record in seconds. The recording + stops after the specified number of seconds elapses. If this + value is zero, the recording continues until you stop the + recording. + </para> + </listitem> + + <listitem> + <para> + <option>--recordingopts + <replaceable>keyword</replaceable>=<replaceable>value</replaceable>[,<replaceable>keyword</replaceable>=<replaceable>value</replaceable> + ...]</option> specifies additional video-recording options + in a comma-separated keyword-value format. For example, + <computeroutput>foo=bar,a=b</computeroutput>. + </para> + + <para> + Only use this option only if you are an advanced user. For + information about keywords, see <emphasis>Oracle VM + VirtualBox Programming Guide and Reference</emphasis>. + </para> + </listitem> + + <listitem> + <para> + <option>--recordingvideofps + <replaceable>fps</replaceable></option> specifies the + maximum number of video frames per second (FPS) to record. + Frames that have a higher frequency are skipped. Increasing + this value reduces the number of skipped frames and + increases the file size. + </para> + </listitem> + + <listitem> + <para> + <option>--recordingvideorate + <replaceable>bit-rate</replaceable></option> specifies the + bit rate of the video in kilobits per second. Increasing + this value improves the appearance of the video at the cost + of an increased file size. + </para> + </listitem> + + <listitem> + <para> + <option>--recordingvideores + <replaceable>width</replaceable>x<replaceable>height</replaceable></option> + specifies the video resolution of the recorded video in + pixels. + </para> + </listitem> + + </itemizedlist> + + </sect2> + + <sect2 id="vboxmanage-modifyvm-vrde"> + + <title>Remote Machine Settings</title> + + <para> + The following settings that affect remote machine behavior are + available through <command>VBoxManage modifyvm</command>: + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>--vrde on|off</computeroutput>: Enables and + disables the VirtualBox Remote Desktop Extension (VRDE) + server. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--vrdeproperty + "TCP/Ports|Address=<value>"</computeroutput>: Sets the + port numbers and IP address on the VM that the VRDE server + can bind to. + </para> + + <itemizedlist> + + <listitem> + <para> + For TCP/Ports, <value> should be a port or a range + of ports that the VRDE server can bind to. + <computeroutput>default</computeroutput> or + <computeroutput>0</computeroutput> means port 3389, the + standard port for RDP. See the description for the + <computeroutput>--vrdeport</computeroutput> option in + <xref linkend="vboxmanage-modifyvm-vrde" />. + </para> + </listitem> + + <listitem> + <para> + For TCP/Address, <value> should be the IP address + of the host network interface that the VRDE server will + bind to. If specified, the server will accept + connections only on the specified host network + interface. See the description for the + <computeroutput>--vrdeaddress</computeroutput> option in + <xref linkend="vboxmanage-modifyvm-vrde" />. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + <computeroutput>--vrdeproperty + "VideoChannel/Enabled|Quality|DownscaleProtection=<value>"</computeroutput>: + Sets the VRDP video redirection properties. + </para> + + <itemizedlist> + + <listitem> + <para> + For VideoChannel/Enabled, <value> can be set to + "1", switching the VRDP video channel on. See + <xref linkend="vrde-videochannel" />. + </para> + </listitem> + + <listitem> + <para> + For VideoChannel/Quality, <value> should be set + between 10 and 100% inclusive, representing a JPEG + compression level on the VRDE server video channel. + Lower values mean lower quality but higher compression. + See <xref linkend="vrde-videochannel" />. + </para> + </listitem> + + <listitem> + <para> + For VideoChannel/DownscaleProtection, <value> can + be set to "1" to enable the videochannel downscale + protection feature. When enabled, if a video's size + equals the shadow buffer size, then it is regarded as a + full screen video, and is displayed. But if its size is + between fullscreen and the downscale threshold then it + is <emphasis>not</emphasis> displayed, as it could be an + application window, which would be unreadable when + downscaled. When the downscale protection feature is + disabled, an attempt is always made to display videos. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + <computeroutput>--vrdeproperty + "Client/DisableDisplay|DisableInput|DisableAudio|DisableUSB=1"</computeroutput>: + Disables one of the VRDE server features: Display, Input, + Audio or USB respectively. To reenable a feature, use + "Client/DisableDisplay=" for example. See + <xref linkend="vrde-customization" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--vrdeproperty + "Client/DisableClipboard|DisableUpstreamAudio=1"</computeroutput>: + Disables one of the VRDE server features: Clipboard or + UpstreamAudio respectively. To reenable a feature, use + "Client/DisableClipboard=" for example. See + <xref linkend="vrde-customization" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--vrdeproperty + "Client/DisableRDPDR=1"</computeroutput>: Disables the VRDE + server feature: RDP device redirection for smart cards. To + reenable this feature, use "Client/DisableRDPR=". + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--vrdeproperty + "H3DRedirect/Enabled=1"</computeroutput>: Enables the VRDE + server feature: 3D redirection. To disable this feature, use + "H3DRedirect/Enabled=". + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--vrdeproperty + "Security/Method|ServerCertificate|ServerPrivateKey|CACertificate=<value>"</computeroutput>: + Sets the desired security method and path of server + certificate, path of server private key, path of CA + certificate, that are used for a connection. + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>--vrdeproperty + "Security/Method=<value>"</computeroutput> sets + the desired security method, which is used for a + connection. Valid values are: + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>Negotiate</computeroutput>: Both + Enhanced (TLS) and Standard RDP Security connections + are allowed. The security method is negotiated with + the client. This is the default setting. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>RDP</computeroutput>: Only Standard + RDP Security is accepted. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>TLS</computeroutput>: Only Enhanced + RDP Security is accepted. The client must support + TLS. + </para> + </listitem> + + </itemizedlist> + + <para> + See <xref linkend="vrde-crypt" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--vrdeproperty + "Security/ServerCertificate=<value>"</computeroutput> + where <value> is the absolute path of the server + certificate. See <xref linkend="vrde-crypt" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--vrdeproperty + "Security/ServerPrivateKey=<value>"</computeroutput> + where <value> is the absolute path of the server + private key. See <xref linkend="vrde-crypt" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--vrdeproperty + "Security/CACertificate=<value>"</computeroutput> + where <value> is the absolute path of the CA self + signed certificate. See <xref linkend="vrde-crypt" />. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + <computeroutput>--vrdeproperty + "Audio/RateCorrectionMode|LogPath=<value>"</computeroutput> + sets the audio connection mode, or path of the audio + logfile. + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>--vrdeproperty + "Audio/RateCorrectionMode=<value>"</computeroutput> + where <value> is the desired rate correction mode. + Allowed values are: + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>VRDP_AUDIO_MODE_VOID</computeroutput>: + No mode specified, use to unset any Audio mode + already set. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>VRDP_AUDIO_MODE_RC</computeroutput>: + Rate correction mode. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>VRDP_AUDIO_MODE_LPF</computeroutput>: + Low pass filter mode. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>VRDP_AUDIO_MODE_CS</computeroutput>: + Client sync mode to prevent underflow or overflow of + the client queue. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + <computeroutput>--vrdeproperty + "Audio/LogPath=<value>"</computeroutput> where + <value> is the absolute path of the Audio log + file. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + <computeroutput>--vrdeextpack + default|<name></computeroutput>: Specifies the library + to use for accessing the VM remotely. The default is to use + the RDP code which is part of the &product-name; Extension + Pack. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--vrdeport + default|<ports></computeroutput>: A port or a range of + ports the VRDE server can bind to. + <computeroutput>default</computeroutput> or + <computeroutput>0</computeroutput> means port 3389, the + standard port for RDP. You can specify a comma-separated + list of ports or ranges of ports. Use a dash between two + port numbers to specify a range. The VRDE server will bind + to <emphasis>one</emphasis> of the available ports from the + specified list. Only one machine can use a given port at a + time. For example, the option <computeroutput> --vrdeport + 5000,5010-5012</computeroutput> will tell the server to bind + to one of following ports: 5000, 5010, 5011, or 5012. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--vrdeaddress <IP + address></computeroutput>: The IP address of the host + network interface the VRDE server will bind to. If + specified, the server will accept connections only on the + specified host network interface. + </para> + + <para> + The setting can be used to specify whether the VRDP server + should accept either IPv4, IPv6, or both connections: + </para> + + <itemizedlist> + + <listitem> + <para> + Only IPv4: <computeroutput>--vrdeaddress + "0.0.0.0"</computeroutput> + </para> + </listitem> + + <listitem> + <para> + Only IPv6: <computeroutput>--vrdeaddress + "::"</computeroutput> + </para> + </listitem> + + <listitem> + <para> + Both IPv6 and IPv4: <computeroutput>--vrdeaddress + ""</computeroutput> + </para> + + <para> + This is the default setting. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + <computeroutput>--vrdeauthtype + null|external|guest</computeroutput>: Enables you to + indicate use of authorization, and specify how authorization + will be performed. See <xref linkend="vbox-auth" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--vrdeauthlibrary + default|<name></computeroutput>: Specifies the library + used for RDP authentication. See + <xref linkend="vbox-auth" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--vrdemulticon on|off</computeroutput>: + Enables multiple connections to be made to the same VRDE + server, if the server supports this feature. See + <xref linkend="vrde-multiconnection" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--vrdereusecon on|off</computeroutput>: This + specifies the VRDE server behavior when multiple connections + are disabled. When this option is enabled, the server will + allow a new client to connect and will drop the existing + connection. When this option is disabled, the default + setting, a new connection will not be accepted if there is + already a client connected to the server. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--vrdevideochannel on|off</computeroutput>: + Enables video redirection, if it is supported by the VRDE + server. See <xref linkend="vrde-videochannel" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--vrdevideochannelquality + <percent></computeroutput>: Specifies the image + quality for video redirection. See + <xref linkend="vrde-videochannel" />. + </para> + </listitem> + + </itemizedlist> + + </sect2> + + <sect2 id="vboxmanage-modifyvm-teleport"> + + <title>Teleporting Settings</title> + + <para> + With the following commands for <command>VBoxManage + modifyvm</command> you can configure a machine to be a target + for teleporting. See <xref linkend="teleporting" />. + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>--teleporter on|off</computeroutput>: + Enables and disables the teleporter feature whereby when the + machine is started, it waits to receive a teleporting + request from the network instead of booting normally. + Teleporting requests are received on the port and address + specified using the following parameters. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--teleporterport + <port></computeroutput>, + <computeroutput>--teleporteraddress + <address></computeroutput>: These settings must be + used with <computeroutput>--teleporter</computeroutput>. + They specify the port and address the virtual machine should + listen to in order to receive a teleporting request sent + from another virtual machine. + <computeroutput><port></computeroutput> can be any + free TCP/IP port number, such as 6000. + <computeroutput><address></computeroutput> can be any + IP address or hostname and specifies the TCP/IP socket to + bind to. The default is 0.0.0.0, which means any address. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--teleporterpassword + <password></computeroutput>: If this optional setting + is used, then the teleporting request will only succeed if + the source machine specifies the same password as the one + given with this command. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--teleporterpasswordfile + <password></computeroutput>: If this optional setting + is used, then the teleporting request will only succeed if + the source machine specifies the same password as the one + specified in the file give with this command. Use + <computeroutput>stdin</computeroutput> to read the password + from stdin. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--cpuid <leaf> <eax> <ebx> + <ecx> <edx></computeroutput>: Advanced users can + use this setting before a teleporting operation, to restrict + the virtual CPU capabilities that &product-name; presents to + the guest operating system. This must be run on both the + source and the target machines involved in the teleporting + and will then modify what the guest sees when it executes + the <computeroutput>CPUID</computeroutput> machine + instruction. This might help with misbehaving applications + that wrongly assume that certain CPU capabilities are + present. The meaning of the parameters is hardware + dependent, refer to the AMD or Intel processor + documentation. + </para> + </listitem> + + </itemizedlist> + + </sect2> + + <sect2 id="vboxmanage-modifyvm-debugging"> + + <title>Debugging Settings</title> + + <para> + The following settings are only relevant for low-level VM + debugging. Regular users will never need these settings. + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>--tracing-enabled on|off</computeroutput>: + Enables the tracebuffer. This consumes some memory for the + tracebuffer and adds extra overhead. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--tracing-config + <config-string></computeroutput>: Enables tracing + configuration. In particular, this defines which group of + tracepoints are enabled. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--tracing-allow-vm-access + on|off</computeroutput>: Enables and disables VM access to + the tracebuffer. By default, this setting is disabled. + </para> + </listitem> + + </itemizedlist> + + </sect2> + + <sect2 id="vboxmanage-usbcardreader"> + + <title>USB Card Reader Settings</title> + + <para> + The following setting defines access to a USB Card Reader by the + guest environment. USB card readers are typically used for + accessing data on memory cards such as CompactFlash (CF), Secure + Digital (SD), or MultiMediaCard (MMC). + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>--usbcardreader on|off</computeroutput>: + Enables and disables the USB card reader interface. + </para> + </listitem> + + </itemizedlist> + + </sect2> + + <sect2 id="vboxmanage-autostart"> + + <title>Autostarting VMs During Host System Boot</title> + + <para> + These settings configure the VM autostart feature, which + automatically starts the VM at host system boot-up. Note that + there are prerequisites that need to be addressed before using + this feature. See <xref linkend="autostart" />. + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>--autostart-enabled on|off</computeroutput>: + Enables and disables VM autostart at host system boot-up, + using the specified user name. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--autostart-delay + <seconds></computeroutput>: Specifies a delay, in + seconds, following host system boot-up, before the VM + autostarts. + </para> + </listitem> + + </itemizedlist> + + </sect2> + + </sect1> + + <sect1 id="vboxmanage-clonevm"> + + <title>VBoxManage clonevm</title> + + <para> + The <command>VBoxManage clonevm</command> command creates a clone + of an existing virtual machine (VM). The clone can be a full copy + of the VM or a linked copy of a VM. + </para> + +<screen> +VBoxManage clonevm <replaceable>vm</replaceable> [ --basefolder <replaceable>basefolder</replaceable> ] +[ --group <replaceable>group</replaceable>, ... ] [ --mode machine | machinechildren | all ] +[ --name <replaceable>name</replaceable> ] [ --options link | keepallmacs | keepnatmacs | keepdisknames | keephwuuids ] +[ --register ] [ --snapshot <replaceable>vm</replaceable> ] [ --uuid <replaceable>uuid</replaceable> ] +</screen> + + <para> + In addition to specifying the name of the VM to clone, which is + required, you can specify any of the following options: + </para> + + <itemizedlist> + + <listitem> + <para> + <option>--basefolder</option> + <replaceable>basefolder</replaceable> specifies the name of + the folder in which to save the configuration for the new VM. + </para> + </listitem> + + <listitem> + <para> + <option>--groups <replaceable>group</replaceable>, + ...</option> assigns the clone to the specified group or + groups. If you specify more than one group, separate each + group name with a comma. + </para> + + <para> + Note that each group is identified by a group ID that starts + with a slash character (<computeroutput>/</computeroutput>) so + that groups can be nested. By default, a clone is always + assigned membership to the <computeroutput>/</computeroutput> + group. + </para> + </listitem> + + <listitem> + <para> + <option>--mode machine|machineandchildren|all</option> + specifies which of the following cloning modes to use: + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>machine</computeroutput> mode clones the + current state of the existing VM without any snapshots. + This is the default mode. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>machineandchildren</computeroutput> mode + clones the snapshot specified by by the + <option>--snapshot</option> option and all child + snapshots. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>all</computeroutput> mode clones all + snapshots and the current state of the existing VM. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + <option>--name <replaceable>name</replaceable></option> + specifies a new name for the new VM. The default value is + "<replaceable>name</replaceable> Clone", where + <replaceable>name</replaceable> is the original name of the + VM. + </para> + </listitem> + + <listitem> + <para> + <option>--options</option> specifies how to create a new + clone. + </para> + + <itemizedlist> + + <listitem> + <para> + <option>--options link</option> creates a linked clone, + which can be cloned only from a snapshot. + </para> + </listitem> + + <listitem> + <para> + <option>--options keepallmacs</option> specifies that the + new clone reuses the MAC addresses of each virtual network + card from the existing VM. + </para> + + <para> + If you do not specify this option or the <option>--options + keepnatmacs</option> option, the default behavior is to + reinitialize the MAC addresses of each virtual network + card. + </para> + </listitem> + + <listitem> + <para> + <option>--options keepnatmacs</option> specifies that the + new clone reuses the MAC addresses of each virtual network + card from the existing VM when the network type is NAT. + </para> + + <para> + If you do not specify this option or the <option>--options + keepallmacs</option> option, the default behavior is to + reinitialize the MAC addresses of each virtual network + card. + </para> + </listitem> + + <listitem> + <para> + <option>--option keepdisknames</option> specifies that the + new clone reuses the disk image names from the existing + VM. By default, disk images are renamed. You can preserve + source hardware IDs by adding + <computeroutput>keephwuuids</computeroutput>. + </para> + </listitem> + + <listitem> + <para> + <option>--option keephwuuids</option> specifies that the + new clone reuses the hardware IDs from the existing VM. By + default, new UUIDs are used. