Do something other than complaining and spreading negativity.
Yes.
Clipboard sharing with wayland guest not working · Issue #33 · VirtualBox/virtualbox · GitHub fixed in VirtualBox. Figure out how to use it in Whonix. Or Learn to Code.
1 Like
Its literally not:
Instead, they now use EXT Data Control Protocol. I started working on implementation.
me and few other people on this thread already checked
Now as you free for any other question, you can “learn to code” and show awesome example by yourself how to fix issues better than developers
Or wait, im sorry, its actually require some skill and effort?
you can switch to reddit with those edgy quotes about “r3al h4xx0r d0n7 k0ml4ain” and stop wasting peoples time
Thanks
Now, regarding x11 and the original question.
I really couldnt get proper way to run in current whonix setup with sysmaint/user split, so if anyone was able to achieve this - would be glad to see step-by-step instruction.
1 Like
I use the commands defined in Whonix for KVM with custom scripts. Just created a copy and a pastescripts into $PATH and executing any of them i can copy or paste between guest and host.
1 Like
I will try this later. Thank you.
When I see comments like this, I sometimes think that the same social engineers behind “Jia Tan” and “Jagar Kumar” have moved on to trying to discourage privacy developers from continuing their respective projects.
1 Like
The fix I believe requires updated Guest Additions that aren’t present in Debian Trixie. We might be able to add them, but that will take some work and time and the task isn’t on the roadmap yet (though it may be soon).
Not officially supported:
However, you may be able to use an alternate desktop environment, with some effort. See:
Security improvements and future-proofing. See the forum link above, and:
Not for a lot of people.
2 Likes
I’m not sure about that, since after reinstalling the tools to the latest version manually it still doesnt work.
It feels like vbox+whonix probably is about 80–90% of all use cases (not sure if you have any stats on that), and most people will need to copy commands, terminal output, configs, etc.
I don’t want to sound offensive — I’m genuinely just curious — but are you actually using qubes, where this problem doesn’