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + <option>--register</option> automatically registers the new + clone in this &product-name; installation. You can manually + register the new VM later by using the <command>VBoxManage + registervm</command> command. See + <xref linkend="vboxmanage-registervm" />. + </para> + </listitem> + + <listitem> + <para> + <option>--snapshot <replaceable>vm</replaceable></option> + specifies the snapshot on which to base the new VM. By + default, the clone is created from the current state of the + specified VM. + </para> + </listitem> + + <listitem> + <para> + <option>--uuid <replaceable>uuid</replaceable></option> + specifies the UUID for the new VM. Ensure that this ID is + unique for the &product-name; instance if you decide to + register this new VM. By default, &product-name; provides a + new UUID. + </para> + </listitem> + + </itemizedlist> + + </sect1> + + <sect1 id="vboxmanage-movevm"> + + <title>VBoxManage movevm</title> + + <para> + This command moves a virtual machine to a new location on the + host. + </para> + + <para> + Associated files of the virtual machine, such as settings files + and disk image files, are moved to the new location. The + &product-name; configuration is updated automatically. + </para> + + <para> + The <command>movevm</command> subcommand requires the name of the + virtual machine which should be moved. + </para> + + <para> + Also required is the type of move operation, specified by + <computeroutput>--type basic</computeroutput>. Other types of move + operation may be supported in future releases. + </para> + + <para> + The <computeroutput>--folder</computeroutput> setting configures + the new location on the host file system. Enter a relative + pathname or a full pathname. + </para> + + </sect1> + + <sect1 id="vboxmanage-import"> + + <title>VBoxManage import</title> + + <para> + This command imports a virtual appliance in OVF format by copying + the virtual disk images and creating virtual machines in + &product-name;. See <xref linkend="ovf" /> for an introduction to + appliances. + </para> + + <para> + The <command>import</command> subcommand takes at least the path + name of an OVF file as input and expects the disk images, if + needed, in the same directory as the OVF file. A lot of additional + command-line options are supported to control in detail what is + being imported and modify the import parameters, but the details + depend on the content of the OVF file. + </para> + + <para> + It is therefore recommended to first run the + <command>import</command> subcommand with the + <computeroutput>--dry-run</computeroutput> or + <computeroutput>-n</computeroutput> option. This will then print a + description of the appliance's contents to the screen how it would + be imported into &product-name;, together with the optional + command-line options to influence the import behavior. + </para> + + <para> + Use of the <computeroutput>--options + keepallmacs|keepnatmacs|keepdisknames</computeroutput> option + enables additional fine tuning of the clone operation. The first + two options enable specification of how the MAC addresses of every + virtual network card should be handled. They can either be + reinitialized, which is the default setting, left unchanged + (<computeroutput>keepallmacs</computeroutput>) or left unchanged + when the network type is NAT + (<computeroutput>keepnatmacs</computeroutput>). If you add + <computeroutput>keepdisknames</computeroutput> all new disk images + are assigned the same names as the originals, otherwise they are + renamed. + </para> + + <para> + As an example, the following is a screen output for a sample + appliance containing a Windows XP guest: + </para> + +<screen>VBoxManage import WindowsXp.ovf --dry-run +Interpreting WindowsXp.ovf... +OK. +Virtual system 0: + 0: Suggested OS type: "WindowsXP" + (change with "--vsys 0 --ostype <type>"; use "list ostypes" to list all) + 1: Suggested VM name "Windows XP Professional_1" + (change with "--vsys 0 --vmname <name>") + 2: Suggested VM group "/" + (change with "--vsys 0 --group <group>") + 3: Suggested VM settings file name "/home/klaus/VirtualBox VMs/dummy2 2/dummy2 2.vbox" + (change with "--vsys 0 --settingsfile <filename>") + 4: Suggested VM base folder "/home/klaus/VirtualBox VMs" + (change with "--vsys 0 --basefolder <path>") + 5: End-user license agreement + (display with "--vsys 0 --eula show"; + accept with "--vsys 0 --eula accept") + 6: Number of CPUs: 1 + (change with "--vsys 0 --cpus <n>") + 7: Guest memory: 956 MB (change with "--vsys 0 --memory <MB>") + 8: Sound card (appliance expects "ensoniq1371", can change on import) + (disable with "--vsys 0 --unit 5 --ignore") + 9: USB controller + (disable with "--vsys 0 --unit 6 --ignore") +10: Network adapter: orig bridged, config 2, extra type=bridged +11: Floppy + (disable with "--vsys 0 --unit 8 --ignore") +12: SCSI controller, type BusLogic + (change with "--vsys 0 --unit 9 --scsitype {BusLogic|LsiLogic}"; + disable with "--vsys 0 --unit 9 --ignore") +13: IDE controller, type PIIX4 + (disable with "--vsys 0 --unit 10 --ignore") +14: Hard disk image: source image=WindowsXp.vmdk, + target path=/home/user/disks/WindowsXp.vmdk, controller=9;channel=0 + (change controller with "--vsys 0 --unit 11 --controller <id>"; + disable with "--vsys 0 --unit 11 --ignore")</screen> + + <para> + The individual configuration items are numbered, and depending on + their type support different command-line options. The import + subcommand can be directed to ignore many such items with a + <computeroutput>--vsys X --unit Y --ignore</computeroutput> + option, where X is the number of the virtual system and Y the item + number, as printed on the screen. X is zero, unless there are + several virtual system descriptions in the appliance. + </para> + + <para> + In the above example, Item #1 specifies the name of the target + machine in &product-name;. Items #9 and #10 specify hard disk + controllers, respectively. Item #11 describes a hard disk image. + In this case, the additional + <computeroutput>--controller</computeroutput> option indicates + which item the disk image should be connected to, with the default + coming from the OVF file. + </para> + + <para> + You can combine several items for the same virtual system behind + the same <computeroutput>--vsys</computeroutput> option. For + example, to import a machine as described in the OVF, but without + the sound card and without the USB controller, and with the disk + image connected to the IDE controller instead of the SCSI + controller, use the following command: + </para> + +<screen>VBoxManage import WindowsXp.ovf + --vsys 0 --unit 5 --ignore --unit 6 --ignore --unit 11 --controller 10</screen> + + </sect1> + + <sect1 id="vboxmanage-export"> + + <title>VBoxManage export</title> + + <para> + This command exports one or more virtual machines from + &product-name;. You can export to either of the following: + </para> + + <itemizedlist> + + <listitem> + <para> + A virtual appliance in OVF format, including copying their + virtual disk images to compressed VMDK. + </para> + </listitem> + + <listitem> + <para> + A cloud service, such as &oci;. A single VM can be exported in + VMDK format. + </para> + </listitem> + + </itemizedlist> + + <para> + See <xref linkend="ovf" /> for more details on exporting VMs from + &product-name;. + </para> + + <sect2 id="vboxmanage-export-ovf"> + + <title>Export to OVF</title> + + <para> + List the machine, or the machines, that you would like to export + to the same OVF file and specify the target OVF file after an + additional <computeroutput>--output</computeroutput> or + <computeroutput>-o</computeroutput> option. Note that the + directory of the target OVF file will also receive the exported + disk images in the compressed VMDK format, regardless of the + original format, and should have enough disk space left for + them. + </para> + + <para> + Beside a simple export of a given virtual machine, you can + append several product information to the appliance file. Use + <computeroutput>--product</computeroutput>, + <computeroutput>--producturl</computeroutput>, + <computeroutput>--vendor</computeroutput>, + <computeroutput>--vendorurl</computeroutput>, + <computeroutput>--version</computeroutput> and + <computeroutput>--description</computeroutput> to specify this + additional information. For legal reasons you may add a license + text or the content of a license file by using the + <computeroutput>--eula</computeroutput> and + <computeroutput>--eulafile</computeroutput> option respectively. + </para> + + <para> + As with OVF import, you use the <computeroutput>--vsys + X</computeroutput> option to apply these options to the correct + virtual machine. + </para> + + <para> + For virtualization products which are not fully compatible with + the OVF standard 1.0 you can enable an OVF 0.9 legacy mode with + the <computeroutput>--legacy09</computeroutput> option. Other + options are <computeroutput>--ovf09</computeroutput>, + <computeroutput>--ovf10</computeroutput>, + <computeroutput>--ovf20</computeroutput>. + </para> + + <para> + To specify options controlling the exact content of the + appliance file, you can use <option>--options</option> to + request the creation of a manifest file, which enables detection + of corrupted appliances on import, the additional export of DVD + images, and the exclusion of MAC addresses. You can specify a + list of options, such as <option>--options + manifest,nomacs</option>. For details, check the help output of + <command>VBoxManage export</command>. + </para> + + </sect2> + + <sect2 id="vboxmanage-export-cloud"> + + <title>Export to &oci;</title> + + <para> + By default, an exported disk image is converted into stream VMDK + format. This ensures compatibility with &oci;. + </para> + + <para> + List the machine that you want to export to &oci; and specify + the target cloud service provider by using the + <computeroutput>--output</computeroutput> or + <computeroutput>-o</computeroutput> option. + </para> + + <para> + To export a VM to a cloud service such as &oci;, use the + <option>--cloud</option> option to specify the VM to export. + This option works in the same way as the <option>--vsys</option> + option for OVF export. + </para> + + <para> + Some of the following options are settings for the VM instance. + As a result, you must enter an Oracle Cloud Identifier (OCID) + for a resource. Use the &oci; Console to view OCIDs. + </para> + + <itemizedlist> + + <listitem> + <para> + <option>--output/-o</option>: Specifies the short name of + the cloud service provider to which you export. For &oci;, + enter <computeroutput>OCI://</computeroutput>. + </para> + </listitem> + + <listitem> + <para> + <option>--cloud</option> + <replaceable>number-of-virtual-system</replaceable>: + Specifies a number that identifies the VM that you are + exporting. Numbering starts at + <computeroutput>0</computeroutput> for the first VM. + </para> + </listitem> + + <listitem> + <para> + <option>--vmname</option> <replaceable>name</replaceable>: + Specifies the name of the exported VM. This name is used as + the VM instance name in &oci;. + </para> + </listitem> + + <listitem> + <para> + <option>--cloudprofile</option> + <replaceable>cloud-profile-name</replaceable>: Specifies the + cloud profile that is used to connect to the cloud service + provider. The cloud profile contains your &oci; account + details, such as your user OCID and the fingerprint for your + public key. See <xref linkend="ovf-export-oci"/>. + </para> + + <para> + To use a cloud profile, you must have the required + permissions on &oci;. + </para> + + <remark> + Add xref to information about the required permissions. + </remark> + </listitem> + + <listitem> + <para> + <option>--cloudshape</option> + <replaceable>shape</replaceable>: Specifies the shape used + for the VM instance. The shape defines the number of CPUs + and the amount of memory allocated to the VM instance. The + shape must be compatible with the exported image. + </para> + </listitem> + + <listitem> + <para> + <option>--clouddomain</option> + <replaceable>domain</replaceable>: Specifies the + availability domain to use for the VM instance. Enter the + OCID for the availability domain. + </para> + </listitem> + + <listitem> + <para> + <option>--clouddisksize</option> + <replaceable>disk-size-in-GB</replaceable>: Specifies the + disk size used for the exported disk image in gigabytes. The + minimum value is 50 GB and the maximum value is 300 GB. + </para> + </listitem> + + <listitem> + <para> + <option>--cloudbucket</option> + <replaceable>bucket-name</replaceable>: Specifies the bucket + in which to store the uploaded files. In &oci;, a bucket is + a logical container for storing objects. + </para> + </listitem> + + <listitem> + <para> + <option>--cloudocivcn</option> + <replaceable>OCI-vcn-ID</replaceable>: Specifies the virtual + cloud network (VCN) to use for the VM instance. Enter the + OCID for the VCN. + </para> + </listitem> + + <listitem> + <para> + <option>--cloudocisubnet</option> + <replaceable>OCI-subnet-ID</replaceable>: Specifies the + subnet of the VCN to use for the VM instance. Enter the OCID + for the subnet. + </para> + </listitem> + + <listitem> + <para> + <option>--cloudkeepobject true | false</option>: Specifies + whether to store the exported disk image in Oracle Object + Storage. + </para> + </listitem> + + <listitem> + <para> + <option>--cloudlaunchinstance true | false</option>: + Specifies whether to start the VM instance after the export + to &oci; completes. + </para> + </listitem> + + <listitem> + <para> + <option>--cloudpublicip true | false</option>: Specifies + whether to enable a public IP address for the VM instance. + </para> + </listitem> + + </itemizedlist> + + <para> + The following example shows a typical command line for exporting + a VM to &oci;. + </para> + + <remark> + For the next release, describe exactly what this command does in + terms of the command line options. + </remark> + +<screen># VBoxManage export myVM --output OCI:// --cloud 0 --vmname myVM_Cloud \ +--cloudprofile "standard user" --cloudbucket myBucket \ +--cloudshape VM.Standard2.1 --clouddomain aaaa:US-ASHBURN-AD-1 --clouddisksize 50 \ +--cloudocivcn ocid1.vcn.oc1.iad.aaaa... --cloudocisubnet ocid1.subnet.oc1.iad.aaaa... \ +--cloudkeepobject true --cloudlaunchinstance true --cloudpublicip true</screen> + + </sect2> + + </sect1> + + <sect1 id="vboxmanage-startvm"> + + <title>VBoxManage startvm</title> + + <para> + This command starts a virtual machine that is currently in the + Powered Off or Saved states. + </para> + + <para> + The optional <computeroutput>--type</computeroutput> specifier + determines whether the machine will be started in a window or + whether the output should go through + <command>VBoxHeadless</command>, with VRDE enabled or not. See + <xref linkend="vboxheadless" />. The list of types is subject to + change, and it is not guaranteed that all types are accepted by + any product variant. + </para> + + <para> + The global or per-VM default value for the VM frontend type will + be taken if the type is not explicitly specified. If none of these + are set, the GUI variant will be started. + </para> + + <para> + The following values are allowed: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput>gui</computeroutput> + </term> + + <listitem> + <para> + Starts a VM showing a GUI window. This is the default. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>headless</computeroutput> + </term> + + <listitem> + <para> + Starts a VM without a window for remote display only. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>separate</computeroutput> + </term> + + <listitem> + <para> + Starts a VM with a detachable UI. Technically, it is a + headless VM with user interface in a separate process. This + is an experimental feature as it lacks certain + functionality, such as 3D acceleration. + </para> + </listitem> + </varlistentry> + + </variablelist> + + <note> + <para> + If you experience problems with starting virtual machines with + particular frontends and there is no conclusive error + information, consider starting virtual machines directly by + running the respective front-end, as this can give additional + error information. + </para> + </note> + + </sect1> + + <sect1 id="vboxmanage-controlvm"> + + <title>VBoxManage controlvm</title> + + <para> + The <command>controlvm</command> subcommand enables you to change + the state of a virtual machine that is currently running. The + following can be specified: + </para> + + <itemizedlist> + + <listitem> + <para> + <command>VBoxManage controlvm <vm> pause</command>: + Temporarily puts a virtual machine on hold, without + permanently changing its state. The VM window is gray, to + indicate that the VM is currently paused. This is equivalent + to selecting the <emphasis role="bold">Pause</emphasis> item + in the <emphasis role="bold">Machine</emphasis> menu of the + GUI. + </para> + </listitem> + + <listitem> + <para> + Use <command>VBoxManage controlvm <vm> resume</command>: + Undoes a previous <command>pause</command> command. This is + equivalent to selecting the + <emphasis role="bold">Resume</emphasis> item in the + <emphasis role="bold">Machine</emphasis> menu of the GUI. + </para> + </listitem> + + <listitem> + <para> + <command>VBoxManage controlvm <vm> reset</command>: Has + the same effect on a virtual machine as pressing the Reset + button on a real computer. A cold reboot of the virtual + machine is done, which immediately restarts and reboots the + guest operating system. The state of the VM is not saved + beforehand, and data may be lost. This is equivalent to + selecting the <emphasis role="bold">Reset</emphasis> item in + the <emphasis role="bold">Machine</emphasis> menu of the GUI. + </para> + </listitem> + + <listitem> + <para> + <command>VBoxManage controlvm <vm> poweroff</command>: + Has the same effect on a virtual machine as pulling the power + cable on a real computer. The state of the VM is not saved + beforehand, and data may be lost. This is equivalent to + selecting the <emphasis role="bold">Close</emphasis> item in + the <emphasis role="bold">Machine</emphasis> menu of the GUI, + or clicking the VM window's close button, and then selecting + <emphasis role="bold">Power Off the Machine</emphasis> in the + displayed dialog. + </para> + + <para> + After this, the VM's state will be Powered Off. From that + state, it can be started again. See + <xref + linkend="vboxmanage-startvm" />. + </para> + </listitem> + + <listitem> + <para> + <command>VBoxManage controlvm <vm> savestate</command>: + Saves the current state of the VM to disk and then stops the + VM. This is equivalent to selecting the + <emphasis role="bold">Close</emphasis> item in the + <emphasis role="bold">Machine</emphasis> menu of the GUI or + clicking the VM window's close button, and then selecting + <emphasis role="bold">Save the Machine State</emphasis> in the + displayed dialog. + </para> + + <para> + After this, the VM's state will be Saved. From this state, it + can be started again. See + <xref linkend="vboxmanage-startvm" />. + </para> + </listitem> + + <listitem> + <para> + <command>VBoxManage controlvm <vm> + acpipowerbutton</command>: Sends an ACPI shutdown signal to + the VM, as if the power button on a real computer had been + pressed. So long as the VM is running a fairly modern guest + operating system providing ACPI support, this should trigger a + proper shutdown mechanism from within the VM. + </para> + </listitem> + + <listitem> + <para> + <command>VBoxManage controlvm <vm> keyboardputscancode + <hex> [<hex>...]</command>: Sends commands using + keycodes to the VM. Keycodes are documented in the public + domain. For example: + http://www.win.tue.nl/~aeb/linux/kbd/scancodes-1.html. + </para> + </listitem> + + <listitem> + <para> + <command>VBoxManage controlvm "VM name" teleport --hostname + <name> --port <port> [--passwordfile <file> + | --password <password>]</command>: Makes the machine + the source of a teleporting operation and initiates a teleport + to the given target. See <xref linkend="teleporting" />. If + the optional password is specified, it must match the password + that was given to the <command>modifyvm</command> command for + the target machine. See + <xref linkend="vboxmanage-modifyvm-teleport" />. + </para> + </listitem> + + </itemizedlist> + + <para> + The following extra options are available with + <command>controlvm</command> that do not directly affect the VM's + running state: + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>setlinkstate<1-N></computeroutput>: + Connects or disconnects virtual network cables from their + network interfaces. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>nic<1-N> + null|nat|bridged|intnet|hostonly|generic|natnetwork[<devicename>]</computeroutput>: + Specifies the type of networking that should be made available + on the specified VM virtual network card. They available types + are: not connected to the host + (<computeroutput>null</computeroutput>), use network address + translation (<computeroutput>nat</computeroutput>), bridged + networking (<computeroutput>bridged</computeroutput>), + communicate with other virtual machines using internal + networking (<computeroutput>intnet</computeroutput>), + host-only networking + (<computeroutput>hostonly</computeroutput>), natnetwork + networking (<computeroutput>natnetwork</computeroutput>), or + access to rarely used submodes + (<computeroutput>generic</computeroutput>). These options + correspond to the modes which are described in detail in + <xref + linkend="networkingmodes" />. + </para> + </listitem> + + <listitem> + <para> + With the <computeroutput>nictrace</computeroutput> options, + you can optionally trace network traffic by dumping it to a + file, for debugging purposes. + </para> + + <para> + <computeroutput>nictrace<1-N> on|off</computeroutput>: + Enables network tracing for a particular virtual network card. + </para> + + <para> + If enabled, you must specify with + <computeroutput>--nictracefile<1-N> + <filename></computeroutput> the pathname of the file to + which the trace should be logged. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>nicpromisc<1-N> + deny|allow-vms|allow-all</computeroutput>: Specifies how the + promiscious mode is handled for the specified VM virtual + network card. This setting is only relevant for bridged + networking. The default setting of + <computeroutput>deny</computeroutput> hides any traffic not + intended for this VM. + <computeroutput>allow-vms</computeroutput> hides all host + traffic from this VM but enables the VM to see traffic to and + from other VMs. <computeroutput>allow-all</computeroutput> + removes this restriction completely. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>nicproperty<1-N> + <paramname>="paramvalue"</computeroutput>: This option, + in combination with + <computeroutput>nicgenericdrv</computeroutput> enables you to + pass parameters to rarely-used network backends. + </para> + + <para> + Those parameters are backend engine-specific, and are + different between UDP Tunnel and the VDE backend drivers. See + <xref linkend="network_udp_tunnel" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>natpf<1-N> + [<name>],tcp|udp,[<hostip>],<hostport>,[<guestip>], + <guestport></computeroutput>: Specifies a NAT + port-forwarding rule. See <xref linkend="natforward"/>. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>natpf<1-N> delete + <name></computeroutput>: Deletes a NAT port-forwarding + rule. See <xref linkend="natforward"/>. + </para> + </listitem> + + <listitem> + <para> + The <computeroutput>guestmemoryballoon<balloon size in + MB></computeroutput>: Changes the size of the guest memory + balloon. This is the memory allocated by the &product-name; + Guest Additions from the guest operating system and returned + to the hypervisor for reuse by other virtual machines. This + must be specified in megabytes. See + <xref linkend="guestadd-balloon" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>usbattach<uuid|address> [--capturefile + <filename>]</computeroutput> + </para> + + <para> + and <computeroutput>usbdetach <uuid|address> + [--capturefile <filename>]</computeroutput>: Makes host + USB devices visible or invisible to the virtual machine on the + fly, without the need for creating filters first. The USB + devices can be specified by UUID (unique identifier) or by + address on the host system. Use the + <computeroutput>--capturefile</computeroutput> option to + specify the absolute path of a file for writing activity + logging data. + </para> + + <para> + You can use <command>VBoxManage list usbhost</command> to + locate this information. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>audioin on</computeroutput>: Selects whether + capturing audio from the host is enabled or disabled. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>audioout on</computeroutput>: Selects whether + audio playback from the guest is enabled or disabled. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>clipboard + disabled|hosttoguest|guesttohost|bidirectional</computeroutput>: + Selects how the guest or host operating system's clipboard + should be shared with the host or guest. See + <xref linkend="generalsettings" />. This requires that the + Guest Additions be installed in the virtual machine. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>draganddrop + disabled|hosttoguest|guesttohost|bidirectional</computeroutput>: + Selects the current drag and drop mode being used between the + host and the virtual machine. See + <xref linkend="guestadd-dnd" />. This requires that the Guest + Additions be installed in the virtual machine. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>vrde on|off</computeroutput>: Enables and + disables the VRDE server, if it is installed. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>vrdeport + default|<ports></computeroutput>: Changes the port or a + range of ports that the VRDE server can bind to. + <computeroutput>default</computeroutput> or + <computeroutput>0</computeroutput> means port 3389, the + standard port for RDP. See the description for the + <computeroutput>--vrdeport</computeroutput> option in + <xref + linkend="vboxmanage-modifyvm-vrde" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>vrdeproperty + "TCP/Ports|Address=<value>"</computeroutput>: Sets the + port numbers and IP address on the VM to which the VRDE server + can bind. + </para> + + <itemizedlist> + + <listitem> + <para> + For TCP/Ports, <value> should be a port or a range + of ports to which the VRDE server can bind. + <computeroutput>default</computeroutput> or + <computeroutput>0</computeroutput> means port 3389, the + standard port for RDP. See the description for the + <computeroutput>--vrdeport</computeroutput> option in + <xref + linkend="vboxmanage-modifyvm-vrde" />. + </para> + </listitem> + + <listitem> + <para> + For TCP/Address, <value>: The IP address of the host + network interface that the VRDE server will bind to. If + specified, the server will accept connections only on the + specified host network interface. See the description for + the <computeroutput>--vrdeaddress</computeroutput> option + in + <xref + linkend="vboxmanage-modifyvm-vrde" />. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + <computeroutput>vrdeproperty + "VideoChannel/Enabled|Quality|DownscaleProtection=<value>"</computeroutput>: + Sets the VRDP video redirection properties. + </para> + + <itemizedlist> + + <listitem> + <para> + For VideoChannel/Enabled, <value> can be set to "1" + switching the VRDP video channel on. See + <xref linkend="vrde-videochannel" />. + </para> + </listitem> + + <listitem> + <para> + For VideoChannel/Quality, <value> should be set + between 10 and 100% inclusive, representing a JPEG + compression level on the VRDE server video channel. Lower + values mean lower quality but higher compression. See + <xref linkend="vrde-videochannel" />. + </para> + </listitem> + + <listitem> + <para> + For VideoChannel/DownscaleProtection, <value> can be + set to "1" to enable the videochannel downscale protection + feature. When enabled, if a video's size equals the shadow + buffer size, then it is regarded as a full screen video, + and is displayed. If its size is between fullscreen and + the downscale threshold it is not displayed, as it could + be an application window, which would be unreadable when + downscaled. When the downscale protection feature is + disabled, an attempt is always made to display videos. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + <computeroutput>vrdeproperty + "Client/DisableDisplay|DisableInput|DisableAudio|DisableUSB=1"</computeroutput>: + Disables one of the VRDE server features: Display, Input, + Audio, or USB. To reenable a feature, use + "Client/DisableDisplay=" for example. See + <xref linkend="vrde-customization" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>vrdeproperty + "Client/DisableClipboard|DisableUpstreamAudio=1"</computeroutput>. + Disables one of the VRDE server features: Clipboard or + UpstreamAudio. To reenable a feature, use + "Client/DisableClipboard=" for example. See + <xref linkend="vrde-customization" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>vrdeproperty + "Client/DisableRDPDR=1"</computeroutput>: Disables the VRDE + server feature: RDP device redirection for smart cards. To + reenable this feature, use "Client/DisableRDPR=". + </para> + </listitem> + + <listitem> + <para> + <computeroutput>vrdeproperty + "H3DRedirect/Enabled=1"</computeroutput>: Enables the VRDE + server feature: 3D redirection. To disable this feature, use + "H3DRedirect/Enabled=". + </para> + </listitem> + + <listitem> + <para> + <computeroutput>vrdeproperty + "Security/Method|ServerCertificate|ServerPrivateKey|CACertificate=<value>"</computeroutput>: + Sets the desired security method, path of the server + certificate, path of the server private key, and path of CA + certificate, used for a connection. + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>vrdeproperty + "Security/Method=<value>"</computeroutput>: Sets the + desired security method, which is used for a connection. + Valid values are as follows: + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>Negotiate</computeroutput>: Both + Enhanced (TLS) and Standard RDP Security connections + are allowed. The security method is negotiated with + the client. This is the default setting. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>RDP</computeroutput>: Only Standard + RDP Security is accepted. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>TLS</computeroutput>: Only Enhanced + RDP Security is accepted. The client must support TLS. + </para> + </listitem> + + </itemizedlist> + + <para> + See <xref linkend="vrde-crypt" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>vrdeproperty + "Security/ServerCertificate=<value>"</computeroutput> + where <value> is the absolute path of the server + certificate. See <xref linkend="vrde-crypt" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>vrdeproperty + "Security/ServerPrivateKey=<value>"</computeroutput> + where <value> is the absolute path of the server + private key. See <xref linkend="vrde-crypt" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>vrdeproperty + "Security/CACertificate=<value>"</computeroutput> + where <value> is the absolute path of the CA self + signed certificate. See <xref linkend="vrde-crypt" />. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + <computeroutput>vrdeproperty + "Audio/RateCorrectionMode|LogPath=<value>"</computeroutput>: + Sets the audio connection mode, or path of the audio logfile. + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>vrdeproperty + "Audio/RateCorrectionMode=<value>"</computeroutput> + where <value> is the desired rate correction mode, + allowed values are: + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>VRDP_AUDIO_MODE_VOID</computeroutput>: + No mode specified, use to unset any Audio mode already + set. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>VRDP_AUDIO_MODE_RC</computeroutput>: + Rate correction mode. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>VRDP_AUDIO_MODE_LPF</computeroutput>: + Low pass filter mode. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>VRDP_AUDIO_MODE_CS</computeroutput>: + Client sync mode to prevent underflow or overflow of + the client queue. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + <computeroutput>vrdeproperty + "Audio/LogPath=<value>"</computeroutput> where + <value> is the absolute path of the audio log file. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + <computeroutput>vrdevideochannelquality + <percent></computeroutput>: Sets the image quality for + video redirection. See <xref linkend="vrde-videochannel" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>setvideomodehint</computeroutput>: Requests + that the guest system change to a particular video mode. This + requires that the Guest Additions be installed, and will not + work for all guest systems. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>screenshotpng</computeroutput>: Takes a + screenshot of the guest display and saves it in PNG format. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>recording on|off</computeroutput> enables or + disables the recording of a VM session into a WebM/VP8 file. + When this option value is <computeroutput>on</computeroutput>, + recording begins when the VM session starts. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>recordingscreens + all|<replaceable>screen-ID</replaceable> + [<replaceable>screen-ID</replaceable> ...]</computeroutput> + enables you to specify which VM screens to record. The + recording for each screen that you specify is saved to its own + file. You cannot modify this setting while recording is + enabled. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>recordingfile + <replaceable>filename</replaceable></computeroutput> specifies + the file in which to save the recording. You cannot modify + this setting while recording is enabled. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>recordingvideores + <replaceable>width</replaceable>x<replaceable>height</replaceable></computeroutput> + specifies the resolution of the recorded video in pixels. You + cannot modify this setting while recording is enabled. + </para> + </listitem> + + <listitem> +<!-- @todo r=andy Clarify rate. --> + + <para> + <computeroutput>recordingvideorate + <replaceable>bit-rate</replaceable></computeroutput> specifies + the bit rate of the video in kilobits per second. Increasing + this value improves the appearance of the video at the cost of + an increased file size. You cannot modify this setting while + recording is enabled. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>recordingvideofps + <replaceable>fps</replaceable></computeroutput> specifies the + maximum number of video frames per second (FPS) to record. + Frames that have a higher frequency are skipped. Increasing + this value reduces the number of skipped frames and increases + the file size. You cannot modify this setting while recording + is enabled. + </para> + </listitem> + + <listitem> +<!-- @todo r=andy Clarify time format. --> + + <para> + <computeroutput>recordingmaxtime + <replaceable>seconds</replaceable></computeroutput> specifies + the maximum amount time to record in seconds. The recording + stops after the specified number of seconds elapses. If this + value is zero, the recording continues until you stop the + recording. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>recordingmaxsize + <replaceable>MB</replaceable></computeroutput> specifies the + maximum size of the recorded video file in megabytes. The + recording stops when the file reaches the specified size. If + this value is zero, the recording continues until you stop the + recording. You cannot modify this setting while recording is + enabled. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>recordingopts + <replaceable>keyword</replaceable>=<replaceable>value</replaceable>[,<replaceable>keyword</replaceable>=<replaceable>value</replaceable> + ...]</computeroutput> specifies additional recording options + in a comma-separated keyword-value format. For example, + <computeroutput>foo=bar,a=b</computeroutput>. You cannot + modify this setting while recording is enabled. + </para> + + <para> + Only use this option only if you are an advanced user. For + information about keywords, see <emphasis>Oracle VM VirtualBox + Programming Guide and Reference</emphasis>. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>setcredentials</computeroutput>: Used for + remote logins on Windows guests. See + <xref linkend="autologon" />. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>teleport --host <name> --port + <port></computeroutput>: Configures a VM as a target for + teleporting. <name> specifies the virtual machine name. + <port> specifies the port on the virtual machine which + should listen for teleporting requests from other virtual + machines. It can be any free TCP/IP port number, such as 6000. + See <xref linkend="teleporting" />. + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>--maxdowntime + <msec></computeroutput>: Specifies the maximum + downtime, in milliseconds, for the teleporting target VM. + Optional. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--password + <password></computeroutput>: The teleporting request + will only succeed if the source machine specifies the same + password as the one given with this command. Optional. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--passwordfile <password + file></computeroutput>: The teleporting request will + only succeed if the source machine specifies the same + password as the one specified in the password file with + the path specified with this command. Use + <computeroutput>stdin</computeroutput> to read the + password from stdin. Optional. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + <computeroutput>plugcpu|unplugcpu <id></computeroutput>: + If CPU hot-plugging is enabled, this setting adds and removes + a virtual CPU to the virtual machine. + <computeroutput><id></computeroutput> specifies the + index of the virtual CPU to be added or removed and must be a + number from 0 to the maximum number of CPUs configured. CPU 0 + can never be removed. + </para> + </listitem> + + <listitem> + <para> + The <computeroutput>cpuexecutioncap + <1-100></computeroutput>: Controls how much CPU time a + virtual CPU can use. A value of 50 implies a single virtual + CPU can use up to 50% of a single host CPU. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>webcam attach <path|alias> + [<keyword=value>[;<keyword=value>...]]</computeroutput>: + Attaches a webcam to a running VM. Specify the absolute path + of the webcam on the host operating system, or use its alias, + obtained by using the command: <command>VBoxManage list + webcams</command>. + </para> + + <para> + Note that alias '.0' means the default video input device on + the host operating system, '.1', '.2', etc. mean first, + second, etc. video input device. The device order is + host-specific. + </para> + + <para> + The optional settings parameter is a + <computeroutput>;</computeroutput> delimited list of + name-value pairs, enabling configuration of the emulated + webcam device. + </para> + + <para> + The following settings are supported: + </para> + + <para> + MaxFramerate: Specifies the highest rate in frames per second, + at which video frames are sent to the guest. Higher frame + rates increase CPU load, so this setting can be useful when + there is a need to reduce CPU load. The default setting is + <computeroutput>no maximum limit</computeroutput>, thus + enabling the guest to use all frame rates supported by the + host webcam. + </para> + + <para> + MaxPayloadTransferSize: Specifies the maximum number of bytes + the emulated webcam can send to the guest in one buffer. The + default setting is 3060 bytes, which is used by some webcams. + Higher values can slightly reduce CPU load, if the guest is + able to use larger buffers. Note that higher + MaxPayloadTransferSize values may be not supported by some + guest operating systems. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>webcam detach + <path|alias></computeroutput>: Detaches a webcam from a + running VM. Specify the absolute path of the webcam on the + host, or use its alias obtained from the <command>webcam + list</command> command. + </para> + + <para> + Please note the following points, relating to specific host + operating systems: + </para> + + <itemizedlist> + + <listitem> + <para> + Windows hosts: When the webcam device is detached from the + host, the emulated webcam device is automatically detached + from the guest. + </para> + </listitem> + + <listitem> + <para> + Mac OS X hosts: OS X version 10.7 or newer is required. + </para> + + <para> + When the webcam device is detached from the host, the + emulated webcam device remains attached to the guest and + must be manually detached using the <command>VBoxManage + controlvm webcam detach</command> command. + </para> + </listitem> + + <listitem> + <para> + Linux hosts: When the webcam is detached from the host, + the emulated webcam device is automatically detached from + the guest only if the webcam is streaming video. If the + emulated webcam is inactive, it should be manually + detached using the <command>VBoxManage controlvm webcam + detach</command> command. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + <computeroutput>webcam list</computeroutput>: Lists webcams + attached to the running VM. The output is a list of absolute + paths or aliases that were used for attaching the webcams to + the VM using the <command>webcam attach</command> command. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>addencpassword <id> <password + file>|- [--removeonsuspend + <yes|no>]</computeroutput>: Supplies an encrypted VM + specified by <id> with the encryption password to enable + a headless start. Either specify the absolute path of a + password file on the host file system: <password file>, + or use <option>-</option> to instruct + <command>VBoxManage</command> to prompt the user for the + encryption password. + </para> + + <para> + <computeroutput>--removeonsuspend + <yes|no></computeroutput>: Specifies whether to remove + the passsword or keep the password in VM memory when the VM is + suspended. If the VM has been suspended and the password has + been removed, the user needs to resupply the password before + the VM can be resumed. This feature is useful in cases where + the user does not want the password to be stored in VM memory, + and the VM is suspended by a host suspend event. + </para> + + <note> + <para> + On &product-name; versions 5.0 and later, data stored on + hard disk images can be transparently encrypted for the + guest. &product-name; uses the AES algorithm in XTS mode and + supports 128 or 256 bit data encryption keys (DEK). The DEK + is stored encrypted in the medium properties, and is + decrypted during VM startup by supplying the encryption + password. + </para> + </note> + + <para> + The <command>VBoxManage encryptmedium</command> command is + used to create a DEK encrypted medium. See + <xref linkend="diskencryption-encryption" />. When starting an + encrypted VM from the &product-name; GUI, the user will be + prompted for the encryption password. + </para> + + <para> + For a headless encrypted VM start, use the following command: + </para> + +<screen> + VBoxManage startvm "vmname" --type headless + </screen> + + <para> + Then supply the required encryption password as follows: + </para> + +<screen> + VBoxManage "vmname" controlvm "vmname" addencpassword ... + </screen> + + <para></para> + </listitem> + + <listitem> + <para> + <computeroutput>removeencpassword <id></computeroutput>: + Removes encryption password authorization for password + <id> for all encrypted media attached to the VM. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>removeallencpasswords</computeroutput>: + Removes encryption password authorization for all passwords + for all encrypted media attached to the VM. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>changeuartmode <1-N></computeroutput>: + Changes the connection mode for a given virtual serial port. + </para> + </listitem> + + </itemizedlist> + + </sect1> + + <sect1 id="vboxmanage-discardstate"> + + <title>VBoxManage discardstate</title> + + <para> + This command discards the saved state of a virtual machine which + is not currently running. This will cause the VM's operating + system to restart next time you start it. This is the equivalent + of pulling out the power cable on a physical machine, and should + be avoided if possible. + </para> + + </sect1> + + <sect1 id="vboxmanage-adoptstate"> + + <title>VBoxManage adoptstate</title> + + <para> + If you have a Saved state file + (<computeroutput>.sav</computeroutput>) that is separate from the + VM configuration, you can use this command to + <emphasis>adopt</emphasis> the file. This will change the VM to + saved state and when you start it, &product-name; will attempt to + restore it from the saved state file you indicated. This command + should only be used in special setups. + </para> + + </sect1> + + <sect1 id="vboxmanage-snapshot"> + + <title>VBoxManage snapshot</title> + + <para> + This command is used to control snapshots from the command line. A + snapshot consists of a complete copy of the virtual machine + settings, copied at the time when the snapshot was taken, and + optionally a virtual machine saved state file if the snapshot was + taken while the machine was running. After a snapshot has been + taken, &product-name; creates a differencing hard disk for each + normal hard disk associated with the machine so that when a + snapshot is restored, the contents of the virtual machine's + virtual hard disks can be quickly reset by simply dropping the + preexisting differencing files. + </para> + +<screen>VBoxManage snapshot <uuid|vmname> + take <name> [--description <desc>] [--live] + [--uniquename Number,Timestamp,Space,Force] | + delete <uuid|snapname> | + restore <uuid|snapname> | + restorecurrent | + edit <uuid|snapname>|--current + [--name <name>] + [--description <desc>] | + list [--details|--machinereadable] + showvminfo <uuid|snapname></screen> + + <para> + The <command>take</command> operation takes a snapshot of the + current state of the virtual machine. You must supply a name for + the snapshot and can optionally supply a description. The new + snapshot is inserted into the snapshots tree as a child of the + current snapshot and then becomes the new current snapshot. The + <computeroutput>--description</computeroutput> parameter enables + you to describe the snapshot. If + <computeroutput>--live</computeroutput> is specified, the VM will + not be stopped during the snapshot creation. This is called live + snapshotting. + </para> + + <para> + The <command>delete</command> operation deletes a snapshot, + specified by name or by UUID. This can take a while to finish + since the differencing images associated with the snapshot might + need to be merged with their child differencing images. + </para> + + <para> + The <command>restore</command> operation will restore the given + snapshot, specified by name or by UUID, by resetting the virtual + machine's settings and current state to that of the snapshot. The + previous current state of the machine will be lost. After this, + the given snapshot becomes the new current snapshot so that + subsequent snapshots are inserted under the snapshot from which + was restored. + </para> + + <para> + The <command>restorecurrent</command> operation is a shortcut to + restore the current snapshot, which is the snapshot from which the + current state is derived. This subcommand is equivalent to using + the <command>restore</command> subcommand with the name or UUID of + the current snapshot, except that it avoids the extra step of + determining that name or UUID. + </para> + + <para> + With the <command>edit</command> operation, you can change the + name or description of an existing snapshot. + </para> + + <para> + The <command>list</command> operation shows all snapshots of a + virtual machine. + </para> + + <para> + With the <command>showvminfo</command> operation, you can view the + virtual machine settings that were stored with an existing + snapshot. + </para> + + </sect1> + + <sect1 id="vboxmanage-closemedium"> + + <title>VBoxManage closemedium</title> + + <para> + This command removes a hard disk, DVD, or floppy image from a + &product-name; media registry. + </para> + +<screen>VBoxManage closemedium [disk|dvd|floppy] <uuid|filename> + [--delete]</screen> + + <para> + Optionally, you can request that the image be deleted. You will + get appropriate diagnostics that the deletion failed, however the + image will become unregistered in any case. + </para> + + </sect1> + + <sect1 id="vboxmanage-storageattach"> + + <title>VBoxManage storageattach</title> + + <para> + This command attaches, modifies, and removes a storage medium + connected to a storage controller that was previously added with + the <command>storagectl</command> command. The syntax is as + follows: + </para> + +<screen>VBoxManage storageattach <uuid|vmname> + --storagectl <name> + [--port <number>] + [--device <number>] + [--type dvddrive|hdd|fdd] + [--medium none|emptydrive|additions| + <uuid>|<filename>|host:<drive>|iscsi] + [--mtype normal|writethrough|immutable|shareable + readonly|multiattach] + [--comment <text>] + [--setuuid <uuid>] + [--setparentuuid <uuid>] + [--passthrough on|off] + [--tempeject on|off] + [--nonrotational on|off] + [--discard on|off] + [--hotpluggable on|off] + [--bandwidthgroup name|none] + [--forceunmount] + [--server <name>|<ip>] + [--target <target>] + [--tport <port>] + [--lun <lun>] + [--encodedlun <lun>] + [--username <username>] + [--password <password>] + [--passwordfile <file>] + [--initiator <initiator>] + [--intnet]</screen> + + <para> + A number of parameters are commonly required. Some parameters are + required only for iSCSI targets. + </para> + + <para> + The common parameters are as follows: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput>uuid|vmname</computeroutput> + </term> + + <listitem> + <para> + The VM UUID or VM Name. Mandatory. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--storagectl</computeroutput> + </term> + + <listitem> + <para> + Name of the storage controller. Mandatory. The list of the + storage controllers currently attached to a VM can be + obtained with <command>VBoxManage showvminfo</command>. See + <xref linkend="vboxmanage-showvminfo" />. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--port</computeroutput> + </term> + + <listitem> + <para> + The number of the storage controller's port which is to be + modified. Mandatory, unless the storage controller has only + a single port. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--device</computeroutput> + </term> + + <listitem> + <para> + The number of the port's device which is to be modified. + Mandatory, unless the storage controller has only a single + device per port. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--type</computeroutput> + </term> + + <listitem> + <para> + Define the type of the drive to which the medium is being + attached, detached, or modified. This argument can only be + omitted if the type of medium can be determined from either + the medium given with the + <computeroutput>--medium</computeroutput> argument or from a + previous medium attachment. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--medium</computeroutput> + </term> + + <listitem> + <para> + Specifies what is to be attached. The following values are + supported: + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>none</computeroutput>: Any existing + device should be removed from the given slot. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>emptydrive</computeroutput>: For a + virtual DVD or floppy drive only, this makes the device + slot behave like a removeable drive into which no media + has been inserted. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>additions</computeroutput>: For a + virtual DVD drive only, this attaches the + <emphasis>VirtualBox Guest Additions</emphasis> image to + the given device slot. + </para> + </listitem> + + <listitem> + <para> + If a UUID is specified, it must be the UUID of a storage + medium that is already known to &product-name;. For + example, because it has been attached to another virtual + machine. See <xref linkend="vboxmanage-list" /> for + details of how to list known media. This medium is then + attached to the given device slot. + </para> + </listitem> + + <listitem> + <para> + If a filename is specified, it must be the full path of + an existing disk image in ISO, RAW, VDI, VMDK, or other + format. The disk image is then attached to the given + device slot. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>host:<drive></computeroutput>: For + a virtual DVD or floppy drive only, this connects the + given device slot to the specified DVD or floppy drive + on the host computer. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>iscsi</computeroutput>: For virtual hard + disks only, this is used for specifying an iSCSI target. + In this case, additional parameters must be given. These + are described below. + </para> + </listitem> + + </itemizedlist> + + <para> + Some of the above changes, in particular for removeable + media such as floppies and CDs/DVDs, can be effected while a + VM is running. Others, such as device changes or changes in + hard disk device slots, require the VM to be powered off. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--mtype</computeroutput> + </term> + + <listitem> + <para> + Defines how this medium behaves with respect to snapshots + and write operations. See <xref linkend="hdimagewrites" />. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--comment</computeroutput> + </term> + + <listitem> + <para> + An optional description that you want to have stored with + this medium. For example, for an iSCSI target, "Big storage + server downstairs". This is purely descriptive and not + needed for the medium to function correctly. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--setuuid, --setparentuuid</computeroutput> + </term> + + <listitem> + <para> + Modifies the UUID or parent UUID of a medium before + attaching it to a VM. This is an expert option. + Inappropriate use can make the medium unusable or lead to + broken VM configurations if any other VM is referring to the + same media already. The most frequently used variant is + <computeroutput>--setuuid ""</computeroutput>, which assigns + a new random UUID to an image. This option is useful for + resolving duplicate UUID errors if you duplicated an image + using a file copy utility. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--passthrough</computeroutput> + </term> + + <listitem> + <para> + For a virtual DVD drive only, you can enable DVD writing + support. This feature is currently experimental, see + <xref + linkend="storage-cds" />. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--tempeject</computeroutput> + </term> + + <listitem> + <para> + For a virtual DVD drive only, you can configure the behavior + for guest-triggered medium eject. If this is set to on, the + eject has only a temporary effect. If the VM is powered off + and restarted the originally configured medium will be still + in the drive. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--nonrotational</computeroutput> + </term> + + <listitem> + <para> + Enables you to enable the non-rotational flag for virtual + hard disks. Some guests, such as Windows 7 or later, treat + such disks like SSDs and do not perform disk fragmentation + on such media. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--discard</computeroutput> + </term> + + <listitem> + <para> + Enables the auto-discard feature for a virtual hard disks. + This specifies that a VDI image will be shrunk in response + to the trim command from the guest OS. The following + requirements must be met: + </para> + + <itemizedlist> + + <listitem> + <para> + The disk format must be VDI. + </para> + </listitem> + + <listitem> + <para> + The size of the cleared area must be at least 1 MB. + </para> + </listitem> + + <listitem> + <para> + &product-name; will only trim whole 1 MB blocks. The + VDIs themselves are organized into 1 MB blocks, so this + will only work if the space being trimmed is at least a + 1 MB contiguous block at a 1 MB boundary. On Windows, + occasional defragmentation with <command>defrag.exe + /D</command>, or on Linux running <command>btrfs + filesystem defrag</command> as a background cron job may + be beneficial. + </para> + </listitem> + + </itemizedlist> + + <note> + <para> + The Guest OS must be configured to issue the + <command>trim</command> command, and typically this means + that the guest OS is made to see the disk as an SSD. Ext4 + supports the -o discard mount flag. Mac OS X probably + requires additional settings. Windows should automatically + detect and support SSDs, at least in versions 7, 8, and + 10. The Linux exFAT driver from Samsung supports the + <command>trim</command> command. + </para> + </note> + + <para> + It is unclear whether Microsoft's implementation of exFAT + supports this feature, even though that file system was + originally designed for flash. + </para> + + <para> + Alternatively, there are other methods to issue trim. For + example, the Linux <command>fstrim</command> command, part + of the util-linux package. Earlier solutions required a user + to zero out unused areas, using zerofree or similar, and to + compact the disk. This is only possible when the VM is + offline. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--bandwidthgroup</computeroutput> + </term> + + <listitem> + <para> + Sets the bandwidth group to use for the given device. See + <xref linkend="storage-bandwidth-limit" />. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--forceunmount</computeroutput> + </term> + + <listitem> + <para> + For a virtual DVD or floppy drive only, this forcibly + unmounts the DVD/CD/Floppy or mounts a new DVD/CD/Floppy + even if the previous one is locked down by the guest for + reading. See <xref linkend="storage-cds" />. + </para> + </listitem> + </varlistentry> + + </variablelist> + + <para> + When <computeroutput>iscsi</computeroutput> is used with the + <computeroutput>--medium</computeroutput> parameter for iSCSI + support, additional parameters must or can be used. See also + <xref linkend="storage-iscsi" />. + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput>--server</computeroutput> + </term> + + <listitem> + <para> + The host name or IP address of the iSCSI target. Required. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--target</computeroutput> + </term> + + <listitem> + <para> + Target name string. This is determined by the iSCSI target + and used to identify the storage resource. Required. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--tport</computeroutput> + </term> + + <listitem> + <para> + TCP/IP port number of the iSCSI service on the target. + Optional. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--lun</computeroutput> + </term> + + <listitem> + <para> + Logical Unit Number of the target resource. Optional. Often, + this value is zero. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--encodedlun</computeroutput> + </term> + + <listitem> + <para> + Hex-encoded Logical Unit Number of the target resource. + Optional. Often, this value is zero. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--username, --password, + --passwordfile</computeroutput> + </term> + + <listitem> + <para> + Username and password, called the initiator secret, for + target authentication, if required. Optional. + </para> + + <note> + <para> + Username and password are stored without encryption, in + clear text, in the XML machine configuration file if no + settings password is provided. When a settings password is + specified for the first time, the password is stored in + encrypted form. As an alternative to providing the + password on the command line, a reference to a file + containing the text can be provided using the + <computeroutput>passwordfile</computeroutput> option. + </para> + </note> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--initiator</computeroutput> + </term> + + <listitem> + <para> + iSCSI Initiator. Optional. + </para> + + <para> + Microsoft iSCSI Initiator is a system, such as a server that + attaches to an IP network and initiates requests and + receives responses from an iSCSI target. The SAN components + in Microsoft iSCSI Initiator are largely analogous to Fibre + Channel SAN components, and they include the following: + </para> + + <itemizedlist> + + <listitem> + <para> + To transport blocks of iSCSI commands over the IP + network, an iSCSI driver must be installed on the iSCSI + host. An iSCSI driver is included with Microsoft iSCSI + Initiator. + </para> + </listitem> + + <listitem> + <para> + A gigabit Ethernet adapter that transmits 1000 megabits + per second (Mbps) is recommended for the connection to + an iSCSI target. Like standard 10/100 adapters, most + gigabit adapters use a preexisting Category 5 or + Category 6E cable. Each port on the adapter is + identified by a unique IP address. + </para> + </listitem> + + <listitem> + <para> + An iSCSI target is any device that receives iSCSI + commands. The device can be an end node, such as a + storage device, or it can be an intermediate device, + such as a network bridge between IP and Fibre Channel + devices. Each port on the storage array controller or + network bridge is identified by one or more IP addresses + </para> + </listitem> + + </itemizedlist> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--intnet</computeroutput> + </term> + + <listitem> + <para> + If specified, connect to the iSCSI target using Internal + Networking. This needs further configuration, see + <xref linkend="iscsi-intnet" />. + </para> + </listitem> + </varlistentry> + + </variablelist> + + </sect1> + + <sect1 id="vboxmanage-storagectl"> + + <title>VBoxManage storagectl</title> + + <para> + This command attaches, modifies, and removes a storage controller. + After this, virtual media can be attached to the controller with + the <command>storageattach</command> command. + </para> + + <para> + The syntax for this command is as follows: + </para> + +<screen>VBoxManage storagectl <uuid|vmname> + --name <name> + [--add ide|sata|scsi|floppy|sas|usb|pcie] + [--controller LSILogic|LSILogicSAS|BusLogic| + IntelAhci|PIIX3|PIIX4|ICH6|I82078| + USB|NVMe] + [--portcount <1-30>] + [--hostiocache on|off] + [--bootable on|off] + [--rename <name>] + [--remove]</screen> + + <para> + The parameters are as follows: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput>uuid|vmname</computeroutput> + </term> + + <listitem> + <para> + The VM UUID or VM Name. Mandatory. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--name</computeroutput> + </term> + + <listitem> + <para> + Specifies the name of the storage controller. Mandatory. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--add</computeroutput> + </term> + + <listitem> + <para> + Specifies the type of the system bus to which the storage + controller must be connected. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--controller</computeroutput> + </term> + + <listitem> + <para> + Enables a choice of chipset type being emulated for the + given storage controller. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--portcount</computeroutput> + </term> + + <listitem> + <para> + This specifies the number of ports the storage controller + should support. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--hostiocache</computeroutput> + </term> + + <listitem> + <para> + Configures the use of the host I/O cache for all disk images + attached to this storage controller. See + <xref + linkend="iocaching" />. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--bootable</computeroutput> + </term> + + <listitem> + <para> + Specifies whether this controller is bootable. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--rename</computeroutput> + </term> + + <listitem> + <para> + Specifies a new name for the storage controller. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--remove</computeroutput> + </term> + + <listitem> + <para> + Removes the storage controller from the VM configuration. + </para> + </listitem> + </varlistentry> + + </variablelist> + + </sect1> + + <sect1 id="vboxmanage-bandwidthctl"> + + <title>VBoxManage bandwidthctl</title> + + <para> + This command creates, deletes, modifies, and shows bandwidth + groups of the given virtual machine. + </para> + +<screen>VBoxManage bandwidthctl <uuid|vmname> + add <name> --type disk|network --limit <MBps>[k|m|g|K|M|G] | + set <name> --limit <MBps>[k|m|g|K|M|G] | + remove <name> | + list [--machinereadable]</screen> + + <para> + The following subcommands are available: + </para> + + <itemizedlist> + + <listitem> + <para> + <command>add</command>: Creates a new bandwidth group of a + given type. + </para> + </listitem> + + <listitem> + <para> + <command>set</command>: Modifies the limit for an existing + bandwidth group. + </para> + </listitem> + + <listitem> + <para> + <command>remove</command>: Deletes a bandwidth group. + </para> + </listitem> + + <listitem> + <para> + <command>list</command>: Shows all bandwidth groups defined + for the given VM. Use the + <computeroutput>--machinereadable</computeroutput> option to + produce the same output, but in machine readable format. This + is of the form: name="value" on a line by line basis. + </para> + </listitem> + + </itemizedlist> + + <para> + The parameters are as follows: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput>uuid|vmname</computeroutput> + </term> + + <listitem> + <para> + The VM UUID or VM Name. Mandatory. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--name</computeroutput> + </term> + + <listitem> + <para> + Name of the bandwidth group. Mandatory. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--type</computeroutput> + </term> + + <listitem> + <para> + Type of the bandwidth group. Mandatory. Two types are + supported: <computeroutput>disk</computeroutput> and + <computeroutput>network</computeroutput>. See + <xref linkend="storage-bandwidth-limit" /> or + <xref linkend="network_bandwidth_limit" /> for the + description of a particular type. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--limit</computeroutput> + </term> + + <listitem> + <para> + Specifies the limit for the given bandwidth group. This can + be changed while the VM is running. The default unit is + megabytes per second. The unit can be changed by specifying + one of the following suffixes: + <computeroutput>k</computeroutput> for kilobits per second, + <computeroutput>m</computeroutput> for megabits per second, + <computeroutput>g</computeroutput> for gigabits per second, + <computeroutput>K</computeroutput> for kilobytes per second, + <computeroutput>M</computeroutput> for megabytes per second, + <computeroutput>G</computeroutput> for gigabytes per second. + </para> + </listitem> + </varlistentry> + + </variablelist> + + <note> + <para> + The network bandwidth limits apply only to the traffic being + sent by virtual machines. The traffic being received by VMs is + unlimited. + </para> + </note> + + <note> + <para> + To remove a bandwidth group it must not be referenced by any + disks or adapters in the running VM. + </para> + </note> + + </sect1> + + <sect1 id="vboxmanage-showmediuminfo"> + + <title>VBoxManage showmediuminfo</title> + + <para> + This command shows information about a medium, notably its size, + its size on disk, its type, and the virtual machines which use it. + </para> + + <note> + <para> + For compatibility with earlier versions of &product-name;, the + <command>showvdiinfo</command> command is also supported and + mapped internally to the <command>showmediuminfo</command> + command. + </para> + </note> + +<screen>VBoxManage showmediuminfo [disk|dvd|floppy] <uuid|filename></screen> + + <para> + The medium must be specified either by its UUID, if the medium is + registered, or by its filename. Registered images can be listed + using <command>VBoxManage list hdds</command>, <command>VBoxManage + list dvds</command>, or <command>VBoxManage list + floppies</command>, as appropriate. See + <xref linkend="vboxmanage-list" />. + </para> + + </sect1> + + <sect1 id="vboxmanage-createmedium"> + + <title>VBoxManage createmedium</title> + + <para> + This command creates a new medium. The syntax is as follows: + </para> + +<screen>VBoxManage createmedium [disk|dvd|floppy] --filename <filename> + [--size <megabytes>|--sizebyte <bytes>] + [--diffparent <uuid>|<filename> + [--format VDI|VMDK|VHD] (default: VDI) + [--variant Standard,Fixed,Split2G,Stream,ESX]</screen> + + <para> + The parameters are as follows: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput>--filename <filename></computeroutput> + </term> + + <listitem> + <para> + Specifies a file name <filename> as an absolute path + on the host file system. Mandatory. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--size <megabytes></computeroutput> + </term> + + <listitem> + <para> + Specifies the image capacity, in 1 MB units. Optional. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--diffparent + <uuid>|<filename></computeroutput> + </term> + + <listitem> + <para> + Specifies the differencing image parent, either as a UUID or + by the absolute pathname of the file on the host file + system. Useful for sharing a base box disk image among + several VMs. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--format VDI|VMDK|VHD</computeroutput> + </term> + + <listitem> + <para> + Specifies the file format for the output file. Available + options are VDI, VMDK, VHD. The default format is VDI. + Optional. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--variant</computeroutput> + </term> + + <listitem> + <para> + Specifies any required file format variants for the output + file. This is a comma-separated list of variant flags. + Options are Standard,Fixed,Split2G,Stream,ESX. Not all + combinations are supported, and specifying mutually + incompatible flags results in an error message. Optional. + </para> + </listitem> + </varlistentry> + + </variablelist> + + <note> + <para> + For compatibility with earlier versions of &product-name;, the + <command>createvdi</command> and <command>createhd</command> + commands are also supported and mapped internally to the + <command>createmedium</command> command. + </para> + </note> + + </sect1> + + <sect1 id="vboxmanage-modifyvdi"> + + <title>VBoxManage modifymedium</title> + + <para> + With the <command>modifymedium</command> command, you can change + the characteristics of a disk image after it has been created. + </para> + +<screen>VBoxManage modifymedium [disk|dvd|floppy] <uuid|filename> + [--type normal|writethrough|immutable|shareable| + readonly|multiattach] + [--autoreset on|off] + [--property <name=[value]>] + [--compact] + [--resize <megabytes>|--resizebyte <bytes>] + [--move <path>] + [--setlocation <path>]</screen> + + <note> + <para> + For compatibility with earlier versions of &product-name;, the + <command>modifyvdi</command> and <command>modifyhd</command> + commands are also supported and mapped internally to the + <command>modifymedium</command> command. + </para> + </note> + + <para> + The disk image to modify must be specified either by its UUID, if + the medium is registered, or by its filename. Registered images + can be listed using <command>VBoxManage list hdds</command>, see + <xref linkend="vboxmanage-list" />. A filename must be specified + as a valid path, either as an absolute path or as a relative path + starting from the current directory. + </para> + + <para> + The following options are available: + </para> + + <itemizedlist> + + <listitem> + <para> + With the <computeroutput>--type</computeroutput> argument, you + can change the type of an existing image between the normal, + immutable, write-through and other modes. See + <xref + linkend="hdimagewrites" />. + </para> + </listitem> + + <listitem> + <para> + For immutable hard disks only, the <computeroutput>--autoreset + on|off</computeroutput> option determines whether the disk is + automatically reset on every VM startup. See + <xref linkend="hdimagewrites" />. By default, autoreset is on. + </para> + </listitem> + + <listitem> + <para> + The <computeroutput>--compact</computeroutput> option can be + used to compact disk images. Compacting removes blocks that + only contains zeroes. Using this option will shrink a + dynamically allocated image. It will reduce the + <emphasis>physical</emphasis> size of the image without + affecting the logical size of the virtual disk. Compaction + works both for base images and for differencing images created + as part of a snapshot. + </para> + + <para> + For this operation to be effective, it is required that free + space in the guest system first be zeroed out using a suitable + software tool. For Windows guests, you can use the + <command>sdelete</command> tool provided by Microsoft. Run + <command>sdelete -z</command> in the guest to zero the free + disk space, before compressing the virtual disk image. For + Linux, use the <command>zerofree</command> utility which + supports ext2/ext3 filesystems. For Mac OS X guests, use the + <computeroutput>diskutil secureErase freespace 0 + /</computeroutput> command from an elevated Terminal. + </para> + + <para> + Please note that compacting is currently only available for + VDI images. A similar effect can be achieved by zeroing out + free blocks and then cloning the disk to any other dynamically + allocated format. You can use this workaround until compacting + is also supported for disk formats other than VDI. + </para> + </listitem> + + <listitem> + <para> + The <computeroutput>--resize x</computeroutput> option, where + x is the desired new total space in megabytes enables you to + change the capacity of an existing image. This adjusts the + <emphasis>logical</emphasis> size of a virtual disk without + affecting the physical size much. + </para> + + <para> + This option currently works only for VDI and VHD formats, and + only for the dynamically allocated variants. It can only be + used to expand, but not shrink, the capacity. For example, if + you originally created a 10 GB disk which is now full, you can + use the <computeroutput>--resize 15360</computeroutput> + command to change the capacity to 15 GB (15,360 MB) without + having to create a new image and copy all data from within a + virtual machine. Note however that this only changes the drive + capacity. You will typically next need to use a partition + management tool inside the guest to adjust the main partition + to fill the drive. + </para> + + <para> + The <computeroutput>--resizebyte x</computeroutput> option + does almost the same thing, except that x is expressed in + bytes instead of megabytes. + </para> + </listitem> + + <listitem> + <para> + The <computeroutput>--move <path></computeroutput> + option can be used to relocate a medium to a different + location <path> on the host file system. The path can be + either relative to the current directory or absolute. + </para> + </listitem> + + <listitem> + <para> + The <computeroutput>--setlocation + <path></computeroutput> option can be used to set the + new location <path> of the medium on the host file + system if the medium has been moved for any reasons. The path + can be either relative to the current directory or absolute. + </para> + + <note> + <para> + The new location is used as is, without any sanity checks. + The user is responsible for setting the correct path. + </para> + </note> + </listitem> + + </itemizedlist> + + </sect1> + + <sect1 id="vboxmanage-clonevdi"> + + <title>VBoxManage clonemedium</title> + + <para> + This command duplicates a virtual disk, DVD, or floppy medium to a + new medium, usually an image file, with a new unique identifier + (UUID). The new image can be transferred to another host system or + reimported into &product-name; using the Virtual Media Manager. + See <xref linkend="vdis" /> and <xref linkend="cloningvdis" />. + The syntax is as follows: + </para> + +<screen>VBoxManage clonemedium [disk|dvd|floppy] <uuid|inputfile> <uuid|outputfile> + + [--format VDI|VMDK|VHD|RAW|<other>] + [--variant Standard,Fixed,Split2G,Stream,ESX] + [--existing]</screen> + + <para> + The medium to clone as well as the target image must be described + either by its UUIDs, if the mediums are registered, or by its + filename. Registered images can be listed by <command>VBoxManage + list hdds</command>. See <xref linkend="vboxmanage-list" />. A + filename must be specified as valid path, either as an absolute + path or as a relative path starting from the current directory. + </para> + + <para> + The following options are available: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput>--format</computeroutput> + </term> + + <listitem> + <para> + Set a file format for the output file different from the + file format of the input file. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--variant</computeroutput> + </term> + + <listitem> + <para> + Set a file format variant for the output file. This is a + comma-separated list of variant flags. Not all combinations + are supported, and specifying inconsistent flags will result + in an error message. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--existing</computeroutput> + </term> + + <listitem> + <para> + Perform the clone operation to an already existing + destination medium. Only the portion of the source medium + which fits into the destination medium is copied. This means + if the destination medium is smaller than the source only a + part of it is copied, and if the destination medium is + larger than the source the remaining part of the destination + medium is unchanged. + </para> + </listitem> + </varlistentry> + + </variablelist> + + <note> + <para> + For compatibility with earlier versions of &product-name;, the + <command>clonevdi</command> and <command>clonehd</command> + commands are still supported and mapped internally to the + <command>clonehd disk</command> command. + </para> + </note> + + </sect1> + + <sect1 id="vboxmanage-mediumproperty"> + + <title>VBoxManage mediumproperty</title> + + <para> + This command sets, gets, or deletes a medium property. The syntax + is as follows: + </para> + +<screen>VBoxManage mediumproperty [disk|dvd|floppy] set <uuid|filename> + <property> <value></screen> + + <itemizedlist> + + <listitem> + <para> + Use <computeroutput><disk|dvd|floppy></computeroutput> + to optionally specify the type of medium: disk (hard drive), + dvd, or floppy. + </para> + </listitem> + + <listitem> + <para> + Use <computeroutput><uuid|filename></computeroutput> to + supply either the UUID or absolute path of the medium or + image. + </para> + </listitem> + + <listitem> + <para> + Use <computeroutput><property></computeroutput> to + supply the name of the property. + </para> + </listitem> + + <listitem> + <para> + Use <computeroutput><value></computeroutput> to supply + the property value. + </para> + </listitem> + + </itemizedlist> + +<screen>VBoxManage mediumproperty [disk|dvd|floppy] get <uuid|filename> + <property></screen> + + <itemizedlist> + + <listitem> + <para> + Use <computeroutput><disk|dvd|floppy></computeroutput> + to optionally specify the type of medium: disk (hard drive), + dvd, or floppy. + </para> + </listitem> + + <listitem> + <para> + Use <computeroutput><uuid|filename></computeroutput> to + supply either the UUID or absolute path of the medium or + image. + </para> + </listitem> + + <listitem> + <para> + Use <computeroutput><property></computeroutput> to + supply the name of the property. + </para> + </listitem> + + </itemizedlist> + +<screen>VBoxManage mediumproperty [disk|dvd|floppy] delete <uuid|filename> + <property></screen> + + <itemizedlist> + + <listitem> + <para> + Use <computeroutput><disk|dvd|floppy></computeroutput> + to optionally specify the type of medium: disk (hard drive), + dvd, or floppy. + </para> + </listitem> + + <listitem> + <para> + Use <computeroutput><uuid|filename></computeroutput> to + supply either the UUID or absolute path of the medium or + image. + </para> + </listitem> + + <listitem> + <para> + Use <computeroutput><property></computeroutput> to + supply the name of the property. + </para> + </listitem> + + </itemizedlist> + + </sect1> + + <sect1 id="vboxmanage-encryptmedium"> + + <title>VBoxManage encryptmedium</title> + + <para> + This command is used to create a DEK encrypted medium or image. + See <xref linkend="diskencryption-encryption" />. + </para> + + <para> + The syntax is as follows: + </para> + +<screen>VBoxManage encryptmedium <uuid|filename> + [--newpassword <file|->] + [--oldpassword <file|->] + [--cipher <cipher id>] + [--newpasswordid <password id>]</screen> + + <itemizedlist> + + <listitem> + <para> + Use <computeroutput><uuid|filename></computeroutput> to + supply the UUID or absolute path of the medium or image to be + encrypted. + </para> + </listitem> + + <listitem> + <para> + Use <computeroutput>--newpassword + <file|-></computeroutput> to supply a new encryption + password. Either specify the absolute pathname of a password + file on the host operating system, or + <computeroutput>-</computeroutput> to prompt you for the + password on the command line. Always use the + <computeroutput>--newpasswordid</computeroutput> option with + this option. + </para> + </listitem> + + <listitem> + <para> + Use <computeroutput>--oldpassword + <file|-></computeroutput> to supply any old encryption + password. Either specify the absolute pathname of a password + file on the host operating system, or + <computeroutput>-</computeroutput> to prompt you for the old + password on the command line. + </para> + + <para> + Use this option to gain access to an encrypted medium or image + to either change its password using + <computeroutput>--newpassword</computeroutput> or change its + encryption using <computeroutput>--cipher</computeroutput>. + </para> + </listitem> + + <listitem> + <para> + Use <computeroutput>--cipher <cipher></computeroutput> + to specify the cipher to use for encryption. This can be + either <computeroutput>AES-XTS128-PLAIN64</computeroutput> or + <computeroutput>AES-XTS256-PLAIN64</computeroutput>. + </para> + + <para> + Use this option to change any existing encryption on the + medium or image, or to set up new encryption on it for the + first time. + </para> + </listitem> + + <listitem> + <para> + Use <computeroutput>--newpasswordid <password + id></computeroutput> to supply the new password identifier. + This can be chosen by the user, and is used for correct + identification when supplying multiple passwords during VM + startup. + </para> + + <para> + If the user uses the same password when encrypting multiple + images and also the same password identifier, the user needs + to supply the password only once during VM startup. + </para> + </listitem> + + </itemizedlist> + + </sect1> + + <sect1 id="vboxmanage-checkmediumpwd"> + + <title>VBoxManage checkmediumpwd</title> + + <para> + This command is used to check the current encryption password on a + DEK encrypted medium or image. See + <xref linkend="diskencryption-encryption" />. + </para> + + <para> + The syntax is as follows: + </para> + +<screen>VBoxManage checkmediumpwd <uuid|filename> + <pwd file|-></screen> + + <itemizedlist> + + <listitem> + <para> + Use <computeroutput><uuid|filename></computeroutput> to + supply the UUID or absolute path of the medium or image to be + checked. + </para> + </listitem> + + <listitem> + <para> + Use <computeroutput><pwd file|-></computeroutput> to + supply the password identifier to be checked. Either specify + the absolute pathname of a password file on the host operating + system, or <computeroutput>-</computeroutput> to prompt you + for the password on the command line. + </para> + </listitem> + + </itemizedlist> + + </sect1> + + <sect1 id="vboxmanage-convertfromraw"> + + <title>VBoxManage convertfromraw</title> + + <para> + This command converts a raw disk image to a &product-name; Disk + Image (VDI) file. The syntax is as follows: + </para> + +<screen>VBoxManage convertfromraw <filename> <outputfile> + [--format VDI|VMDK|VHD] + [--variant Standard,Fixed,Split2G,Stream,ESX] + [--uuid <uuid>] +VBoxManage convertfromraw stdin <outputfile> <bytes> + [--format VDI|VMDK|VHD] + [--variant Standard,Fixed,Split2G,Stream,ESX] + [--uuid <uuid>]</screen> + + <para> + The parameters are as follows: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput>--bytes</computeroutput> + </term> + + <listitem> + <para> + The size of the image file, in bytes, provided through + stdin. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--format</computeroutput> + </term> + + <listitem> + <para> + Select the disk image format to create. The default format + is VDI. Other options are VMDK and VHD. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--variant</computeroutput> + </term> + + <listitem> + <para> + Choose a file format variant for the output file. This is a + comma-separated list of variant flags. Not all combinations + are supported, and specifying inconsistent flags will result + in an error message. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--uuid</computeroutput> + </term> + + <listitem> + <para> + Specify the UUID of the output file. + </para> + </listitem> + </varlistentry> + + </variablelist> + + <para> + The <command>stdin</command> form of the command forces + <command>VBoxManage</command> to read the content of the disk + image from standard input. This useful when using the command in a + pipe. + </para> + + <note> + <para> + For compatibility with earlier versions of &product-name;, the + <command>convertdd</command> command is also supported and + mapped internally to the <command>convertfromraw</command> + command. + </para> + </note> + + </sect1> + + <sect1 id="vboxmanage-extradata"> + + <title>VBoxManage getextradata/setextradata</title> + + <para> + These commands enable you to attach and retrieve string data for a + virtual machine or for a &product-name; configuration, by + specifying <computeroutput>global</computeroutput> instead of a + virtual machine name. You must specify a keyword as a text string + to associate the data with, which you can later use to retrieve + it. For example: + </para> + +<screen>VBoxManage setextradata Fedora5 installdate 2006.01.01 +VBoxManage setextradata SUSE10 installdate 2006.02.02</screen> + + <para> + This example would associate the string "2006.01.01" with the + keyword installdate for the virtual machine Fedora5, and + "2006.02.02" on the machine SUSE10. You could then retrieve the + information as follows: + </para> + +<screen>VBoxManage getextradata Fedora5 installdate</screen> + + <para> + This would return the following: + </para> + +<screen>VirtualBox Command Line Management Interface Version <replaceable>version-number</replaceable> +(C) 2005-2018 Oracle Corporation +All rights reserved. + +Value: 2006.01.01</screen> + + <para> + You could retrieve the information for all keywords as follows: + </para> + +<screen>VBoxManage getextradata Fedora5 enumerate</screen> + + <para> + To remove a keyword, the <command>setextradata</command> command + must be run without specifying data, only the keyword. For + example: + </para> + +<screen>VBoxManage setextradata Fedora5 installdate</screen> + + </sect1> + + <sect1 id="vboxmanage-setproperty"> + + <title>VBoxManage setproperty</title> + + <para> + This command is used to change global settings which affect the + entire &product-name; installation. Some of these correspond to + the settings in the <emphasis role="bold">Global + Settings</emphasis> dialog in the graphical user interface. The + following properties are available: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput>machinefolder</computeroutput> + </term> + + <listitem> + <para> + Specifies the default folder in which virtual machine + definitions are kept. See <xref linkend="vboxconfigdata" />. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>hwvirtexclusive</computeroutput> + </term> + + <listitem> + <para> + Specifies whether &product-name; will make exclusive use of + the hardware virtualization extensions (Intel VT-x or AMD-V) + of the host system's processor. See + <xref linkend="hwvirt" />. If you wish to share these + extensions with other hypervisors running at the same time, + you must disable this setting. Doing so has negative + performance implications. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>vrdeauthlibrary</computeroutput> + </term> + + <listitem> + <para> + Specifies which library to use when external authentication + has been selected for a particular virtual machine. See + <xref linkend="vbox-auth" />. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>websrvauthlibrary</computeroutput> + </term> + + <listitem> + <para> + Specifies which library the web service uses to authenticate + users. For details about the &product-name; web service, see + the &product-name; SDK reference, + <xref + linkend="VirtualBoxAPI" />. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>vrdeextpack</computeroutput> + </term> + + <listitem> + <para> + Specifies which library implements the VirtualBox Remote + Desktop Extension. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>loghistorycount</computeroutput> + </term> + + <listitem> + <para> + Selects how many rotated VM logs are retained. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>autostartdbpath</computeroutput> + </term> + + <listitem> + <para> + Selects the path to the autostart database. See + <xref linkend="autostart" />. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>defaultfrontend</computeroutput> + </term> + + <listitem> + <para> + Selects the global default VM frontend setting. See + <xref linkend="vboxmanage-startvm" />. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>logginglevel</computeroutput> + </term> + + <listitem> + <para> + Configures the VBoxSVC release logging details. See + <ulink url="http://www.virtualbox.org/wiki/VBoxLogging">http://www.virtualbox.org/wiki/VBoxLogging</ulink>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>proxymode</computeroutput> + </term> + + <listitem> + <para> + Configures the mode for an HTTP proxy server. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>proxyurl</computeroutput> + </term> + + <listitem> + <para> + Configures the URL for an HTTP proxy server. Used when a + manual proxy is configured using the + <computeroutput>manual</computeroutput> setting of the + <computeroutput>proxymode</computeroutput> property. + </para> + </listitem> + </varlistentry> + + </variablelist> + + </sect1> + + <sect1 id="vboxmanage-usbfilter"> + + <title>VBoxManage usbfilter add/modify/remove</title> + +<screen>VBoxManage usbfilter add <index,0-N> + --target <uuid|vmname>global + --name <string> + --action ignore|hold (global filters only) + [--active yes|no (yes)] + [--vendorid <XXXX> (null)] + [--productid <XXXX> (null)] + [--revision <IIFF> (null)] + [--manufacturer <string> (null)] + [--product <string> (null)] + [--remote yes|no (null, VM filters only)] + [--serialnumber <string> (null)] + [--maskedinterfaces <XXXXXXXX>] + </screen> + +<screen>VBoxManage usbfilter modify <index,0-N> + --target <uuid|vmname>global + [--name <string>] + [--action ignore|hold (global filters only)] + [--active yes|no] + [--vendorid <XXXX>] + [--productid <XXXX>] + [--revision <IIFF>] + [--manufacturer <string>] + [--product <string>] + [--remote yes|no (null, VM filters only)] + [--serialnumber <string>] + [--maskedinterfaces <XXXXXXXX>] + </screen> + +<screen>VBoxManage usbfilter remove <index,0-N> + --target <uuid|vmname>global + </screen> + + <para> + The <command>usbfilter</command> commands are used for working + with USB filters in virtual machines, or global filters which + affect the whole &product-name; setup. Global filters are applied + before machine-specific filters, and may be used to prevent + devices from being captured by any virtual machine. Global filters + are always applied in a particular order, and only the first + filter which fits a device is applied. For example, if the first + global filter says to hold, or make available, a particular + Kingston memory stick device and the second filter says to ignore + all Kingston devices. That particular Kingston memory stick will + be available to any machine with the appropriate filter, but no + other Kingston device will. + </para> + + <para> + When creating a USB filter using <command>usbfilter add</command>, + you must supply three or four mandatory parameters. The index + specifies the position in the list at which the filter should be + placed. If there is already a filter at that position, then it and + the following ones will be shifted back one place. Otherwise, the + new filter will be added onto the end of the list. The + <computeroutput>target</computeroutput> parameter selects the + virtual machine that the filter should be attached to or use + <computeroutput>global</computeroutput> to apply it to all virtual + machines. <computeroutput>name</computeroutput> is a name for the + new filter. For global filters, + <computeroutput>action</computeroutput> says whether to allow VMs + access to devices that fit the filter description (hold) or not to + give them access (ignore). In addition, you should specify + parameters to filter by. You can find the parameters for devices + attached to your system using <command>VBoxManage list + usbhost</command>. Finally, you can specify whether the filter + should be active. For local filters, whether they are for local + devices, remote devices over an RDP connection, or either. + </para> + + <para> + When you modify a USB filter using <command>usbfilter + modify</command>, you must specify the filter by index and by + target, which is either a virtual machine or + <computeroutput>global</computeroutput>. See the output of + <command>VBoxManage list usbfilters</command> to find global + filter indexes and <command>VBoxManage showvminfo</command> to + find indexes for individual machines. The properties which can be + changed are the same as for <command>usbfilter add</command>. To + remove a filter, use <command>usbfilter remove</command> and + specify the index and the target. + </para> + + <para> + The following is a list of the additional <command>usbfilter + add</command> and <command>usbfilter modify</command> options, + with details of how to use them. + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>--action ignore|hold</computeroutput>: + Specifies whether devices that fit the filter description are + allowed access by machines (hold), or have access denied + (ignore). Applies to global filters only. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--active yes|no</computeroutput>: Specifies + whether the USB Filter is active or temporarily disabled. For + <computeroutput>usbfilter create</computeroutput> the default + is active. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--vendorid <XXXX>|""</computeroutput>: + Specifies a vendor ID filter. The string representation for an + exact match has the form XXXX, where X is the hexadecimal + digit, including leading zeroes. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--productid <XXXX>|""</computeroutput>: + Specifies a product ID filter. The string representation for + an exact match has the form XXXX, where X is the hexadecimal + digit, including leading zeroes. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--revision <IIFF>|""</computeroutput>: + Specifies a revision ID filter. The string representation for + an exact match has the form IIFF, where I is the decimal digit + of the integer part of the revision, and F is the decimal + digit of its fractional part, including leading and trailing + zeros. Note that for interval filters, it is best to use the + hexadecimal form, because the revision is stored as a 16-bit + packed BCD value. Therefore, the expression int:0x0100-0x0199 + will match any revision from 1.0 to 1.99 inclusive. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--manufacturer + <string>|""</computeroutput>: Specifies a manufacturer + ID filter, as a string. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--product <string>|""</computeroutput>: + Specifies a product ID filter, as a string. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--remote yes|no""</computeroutput>: Specifies + a remote filter, indicating whether the device is physically + connected to a remote VRDE client or to a local host machine. + Applies to VM filters only. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--serialnumber + <string>|""</computeroutput>: Specifies a serial number + filter, as a string. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--maskedinterfaces + <XXXXXXXX></computeroutput>: Specifies a masked + interface filter, for hiding one or more USB interfaces from + the guest. The value is a bit mask where the set bits + correspond to the USB interfaces that should be hidden, or + masked off. This feature only works on Linux hosts. + </para> + </listitem> + + </itemizedlist> + + </sect1> + + <sect1 id="vboxmanage-sharedfolder"> + + <title>VBoxManage sharedfolder add/remove</title> + +<screen> +VBoxManage sharedfolder add <uuid|vmname> + --name <name> --hostpath <hostpath> + [--transient] [--readonly] [--automount] +</screen> + + <para> + This command enables you to share folders on the host computer + with guest operating systems. For this, the guest systems must + have a version of the &product-name; Guest Additions installed + which supports this functionality. + </para> + + <para> + Parameters are as follows: + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput><uuid|vmname></computeroutput>: + Specifies the UUID or name of the VM whose guest operating + system will be sharing folders with the host computer. + Mandatory. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--name <name></computeroutput>: + Specifies the name of the share. Each share has a unique name + within the namespace of the host operating system. Mandatory. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>-hostpath <hostpath></computeroutput>: + Specifies the absolute path on the host operating system of + the directory to be shared with the guest operating system. + Mandatory. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>-transient</computeroutput>: Specifies that + the share is transient, meaning that it can be added and + removed at runtime and does not persist after the VM has + stopped. Optional. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>-readonly</computeroutput>: Specifies that the + share has only read-only access to files at the host path. + </para> + + <para> + By default, shared folders have read/write access to the files + on the host path. On Linux distributions, shared folders are + mounted with 770 file permissions with root user and vboxsf as + the group. Using this option the file permissions change to + 700. Optional. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>-automount</computeroutput>: Specifies that + the share will be automatically mounted. On Linux + distributions, this will be to either + <computeroutput>/media/USER/sf_<name></computeroutput> + or <computeroutput>/media/sf_<name></computeroutput>, + where <name> is the share named. The actual location + depends on the guest OS. Optional. + </para> + </listitem> + + </itemizedlist> + +<screen> +VBoxManage sharedfolder remove <uuid|vmname> + --name <name> [--transient] + +</screen> + + <para> + This command enables you to delete shared folders on the host + computer shares with the guest operating systems. For this, the + guest systems must have a version of the &product-name; Guest + Additions installed which supports this functionality. + </para> + + <para> + Parameters are as follows: + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput><uuid|vmname></computeroutput>: + Specifies the UUID or name of the VM whose guest operating + system is sharing folders with the host computer. Mandatory. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--name <name></computeroutput>: + Specifies the name of the share to be removed. Each share has + a unique name within the namespace of the host operating + system. Mandatory. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>-transient</computeroutput>: Specifies that + the share is transient, meaning that it can be added and + removed at runtime and does not persist after the VM has + stopped. Optional. + </para> + </listitem> + + </itemizedlist> + + <para> + Shared folders are described in <xref linkend="sharedfolders" />. + </para> + + </sect1> + + <sect1 id="vboxmanage-guestproperty"> + + <title>VBoxManage guestproperty</title> + + <para> + The <command>guestproperty</command> commands enable you to get or + set properties of a running virtual machine. See + <xref linkend="guestadd-guestprops" />. Guest properties are + arbitrary keyword-value string pairs which can be written to and + read from by either the guest or the host, so they can be used as + a low-volume communication channel for strings, provided that a + guest is running and has the Guest Additions installed. In + addition, a number of values whose keywords begin with + <computeroutput>/VirtualBox/</computeroutput>are automatically set + and maintained by the Guest Additions. + </para> + + <para> + The following subcommands are available, where + <computeroutput><vm></computeroutput> can either be a VM + name or a VM UUID, as with the other <command>VBoxManage</command> + commands: + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>enumerate <vm> [--patterns + <pattern>]</computeroutput>: Lists all the guest + properties that are available for the given VM, including the + value. This list will be very limited if the guest's service + process cannot be contacted, for example because the VM is not + running or the Guest Additions are not installed. + </para> + + <para> + If <computeroutput>--patterns <pattern></computeroutput> + is specified, it acts as a filter to only list properties that + match the given pattern. The pattern can contain the following + wildcard characters: + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>*</computeroutput> (asterisk): Represents + any number of characters. For example, + "<computeroutput>/VirtualBox*</computeroutput>" would + match all properties beginning with "/VirtualBox". + </para> + </listitem> + + <listitem> + <para> + <computeroutput>?</computeroutput> (question mark): + Represents a single arbitrary character. For example, + "<computeroutput>fo?</computeroutput>" would match both + "foo" and "for". + </para> + </listitem> + + <listitem> + <para> + <computeroutput>|</computeroutput> (pipe symbol): Can be + used to specify multiple alternative patterns. For + example, "<computeroutput>s*|t*</computeroutput>" would + match anything starting with either "s" or "t". + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + <computeroutput>get <vm> + <property></computeroutput>: Retrieves the value of a + single property only. If the property cannot be found, for + example because the guest is not running, the following + message is shown: + </para> + +<screen>No value set!</screen> + </listitem> + + <listitem> + <para> + <computeroutput>set <vm> <property> [<value> + [--flags <flags>]]</computeroutput>: Enables you to set + a guest property by specifying the keyword and value. If + <computeroutput><value></computeroutput> is omitted, the + property is deleted. With + <computeroutput>--flags</computeroutput>, you can specify + additional behavior. You can combine several flags by + separating them with commas. + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>TRANSIENT</computeroutput>: The value will + not be stored with the VM data when the VM exits. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>TRANSRESET</computeroutput>: The value + will be deleted as soon as the VM restarts or exits. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>RDONLYGUEST</computeroutput>: The value + can only be changed by the host, but the guest can only + read it. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>RDONLYHOST</computeroutput>: The value can + only be changed by the guest, but the host can only read + it. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>READONLY</computeroutput>: The value + cannot be changed at all. + </para> + </listitem> + + </itemizedlist> + </listitem> + + <listitem> + <para> + <computeroutput>wait <vm> <pattern> --timeout + <timeout></computeroutput>: Waits for a particular value + described by the pattern string to change or to be deleted or + created. The pattern rules are the same as for the + <command>enumerate</command> subcommand. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>delete <vm> + <property></computeroutput>: Deletes a guest property + which has been set previously. + </para> + </listitem> + + </itemizedlist> + + </sect1> + + <sect1 id="vboxmanage-guestcontrol"> + + <title>VBoxManage guestcontrol</title> + + <para> + The <command>guestcontrol</command> commands enable control of the + guest from the host. See + <xref + linkend="guestadd-guestcontrol" /> for an introduction. + </para> + + <para> + The <command>guestcontrol</command> command has two sets of + subcommands. The first set requires guest credentials to be + specified, the second does not. + </para> + + <para> + The first set of subcommands is of the following form: + </para> + +<screen>VBoxManage guestcontrol <uuid|vmname> <sub-command> + [--username <name> ] + [--passwordfile <file> | --password <password>] + [--domain <domain> ] + [-v|--verbose] [-q|quiet] ... + </screen> + + <para> + The common options are as follows: + </para> + +<screen> + [--username <name> ] + [--passwordfile <file> | --password <password>] + [--domain <domain> ] + [-v|--verbose] [-q|quiet] + </screen> + + <para> + The common options for the first set of subcommands are explained + in the following list. + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput><uuid|vmname></computeroutput> + </term> + + <listitem> + <para> + Specifies the VM UUID or VM name. Mandatory. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--username <name></computeroutput> + </term> + + <listitem> + <para> + Specifies the user name on guest OS under which the process + should run. This user name must already exist on the guest + OS. If unspecified, the host user name is used. Optional + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--passwordfile + <file>|--password</computeroutput> + </term> + + <listitem> + <para> + Specifies the absolute path on guest file system of password + file containing the password for the specified user account + or password for the specified user account. Optional. If + both are omitted, empty password is assumed. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--domain <domain></computeroutput> + </term> + + <listitem> + <para> + User domain for Windows guests. Optional. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>-v|--verbose</computeroutput> + </term> + + <listitem> + <para> + Makes the subcommand execution more verbose. Optional + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>-q|--quiet</computeroutput> + </term> + + <listitem> + <para> + Makes the subcommand execution quieter. Optional. + </para> + </listitem> + </varlistentry> + + </variablelist> + + <para> + The first set of subcommands are as follows: + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>run</computeroutput>: Executes a guest + program, forwarding stdout, stderr, and stdin to and from the + host until it completes. + </para> + +<screen>VBoxManage guestcontrol <uuid|vmname> run [common-options] + --exe <path to executable> [--timeout <msec>] + [-E|--putenv <NAME>[=<VALUE>]] [--unquoted-args] + [--ignore-operhaned-processes] [--profile] + [--no-wait-stdout|--wait-stdout] + [--no-wait-stderr|--wait-stderr] + [--dos2unix] [--unix2dos] + -- <program/arg0> [argument1] ... [argumentN]] + </screen> + + <variablelist> + + <varlistentry> + <term> + <computeroutput><uuid|vmname></computeroutput> + </term> + + <listitem> + <para> + Specifies the VM UUID or VM name. Mandatory. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--exe <path to + executable></computeroutput> + </term> + + <listitem> + <para> + Specifies the absolute path of the executable on the + guest OS file system. Mandatory. For example: + <computeroutput>C:\Windows\System32\calc.exe</computeroutput>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--timeout <msec></computeroutput> + </term> + + <listitem> + <para> + Specifies the maximum time, in microseconds, that the + executable can run, during which + <command>VBoxManage</command> receives its output. + Optional. If unspecified, <command>VBoxManage</command> + waits indefinitely for the process to end, or an error + occurs. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>-E|--putenv + <NAME>=<VALUE></computeroutput> + </term> + + <listitem> + <para> + Sets, modifies, and unsets environment variables in the + environment in which the program will run. Optional. + </para> + + <para> + The guest process is created with the standard default + guest OS environment. Use this option to modify that + default environment. To set or modify a variable use: + <computeroutput><NAME>=<VALUE></computeroutput>. + To unset a variable use: + <computeroutput><NAME>=</computeroutput> + </para> + + <para> + Any spaces in names and values should be enclosed by + quotes. + </para> + + <para> + To set, modify, and unset multiple variables, use + multiple instances of the + <computeroutput>--E|--putenv</computeroutput> option. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--unquoted-args</computeroutput> + </term> + + <listitem> + <para> + Disables escaped double quoting, such as \"fred\", on + arguments passed to the executed program. Optional. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--ignore-operhaned-processes</computeroutput> + </term> + + <listitem> + <para> + Ignore orphaned processes. Not yet implemented. + Optional. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--profile</computeroutput> + </term> + + <listitem> + <para> + Use Profile. Not yet implemented. Optional. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--no-wait-stdout|--wait-stdout</computeroutput> + </term> + + <listitem> + <para> + Does not wait or waits until the guest process ends and + receives its exit code and reason/flags. In the case of + <computeroutput>--wait-stdout</computeroutput>, + <command>VBoxManage</command> receives its stdout while + the process runs. Optional. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--no-wait-stderr|--wait-stderr</computeroutput> + </term> + + <listitem> + <para> + Does not wait or waits until the guest process ends and + receives its exit code, error messages, and flags. In + the case of + <computeroutput>--wait-stderr</computeroutput>, + <command>VBoxManage</command> receives its stderr while + the process runs. Optional. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--dos2unix</computeroutput> + </term> + + <listitem> + <para> + Converts output from DOS/Windows guests to + UNIX/Linux-compatible line endings, CR + LF to LF. Not + yet implemented. Optional. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--unix2dos</computeroutput> + </term> + + <listitem> + <para> + Converts output from a UNIX/Linux guests to + DOS/Windows-compatible line endings, LF to CR + LF. Not + yet implemented. Optional. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>[-- <program/arg0> + [<argument1>] ... + [<argumentN>]]</computeroutput> + </term> + + <listitem> + <para> + Specifies the program name, followed by one or more + arguments to pass to the program. Optional. + </para> + + <para> + Any spaces in arguments should be enclosed by quotes. + </para> + </listitem> + </varlistentry> + + </variablelist> + + <note> + <para> + On Windows there are certain limitations for graphical + applications. See <xref linkend="KnownIssues" />. + </para> + </note> + + <para> + Examples of using the <command>guestcontrol run</command> + command are as follows: + </para> + +<screen>VBoxManage --nologo guestcontrol "My VM" run --exe "/bin/ls" + --username foo --passwordfile bar.txt --wait-exit --wait-stdout -- -l /usr</screen> + +<screen>VBoxManage --nologo guestcontrol "My VM" run --exe "c:\\windows\\system32\\ipconfig.exe" + --username foo --passwordfile bar.txt --wait-exit --wait-stdout</screen> + + <para> + Note that the double backslashes in the second example are + only required on UNIX hosts. + </para> + + <note> + <para> + For certain commands a user name of an existing user account + on the guest must be specified. Anonymous executions are not + supported for security reasons. A user account password, + however, is optional and depends on the guest's OS security + policy or rules. If no password is specified for a given + user name, an empty password will be used. On certain OSes + like Windows the security policy may needs to be adjusted in + order to allow user accounts with an empty password set. + Also, global domain rules might apply and therefore cannot + be changed. + </para> + </note> + + <para> + Starting at &product-name; 4.1.2 guest process execution by + default is limited to serve up to five guest processes at a + time. If a new guest process gets started which would exceed + this limit, the oldest not running guest process will be + discarded in order to be able to run that new process. Also, + retrieving output from this old guest process will not be + possible anymore then. If all five guest processes are still + active and running, starting a new guest process will result + in an appropriate error message. + </para> + + <para> + To raise or lower the guest process execution limit, either + use the guest property + <computeroutput>/VirtualBox/GuestAdd/VBoxService/--control-procs-max-kept</computeroutput> + or <command>VBoxService</command> command line by specifying + <computeroutput>--control-procs-max-kept</computeroutput> + needs to be modified. A restart of the guest OS is required + afterwards. To serve unlimited guest processes, a value of + <computeroutput>0</computeroutput> needs to be set, but this + is not recommended. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>start</computeroutput>: Executes a guest + program until it completes. + </para> + +<screen>VBoxManage guestcontrol <uuid|vmname> start [common-options] + [--exe <path to executable>] [--timeout <msec>] + [-E|--putenv <NAME>[=<VALUE>]] [--unquoted-args] + [--ignore-operhaned-processes] [--profile] + -- <program/arg0> [argument1] ... [argumentN]] + </screen> + + <para> + Where the options are as follows: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput><uuid|vmname></computeroutput> + </term> + + <listitem> + <para> + Specifies the VM UUID or VM name. Mandatory. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--exe <path to + executable></computeroutput> + </term> + + <listitem> + <para> + Specifies the absolute path of the executable on the + guest OS file system. Mandatory. For example: + <computeroutput>C:\Windows\System32\calc.exe</computeroutput> + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--timeout <msec></computeroutput> + </term> + + <listitem> + <para> + Specifies the maximum time, in microseconds, that the + executable can run. Optional. If unspecified, + <command>VBoxManage</command> waits indefinitely for the + process to end, or an error occurs. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>-E|--putenv + <NAME>=<VALUE></computeroutput> + </term> + + <listitem> + <para> + Sets, modifies, and unsets environment variables in the + environment in which the program will run. Optional. + </para> + + <para> + The guest process is created with the standard default + guest OS environment. Use this option to modify that + default environment. To set or modify a variable use: + <computeroutput><NAME>=<VALUE></computeroutput>. + To unset a variable use: + <computeroutput><NAME>=</computeroutput> + </para> + + <para> + Any spaces in names and values should be enclosed by + quotes. + </para> + + <para> + To set, modify, or unset multiple variables, use + multiple instances of the + <computeroutput>--E|--putenv</computeroutput> option. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--unquoted-args</computeroutput> + </term> + + <listitem> + <para> + Disables escaped double quoting, such as \"fred\", on + arguments passed to the executed program. Optional. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--ignore-operhaned-processes</computeroutput> + </term> + + <listitem> + <para> + Ignores orphaned processes. Not yet implemented. + Optional. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--profile</computeroutput> + </term> + + <listitem> + <para> + Use a profile. Not yet implemented. Optional. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>[-- <program/arg0> + [<argument1>] ... + [<argumentN>]]</computeroutput> + </term> + + <listitem> + <para> + Specifies the program name, followed by one or more + arguments to pass to the program. Optional. + </para> + + <para> + Any spaces in arguments should be enclosed by quotes. + </para> + </listitem> + </varlistentry> + + </variablelist> + + <note> + <para> + On Windows there are certain limitations for graphical + applications. See <xref linkend="KnownIssues" />. + </para> + </note> + + <para> + Examples of using the <command>guestcontrol start</command> + command are as follows: + </para> + +<screen>VBoxManage --nologo guestcontrol "My VM" start --exe "/bin/ls" + --username foo --passwordfile bar.txt --wait-exit --wait-stdout -- -l /usr</screen> + +<screen>VBoxManage --nologo guestcontrol "My VM" start --exe "c:\\windows\\system32\\ipconfig.exe" + --username foo --passwordfile bar.txt --wait-exit --wait-stdout</screen> + + <para> + Note that the double backslashes in the second example are + only required on UNIX hosts. + </para> + + <note> + <para> + For certain commands a user name of an existing user account + on the guest must be specified. Anonymous executions are not + supported for security reasons. A user account password, + however, is optional and depends on the guest's OS security + policy or rules. If no password is specified for a given + user name, an empty password will be used. On certain OSes + like Windows the security policy may needs to be adjusted in + order to allow user accounts with an empty password set. + Also, global domain rules might apply and therefore cannot + be changed. + </para> + </note> + + <para> + Starting at &product-name; 4.1.2 guest process execution by + default is limited to serve up to five guest processes at a + time. If a new guest process gets started which would exceed + this limit, the oldest not running guest process will be + discarded in order to be able to run that new process. Also, + retrieving output from this old guest process will not be + possible anymore then. If all five guest processes are still + active and running, starting a new guest process will result + in an appropriate error message. + </para> + + <para> + To raise or lower the guest process execution limit, either + use the guest property + <computeroutput>/VirtualBox/GuestAdd/VBoxService/--control-procs-max-kept</computeroutput> + or <command>VBoxService</command> command line by specifying + <computeroutput>--control-procs-max-kept</computeroutput> + needs to be modified. A restart of the guest OS is required + afterwards. To serve unlimited guest processes, a value of + <computeroutput>0</computeroutput> needs to be set, but this + is not recommended. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>copyfrom</computeroutput>: Copies files from + the guest to the host file system. Only available with Guest + Additions 4.0 or later installed. + </para> + +<screen>VBoxManage guestcontrol <uuid|vmname> copyfrom [common-options] + [--follow] [--R|recursive] + --target-directory <host-dst-dir> + <guest-src0> [<guest-src1> [...]] </screen> + + <para> + Where the parameters are as follows: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput><uid|vmname></computeroutput> + </term> + + <listitem> + <para> + Specifies the VM UUID or VM name. Mandatory. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--follow</computeroutput> + </term> + + <listitem> + <para> + Enables symlink following on the guest file system. + Optional. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>-R|--recursive</computeroutput> + </term> + + <listitem> + <para> + Enables recursive copying of files and directories from + the specified guest file system directory. Optional. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--target-directory + <host-dst-dir></computeroutput> + </term> + + <listitem> + <para> + Specifies the absolute path of the host file system + destination directory. Mandatory. For example: + <computeroutput>C:\Temp</computeroutput>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput><guest-src0> [<guest-src1> + [...]]</computeroutput> + </term> + + <listitem> + <para> + Specifies the absolute paths of guest file system files + to be copied. Mandatory. For example: + <computeroutput>C:\Windows\System32\calc.exe</computeroutput>. + Wildcards can be used in the expressions. For example: + <computeroutput>C:\Windows\System*\*.dll</computeroutput>. + </para> + </listitem> + </varlistentry> + + </variablelist> + </listitem> + + <listitem> + <para> + <computeroutput>copyto</computeroutput>: Copies files from the + host to the guest file system. Only available with Guest + Additions 4.0 or later installed. + </para> + +<screen>VBoxManage guestcontrol <uuid|vmname> copyto [common-options] + [--follow] [--R|recursive] + --target-directory <guest-dst> + <host-src0> [<host-src1> [...]] </screen> + + <para> + Where the parameters are as follows: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput><uuid|vmname></computeroutput> + </term> + + <listitem> + <para> + Specifies the VM UUID or VM name. Mandatory. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--follow</computeroutput> + </term> + + <listitem> + <para> + Enables symlink following on the host file system. + Optional. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>-R|--recursive</computeroutput> + </term> + + <listitem> + <para> + Enables recursive copying of files and directories from + the specified host file system directory. Optional. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--target-directory + <guest-dst></computeroutput> + </term> + + <listitem> + <para> + Specifies the absolute path of the guest file system + destination directory. Mandatory. For example: + <computeroutput>C:\Temp</computeroutput>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput><host-src0> [<host-src1> + [...]]</computeroutput> + </term> + + <listitem> + <para> + Specifies the absolute paths of host file system files + to be copied. Mandatory. For example: + <computeroutput>C:\Windows\System32\calc.exe</computeroutput>. + Wildcards can be used in the expressions. For example: + <computeroutput>C:\Windows\System*\*.dll</computeroutput>. + </para> + </listitem> + </varlistentry> + + </variablelist> + </listitem> + + <listitem> + <para> + <computeroutput>md|mkdir|createdir|createdirectory</computeroutput>: + Creates one or more directories on the guest file system. Only + available with Guest Additions 4.0 or later installed. + </para> + +<screen>VBoxManage guestcontrol <uuid|vmname> md|mkdir|createdir|createdirectory [common-options] + [--parents] [--mode <mode>] + <guest-dir0> [<guest-dir1> [...]] </screen> + + <para> + Where the parameters are as follows: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput><uuid|vmname></computeroutput> + </term> + + <listitem> + <para> + Specifies the VM UUID or VM name. Mandatory. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--parents</computeroutput> + </term> + + <listitem> + <para> + Creates any absent parent directories of the specified + directory. Optional. + </para> + + <para> + For example: If specified directory is + <computeroutput>D:\Foo\Bar</computeroutput> and + <computeroutput>D:\Foo</computeroutput> is absent, it + will be created. In such a case, had the + <computeroutput>--parents</computeroutput> option not + been used, this command would have failed. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--mode <mode></computeroutput> + </term> + + <listitem> + <para> + Specifies the permission mode on the specified + directories, and any parents, if the + <computeroutput>--parents</computeroutput> option is + used. Currently octal modes only, such as. + <computeroutput>0755</computeroutput>, are supported. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput><guest-dir0> [<guest-dir1> + [...]]</computeroutput> + </term> + + <listitem> + <para> + Specifies a list of absolute paths of directories to be + created on guest file system. Mandatory. For example: + <computeroutput>D:\Foo\Bar</computeroutput>. + </para> + + <para> + All parent directories must already exist unless the + switch <computeroutput>--parents</computeroutput> is + used. For example, in the above example + <computeroutput>D:\Foo</computeroutput>. The specified + user must have sufficient rights to create the specified + directories, and any parents that need to be created. + </para> + </listitem> + </varlistentry> + + </variablelist> + </listitem> + + <listitem> + <para> + <computeroutput>rmdir|removedir|removedirectory</computeroutput>: + Deletes specified guest file system directories. Only + available with installed Guest Additions 4.3.2 and later. + </para> + +<screen>VBoxManage guestcontrol <uuid|vmname> rmdir|removedir|removedirectory [common-options] + [--recursive|-R] + <guest-dir0> [<guest-dir1> [...]] + </screen> + + <para> + Where the parameters are as follows: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput><uuid|vmname></computeroutput> + </term> + + <listitem> + <para> + Specifies the VM UUID or VM name. Mandatory. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--recursive</computeroutput> + </term> + + <listitem> + <para> + Recursively removes directories and contents. Optional. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput><guest-dir0> [<guest-dir1> + [...]]</computeroutput> + </term> + + <listitem> + <para> + Specifies a list of the absolute paths of directories to + be deleted on guest file system. Mandatory. Wildcards + are allowed. For example: + <computeroutput>D:\Foo\*Bar</computeroutput>. The + specified user must have sufficient rights to delete the + specified directories. + </para> + </listitem> + </varlistentry> + + </variablelist> + </listitem> + + <listitem> + <para> + <computeroutput>rm|removefile</computeroutput>: Deletes + specified files on the guest file system. Only available with + installed Guest Additions 4.3.2 and later. + </para> + +<screen>VBoxManage guestcontrol <uuid|vmname> rm|removefile [common-options] + [-f|--force] + <guest-file0> [<guest-file1> [...]] </screen> + + <para> + Where the parameters are as follows: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput><uuid|vmname></computeroutput> + </term> + + <listitem> + <para> + Specifies the VM UUID or VM name. Mandatory. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>-f|--force</computeroutput> + </term> + + <listitem> + <para> + Enforce operation and override any requests for + confirmations. Optional. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput><guest-file0> [<guest-file1> + [...]]</computeroutput> + </term> + + <listitem> + <para> + Specifies a list of absolute paths of files to be + deleted on guest file system. Mandatory. Wildcards are + allowed. For example: + <computeroutput>D:\Foo\Bar\text*.txt</computeroutput>. + The specified user should have sufficient rights to + delete the specified files. + </para> + </listitem> + </varlistentry> + + </variablelist> + </listitem> + + <listitem> + <para> + <computeroutput>mv|move|ren|rename</computeroutput>: Renames + files and/or directories on the guest file system. Only + available with installed Guest Additions 4.3.2 and later. + </para> + +<screen>VBoxManage guestcontrol <uuid|vmname> mv|move|ren|rename [common-options] + <guest-source0> [<guest-source1> [...]] <guest-dest></screen> + + <para> + Where the parameters are as follows: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput><uuid|vmname></computeroutput> + </term> + + <listitem> + <para> + Specifies the VM UUID or VM name. Mandatory. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput><guest-source0> + [<guest-source1> [...]]</computeroutput> + </term> + + <listitem> + <para> + Specifies absolute paths of files or a single directory + to be moved and renamed on guest file system. Mandatory. + Wildcards are allowed in file names. The specified user + should have sufficient rights to access the specified + files. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput><dest></computeroutput> + </term> + + <listitem> + <para> + Specifies the absolute path of the destination file or + directory to which the files are to be moved. Mandatory. + If only one file to be moved, <dest> can be file + or directory, else it must be a directory. The specified + user must have sufficient rights to access the + destination file or directory. + </para> + </listitem> + </varlistentry> + + </variablelist> + </listitem> + + <listitem> + <para> + <computeroutput>mktemp|createtemp|createtemporary</computeroutput>: + Creates a temporary file or directory on the guest file + system, to assist subsequent copying of files from the host to + the guest file systems. By default, the file or directory is + created in the guest's platform specific temp directory. Not + currently supported. Only available with installed Guest + Additions 4.2 and later. + </para> + +<screen>VBoxManage guestcontrol <uuid|vmname> mktemp|createtemp|createtemporary [common-options] + [--directory] [--secure] [--mode <mode>] [--tmpdir <directory>] + <template> + </screen> + + <para> + The parameters are as follows: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput><uuid|vmname></computeroutput> + </term> + + <listitem> + <para> + Specifies the VM UUID or VM name. Mandatory. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--directory</computeroutput> + </term> + + <listitem> + <para> + Creates a temporary directory instead of a file, + specified by the <template> parameter. Optional. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--secure</computeroutput> + </term> + + <listitem> + <para> + Enforces secure file and directory creation. Optional. + The permission mode is set to + <computeroutput>0755</computeroutput>. Operation fails + if it cannot be performed securely. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--mode <mode></computeroutput> + </term> + + <listitem> + <para> + Specifies the permission mode of the specified + directory. Optional. Currently only octal modes, such as + <computeroutput>0755</computeroutput>, are supported. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--tmpdir + <directory></computeroutput> + </term> + + <listitem> + <para> + Specifies the absolute path of the directory on the + guest file system where the file or directory specified + will be created. Optional. If unspecified, the + platform-specific temp directory is used. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput><template></computeroutput> + </term> + + <listitem> + <para> + Specifies a file name without a directory path, + containing at least one sequence of three consecutive X + characters, or ending in X. Mandatory. + </para> + </listitem> + </varlistentry> + + </variablelist> + </listitem> + + <listitem> + <para> + <computeroutput>stat</computeroutput>: Displays file or file + system statuses on the guest. + </para> + +<screen>VBoxManage guestcontrol <uuid|vmname> stat [common-options] + <file0> [<file1> [...]]</screen> + + <para> + Where the parameters are as follows: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput><uuid|vmname></computeroutput> + </term> + + <listitem> + <para> + Specifies the VM UUID or VM name. Mandatory. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput><file0> [<file1> + [...]]</computeroutput> + </term> + + <listitem> + <para> + Specifies absolute paths of files or file systems on the + guest file system. Mandatory. For example: + <computeroutput>/home/foo/a.out</computeroutput>. The + specified user should have sufficient rights to access + the specified files or file systems. + </para> + </listitem> + </varlistentry> + + </variablelist> + </listitem> + + </itemizedlist> + + <para> + The second set of subcommands is of the form: + </para> + +<screen>VBoxManage guestcontrol <uuid|vmname> <sub-command> + [-v|--verbose] [-q|quiet] ... + </screen> + + <para> + The common options are as follows: + </para> + +<screen> + [-v|--verbose] [-q|--quiet] + </screen> + + <para> + Details of the common options for the second set of subcommands + are as follows: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput>-v|--verbose</computeroutput> + </term> + + <listitem> + <para> + Makes the subcommand execution more verbose. Optional. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>-q|--quiet</computeroutput> + </term> + + <listitem> + <para> + Makes the subcommand execution quieter. Optional. + </para> + </listitem> + </varlistentry> + + </variablelist> + + <para> + The second set of subcommands are as follows: + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput>list</computeroutput>: Lists guest control + configuration and status data. For example: open guest + sessions, guest processes, and files. + </para> + +<screen>VBoxManage guestcontrol <uuid|vmname> list [common-opts] + <all|sessions|processes|files> </screen> + + <para> + Where the parameters are as follows: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput><uuid|vmname></computeroutput> + </term> + + <listitem> + <para> + Specifies the VM UUID or VM name. Mandatory. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>all|sessions|processes|files</computeroutput> + </term> + + <listitem> + <para> + Indicates whether to list all available data or guest + sessions, processes or files. Mandatory. + </para> + </listitem> + </varlistentry> + + </variablelist> + </listitem> + + <listitem> + <para> + <computeroutput>closeprocess</computeroutput>: Terminates + guest processes specified by PIDs running in a guest session, + specified by the session ID or name. + </para> + +<screen>VBoxManage guestcontrol <uuid|vmname> closeprocess [common-options] + --session-id <ID> | --session-name <name or pattern> + <PID0> [<PID1> [...]] </screen> + + <para> + Where the parameters are as follows: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput><uuid|vmname></computeroutput> + </term> + + <listitem> + <para> + Specifies the VM UUID or VM name. Mandatory. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--session-id <ID></computeroutput> + </term> + + <listitem> + <para> + Specifies the guest session by its ID. Optional. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--session-name <name or + pattern></computeroutput> + </term> + + <listitem> + <para> + Specifies the guest session by its name, or multiple + sessions using a pattern containing wildcards. Optional. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput><PID0> [<PID1> + [...]]</computeroutput> + </term> + + <listitem> + <para> + Specifies a list of process identifiers (PIDs) of guest + processes to be terminated. Mandatory. + </para> + </listitem> + </varlistentry> + + </variablelist> + </listitem> + + <listitem> + <para> + <computeroutput>closesession</computeroutput>: Closes + specified guest sessions, specified either by session ID or + name. + </para> + +<screen>VBoxManage guestcontrol <uuid|vmname> closesession [common-options] + --session-id <ID> | --session-name <name or pattern> | --all </screen> + + <para> + Where the parameters are as follows: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput><uuid|vmname></computeroutput> + </term> + + <listitem> + <para> + Specifies the VM UUID or VM name. Mandatory. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--session-id <ID></computeroutput> + </term> + + <listitem> + <para> + Specifies the guest session to be closed by ID. + Optional. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--session-name <name or + pattern></computeroutput> + </term> + + <listitem> + <para> + Specifies the guest session to be closed by name. + Optional. Multiple sessions can be specified by using a + pattern containing wildcards. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--all</computeroutput> + </term> + + <listitem> + <para> + Close all guest sessions. Optional. + </para> + </listitem> + </varlistentry> + + </variablelist> + </listitem> + + <listitem> + <para> + <computeroutput>updatega|updateadditions|updateguestadditions</computeroutput>: + Ugrades Guest Additions already installed on the guest. Only + available for already installed Guest Additions 4.0 and later. + </para> + +<screen>VBoxManage guestcontrol <uuid|vmname> updatega|updateadditions|updateguestadditions + [common-options] + [--source <New .ISO path>] + [--wait-start] + [-- <argument0> [<argument1> [...]]]</screen> + + <para> + Where the parameters are as follows: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput><uuid|vmname></computeroutput> + </term> + + <listitem> + <para> + Specifies the VM UUID or VM name. Mandatory. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--source</computeroutput> <New .ISO + path> + </term> + + <listitem> + <para> + Specifies the absolute path on the guest file system of + the .ISO file for the Guest Additions update. Mandatory. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--wait-start</computeroutput> + </term> + + <listitem> + <para> + Indicates that <command>VBoxManage</command> starts the + usual updating process on the guest and then waits until + the actual Guest Additions updating begins, at which + point <command>VBoxManage</command> self-terminates. + Optional. + </para> + + <para> + Default behavior is that <command>VBoxManage</command> + waits for completion of the Guest Additions update + before terminating. Use of this option is sometimes + necessary, as a running <command>VBoxManage</command> + can affect the interaction between the installer and the + guest OS. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>[-- <argument0> [<argument1> + [...]]]</computeroutput> + </term> + + <listitem> + <para> + Specifies optional command line arguments to be supplied + to the Guest Additions updater. Useful for retrofitting + features which are not currently installed. + </para> + + <para> + Arguments containing spaces should be enclosed by + quotes. + </para> + </listitem> + </varlistentry> + + </variablelist> + </listitem> + + <listitem> + <para> + <computeroutput>watch</computeroutput>: Prints current guest + control activity. + </para> + +<screen>VBoxManage guestcontrol <uuid|vmname> watch [common-options] + </screen> + + <para> + Where the parameters are as follows: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput><uuid|vmname></computeroutput> + </term> + + <listitem> + <para> + Specifies the VM UUID or VM name. Mandatory. + </para> + </listitem> + </varlistentry> + + </variablelist> + </listitem> + + </itemizedlist> + + </sect1> + + <sect1 id="vboxmanage-metrics"> + + <title>VBoxManage metrics</title> + + <para> + This command supports monitoring the usage of system resources. + Resources are represented by various metrics associated with the + host system or a particular VM. For example, the host system has a + <computeroutput>CPU/Load/User</computeroutput> metric that shows + the percentage of time CPUs spend executing in user mode over a + specific sampling period. + </para> + + <para> + Metric data is collected and retained internally. It may be + retrieved at any time with the <command>VBoxManage metrics + query</command> subcommand. The data is available as long as the + background <computeroutput>VBoxSVC</computeroutput> process is + alive. That process terminates shortly after all VMs and frontends + have been closed. + </para> + + <para> + By default no metrics are collected at all. Metrics collection + does not start until <command>VBoxManage metrics setup</command> + is invoked with a proper sampling interval and the number of + metrics to be retained. The interval is measured in seconds. For + example, to enable collecting the host processor and memory usage + metrics every second and keeping the five most current samples, + the following command can be used: + </para> + +<screen>VBoxManage metrics setup --period 1 --samples 5 host CPU/Load,RAM/Usage</screen> + + <para> + Metric collection can only be enabled for started VMs. Collected + data and collection settings for a particular VM will disappear as + soon as it shuts down. Use the <command>VBoxManage metrics + list</command> subcommand to see which metrics are currently + available. You can also use the <option>--list</option> option + with any subcommand that modifies metric settings to find out + which metrics were affected. + </para> + + <para> + Note that the <command>VBoxManage metrics setup</command> + subcommand discards all samples that may have been previously + collected for the specified set of objects and metrics. + </para> + + <para> + To enable or disable metrics collection without discarding the + data, <command>VBoxManage metrics enable</command> and + <command>VBoxManage metrics disable</command> subcommands can be + used. Note that these subcommands expect metrics as parameters, + not submetrics such as <computeroutput>CPU/Load</computeroutput> + or <computeroutput>RAM/Usage</computeroutput>. In other words + enabling <computeroutput>CPU/Load/User</computeroutput> while + disabling <computeroutput>CPU/Load/Kernel</computeroutput> is not + supported. + </para> + + <para> + The host and VMs have different sets of associated metrics. + Available metrics can be listed with <command>VBoxManage metrics + list</command> subcommand. + </para> + + <para> + A complete metric name may include an aggregate function. The name + has the following form: + <computeroutput>Category/Metric[/SubMetric][:aggregate]</computeroutput>. + For example, <computeroutput>RAM/Usage/Free:min</computeroutput> + stands for the minimum amount of available memory over all + retained data if applied to the host object. + </para> + + <para> + Subcommands may apply to all objects and metrics or can be limited + to one object and a list of metrics. If no objects or metrics are + given in the parameters, the subcommands will apply to all + available metrics of all objects. You may use an asterisk + "<computeroutput>*</computeroutput>" to explicitly specify that + the command should be applied to all objects or metrics. Use + <computeroutput>host</computeroutput> as the object name to limit + the scope of the command to host-related metrics. To limit the + scope to a subset of metrics, use a metric list with names + separated by commas. + </para> + + <para> + For example, to query metric data on the CPU time spent in user + and kernel modes by the virtual machine named + <computeroutput>test</computeroutput>, use the following command: + </para> + +<screen>VBoxManage metrics query test CPU/Load/User,CPU/Load/Kernel</screen> + + <para> + The following list summarizes the available subcommands: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput>list</computeroutput> + </term> + + <listitem> + <para> + Shows the parameters of the currently existing metrics. Note + that VM-specific metrics are only available when a + particular VM is running. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>setup</computeroutput> + </term> + + <listitem> + <para> + Sets the interval between taking two samples of metric data + and the number of samples retained internally. The retained + data is available for displaying with the + <command>query</command> subcommand. The + <computeroutput>--list</computeroutput> option shows which + metrics have been modified as the result of the command + execution. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>enable</computeroutput> + </term> + + <listitem> + <para> + Resumes data collection after it has been stopped with the + <command>disable</command> subcommand. Note that specifying + submetrics as parameters will not enable underlying metrics. + Use <computeroutput>--list</computeroutput> to find out if + the command worked as expected. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>disable</computeroutput> + </term> + + <listitem> + <para> + Suspends data collection without affecting collection + parameters or collected data. Note that specifying + submetrics as parameters will not disable underlying + metrics. Use <computeroutput>--list</computeroutput> to find + out if the command worked as expected. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>query</computeroutput> + </term> + + <listitem> + <para> + Retrieves and displays the currently retained metric data. + </para> + + <note> + <para> + The <command>query</command> subcommand does not remove or + flush retained data. If you query often enough you will + see how old samples are gradually being phased out by new + samples. + </para> + </note> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>collect</computeroutput> + </term> + + <listitem> + <para> + Sets the interval between taking two samples of metric data + and the number of samples retained internally. The collected + data is displayed periodically until Ctrl+C is pressed, + unless the <computeroutput>--detach</computeroutput> option + is specified. With the + <computeroutput>--detach</computeroutput> option, this + subcommand operates the same way as + <computeroutput>setup</computeroutput> does. The + <computeroutput>--list</computeroutput> option shows which + metrics match the specified filter. + </para> + </listitem> + </varlistentry> + + </variablelist> + + </sect1> + + <sect1 id="vboxmanage-natnetwork"> + + <title>VBoxManage natnetwork</title> + + <para> + NAT networks use the Network Address Translation (NAT) service, + which works in a similar way to a home router. It groups systems + using it into a network and prevents outside systems from directly + accessing those inside, while letting systems inside communicate + with each other and outside systems using TCP and UDP over IPv4 + and IPv6. + </para> + + <para> + A NAT service is attached to an internal network. Virtual machines + to make use of one should be attached to it. The name of an + internal network is chosen when the NAT service is created, and + the internal network will be created if it does not already exist. + The following is an example command to create a NAT network: + </para> + +<screen>VBoxManage natnetwork add --netname natnet1 --network "192.168.15.0/24" --enable</screen> + + <para> + Here, <computeroutput>natnet1</computeroutput> is the name of the + internal network to be used and + <computeroutput>192.168.15.0/24</computeroutput> is the network + address and mask of the NAT service interface. By default, in this + static configuration the gateway will be assigned the address + 192.168.15.1, the address after the interface address, though this + is subject to change. + </para> + + <para> + To add a DHCP server to the NAT network after creation, run the + following command: + </para> + +<screen>VBoxManage natnetwork modify --netname natnet1 --dhcp on</screen> + + <para> + The subcommands for <command>VBoxManage natnetwork</command> are + as follows: + </para> + +<screen>VBoxManage natnetwork add --netname <name> + [--network <network>] + [--enable|--disable] + [--dhcp on|off] + [--port-forward-4 <rule>] + [--loopback-4 <rule>] + [--ipv6 on|off] + [--port-forward-6 <rule>] + [--loopback-6 <rule>] + </screen> + + <para> + <command>VBoxManage natnetwork add</command>: Creates a new + internal network interface, and adds a NAT network service. This + command is a prerequisite for enabling attachment of VMs to the + NAT network. Parameters are as follows: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput>--netname <name></computeroutput> + </term> + + <listitem> + <para> + Where <name> is the name of the new internal network + interface on the host OS. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--network <network></computeroutput> + </term> + + <listitem> + <para> + Where <network> specifies the static or DHCP network + address and mask of the NAT service interface. The default + is a static network address. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--enable|--disable</computeroutput> + </term> + + <listitem> + <para> + Enables and disables the NAT network service. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--dhcp on|off</computeroutput> + </term> + + <listitem> + <para> + Enables and disables a DHCP server specified by + <computeroutput>--netname</computeroutput>. Use of this + option also indicates that it is a DHCP server. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--port-forward-4 <rule></computeroutput> + </term> + + <listitem> + <para> + Enables IPv4 port forwarding, with a rule specified by + <rule>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--loopback-4 <rule></computeroutput> + </term> + + <listitem> + <para> + Enables the IPv4 loopback interface, with a rule specified + by <rule>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--ipv6 on|off</computeroutput> + </term> + + <listitem> + <para> + Enables and disables IPv6. The default setting is IPv4, + disabling IPv6 enables IPv4. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--port-forward-6 <rule></computeroutput> + </term> + + <listitem> + <para> + Enables IPv6 port forwarding, with a rule specified by + <rule>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--loopback-6 <rule></computeroutput> + </term> + + <listitem> + <para> + Enables the IPv6 loopback interface, with a rule specified + by <rule>. + </para> + </listitem> + </varlistentry> + + </variablelist> + +<screen>VBoxManage natnetwork remove --netname <name> </screen> + + <para> + <command>VBoxManage natnetwork remove</command>: Removes a NAT + network service. Parameters are as follows: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput>--netname <name></computeroutput> + </term> + + <listitem> + <para> + Where <name> specifies an existing NAT network + service. Does not remove any DHCP server enabled on the + network. + </para> + </listitem> + </varlistentry> + + </variablelist> + +<screen>VBoxManage natnetwork modify --netname <name> + [--network <network>] + [--enable|--disable] + [--dhcp on|off] + [--port-forward-4 <rule>] + [--loopback-4 <rule>] + [--ipv6 on|off] + [--port-forward-6 <rule>] + [--loopback-6 <rule>] + </screen> + + <para> + <command>VBoxManage natnetwork modify</command>: Modifies an + existing NAT network service. Parameters are as follows: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput>--netname <name></computeroutput> + </term> + + <listitem> + <para> + Where <name> specifies an existing NAT network + service. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--network <network></computeroutput> + </term> + + <listitem> + <para> + Where <network> specifies the new static or DHCP + network address and mask of the NAT service interface. The + default is a static network address. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--enable|--disable</computeroutput> + </term> + + <listitem> + <para> + Enables and disables the NAT network service. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--dhcp on|off</computeroutput> + </term> + + <listitem> + <para> + Enables and disables a DHCP server. If a DHCP server is not + present, using enable adds a new DHCP server. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--port-forward-4 <rule></computeroutput> + </term> + + <listitem> + <para> + Enables IPv4 port forwarding, with a rule specified by + <rule>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--loopback-4 <rule></computeroutput> + </term> + + <listitem> + <para> + Enables the IPv4 loopback interface, with a rule specified + by <rule>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--ipv6 on|off</computeroutput> + </term> + + <listitem> + <para> + Enables and disables IPv6. The default setting is IPv4, + disabling IPv6 enables IPv4. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--port-forward-6 <rule></computeroutput> + </term> + + <listitem> + <para> + Enables IPv6 port forwarding, with a rule specified by + <rule>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>--loopback-6 <rule></computeroutput> + </term> + + <listitem> + <para> + Enables IPv6 loopback interface, with a rule specified by + <rule>. + </para> + </listitem> + </varlistentry> + + </variablelist> + +<screen>VBoxManage natnetwork start --netname <name> + </screen> + + <para> + <command>VBoxManage natnetwork start</command>: Starts the + specified NAT network service and any associated DHCP server. + Parameters are as follows: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput>--netname <name></computeroutput> + </term> + + <listitem> + <para> + Where <name> specifies an existing NAT network + service. + </para> + </listitem> + </varlistentry> + + </variablelist> + +<screen>VBoxManage natnetwork stop --netname <name> + </screen> + + <para> + <command>VBoxManage natnetwork stop</command>: Stops the specified + NAT network service and any DHCP server. Parameters are as + follows: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput>--netname <name></computeroutput> + </term> + + <listitem> + <para> + Where <name> specifies an existing NAT network + service. + </para> + </listitem> + </varlistentry> + + </variablelist> + +<screen>VBoxManage natnetwork list [<pattern>] </screen> + + <para> + <command>VBoxManage natnetwork list</command>: Lists all NAT + network services, with optional filtering. Parameters are as + follows: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput>[<pattern>]</computeroutput> + </term> + + <listitem> + <para> + Where <pattern> is an optional filtering pattern. + </para> + </listitem> + </varlistentry> + + </variablelist> + + </sect1> + + <sect1 id="vboxmanage-hostonlyif"> + + <title>VBoxManage hostonlyif</title> + + <para> + The <command>hostonlyif</command> command enables you to change + the IP configuration of a host-only network interface. For a + description of host-only networking, see + <xref linkend="network_hostonly" />. Each host-only interface is + identified by a name and can either use the internal DHCP server + or a manual IP configuration, both IP4 and IP6. + </para> + + <para> + The following list summarizes the available subcommands: + </para> + + <variablelist> + + <varlistentry> + <term> + <computeroutput>ipconfig "<name>"</computeroutput> + </term> + + <listitem> + <para> + Configures a host-only interface. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>create</computeroutput> + </term> + + <listitem> + <para> + Creates a new vboxnet<N> interface on the host OS. + This command is essential before you can attach VMs to a + host-only network. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <computeroutput>remove vboxnet<N></computeroutput> + </term> + + <listitem> + <para> + Removes a vboxnet<N> interface from the host OS. + </para> + </listitem> + </varlistentry> + + </variablelist> + + </sect1> + + <sect1 id="vboxmanage-dhcpserver"> + + <title>VBoxManage dhcpserver</title> + + <para> + The <command>dhcpserver</command> commands enable you to control + the DHCP server that is built into &product-name;. You may find + this useful when using internal or host-only networking. + Theoretically, you can also enable it for a bridged network, but + that may cause conflicts with other DHCP servers in your physical + network. + </para> + + <para> + Use the following command line options: + </para> + + <itemizedlist> + + <listitem> + <para> + If you use internal networking for a virtual network adapter + of a virtual machine, use <computeroutput>VBoxManage + dhcpserver add --netname + <network_name></computeroutput>, where + <computeroutput><network_name></computeroutput> is the + same network name you used with <computeroutput>VBoxManage + modifyvm <vmname> --intnet<X> + <network_name></computeroutput>. + </para> + </listitem> + + <listitem> + <para> + If you use host-only networking for a virtual network adapter + of a virtual machine, use <computeroutput>VBoxManage + dhcpserver add --ifname + <hostonly_if_name></computeroutput> instead, where + <computeroutput><hostonly_if_name></computeroutput> is + the same host-only interface name you used with + <computeroutput>VBoxManage modifyvm <vmname> + --hostonlyadapter<X> + <hostonly_if_name></computeroutput>. + </para> + + <para> + Alternatively, you can also use the <option>--netname</option> + option as with internal networks if you know the host-only + network's name. You can see the names with <command>VBoxManage + list hostonlyifs</command>. See + <xref linkend="vboxmanage-list" />. + </para> + </listitem> + + </itemizedlist> + + <para> + The following additional parameters are required when first adding + a DHCP server: + </para> + + <itemizedlist> + + <listitem> + <para> + With <computeroutput>--ip</computeroutput>, specify the IP + address of the DHCP server. + </para> + </listitem> + + <listitem> + <para> + With <computeroutput>--netmask</computeroutput>, specify the + netmask of the network. + </para> + </listitem> + + <listitem> + <para> + With <computeroutput>--lowerip</computeroutput> and + <computeroutput>--upperip</computeroutput>, you can specify + the lowest and highest IP address that the DHCP server will + assign to clients. + </para> + </listitem> + + </itemizedlist> + + <para> + You can specify additional DHCP options with the + <computeroutput>--options</computeroutput> command option. Use + <computeroutput>--id</computeroutput> and + <computeroutput>--value</computeroutput> to configure a number and + string pair corresponding to the DHCP option. Use + <computeroutput>--remove</computeroutput> to remove a DHCP option. + </para> + + <para> + The <computeroutput>--vm</computeroutput> and + <computeroutput>--nic</computeroutput> settings enable you to + configure DHCP options for a specific network adapter used by the + named VM. + </para> + + <para> + Finally, you must specify + <computeroutput>--enable</computeroutput> or the DHCP server will + be created in the disabled state and will not be running. + </para> + + <para> + After this, &product-name; will automatically start the DHCP + server for the specified internal network or host-only network as + soon as the first virtual machine which uses that network is + started. + </para> + + <para> + Use <command>VBoxManage dhcpserver remove</command> with the given + <computeroutput>--netname <network_name></computeroutput> or + <computeroutput>--ifname <hostonly_if_name></computeroutput> + to remove the DHCP server for the specified internal network or + host-only network. + </para> + + <para> + To modify the settings of a DHCP server created using + <command>VBoxManage dhcpserver add</command>, you can use + <command>VBoxManage dhcpserver modify</command> for a given + network or host-only interface name. This has the same parameters + as <command>VBoxManage dhcpserver add</command>. + </para> + + </sect1> + + <sect1 id="vboxmanage-usbdevsource"> + + <title>VBoxManage usbdevsource</title> + + <para> + The <command>usbdevsource</command> commands enable you to add and + remove USB devices globally. + </para> + + <para> + The following command adds a USB device. + </para> + +<screen>VBoxManage usbdevsource add <source name> + --backend <backend> + --address <address> + </screen> + + <para> + Where the command line options are as follows: + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput><source name></computeroutput>: + Specifies the ID of the source USB device to be added. + Mandatory. + </para> + </listitem> + + <listitem> + <para> + <computeroutput>--backend <backend></computeroutput>: + Specifies the USB proxy service backend to use. Mandatory. + </para> + </listitem> + + <listitem> + <para> + <computeroutput> --address <address></computeroutput>: + Specifies the backend specific address. Mandatory. + </para> + </listitem> + + </itemizedlist> + + <para> + The following command removes a USB device. + </para> + +<screen>VBoxManage usbdevsource remove <source name> + </screen> + + <para> + Where the command line options are as follows: + </para> + + <itemizedlist> + + <listitem> + <para> + <computeroutput><source name></computeroutput>: + Specifies the ID of the source USB device to be removed. + Mandatory. + </para> + </listitem> + + </itemizedlist> + + </sect1> + + <xi:include href="user_man_VBoxManage-mediumio.xml" xpointer="element(/1)" xmlns:xi="http://www.w3.org/2001/XInclude" /> + + <xi:include href="user_man_VBoxManage-debugvm.xml" xpointer="element(/1)" xmlns:xi="http://www.w3.org/2001/XInclude" /> + + <xi:include href="user_man_VBoxManage-extpack.xml" xpointer="element(/1)" xmlns:xi="http://www.w3.org/2001/XInclude" /> + + <xi:include href="user_man_VBoxManage-unattended.xml" xpointer="element(/1)" xmlns:xi="http://www.w3.org/2001/XInclude" /> + +</chapter> diff --git a/doc/manual/en_US/user_VirtualBoxAPI.xml b/doc/manual/en_US/user_VirtualBoxAPI.xml new file mode 100644 index 00000000..0633e540 --- /dev/null +++ b/doc/manual/en_US/user_VirtualBoxAPI.xml @@ -0,0 +1,37 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" + "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"[ +<!ENTITY % all.entities SYSTEM "all-entities.ent"> +%all.entities; +]> +<chapter id="VirtualBoxAPI"> + + <title>&product-name; Programming Interfaces</title> + + <para> + &product-name; comes with comprehensive support for third-party + developers. The so-called <emphasis>Main API</emphasis> of + &product-name; exposes the entire feature set of the virtualization + engine. It is completely documented and available to anyone who + wishes to control &product-name; programmatically. + </para> + + <para> + The Main API is made available to C++ clients through COM on Windows + hosts or XPCOM on other hosts. Bridges also exist for SOAP, Java and + Python. + </para> + + <para> + All programming information such as documentation, reference + information, header and other interface files, as well as samples + have been split out to a separate <emphasis role="bold">Software + Development Kit (SDK)</emphasis>. The SDK is available for download + from + <ulink url="http://www.virtualbox.org">http://www.virtualbox.org</ulink>. + In particular, the SDK comes with a Programming Guide and Reference + manual in PDF format. This manual contains, among other things, the + information that was previously in this chapter of the User Manual. + </para> + +</chapter> |
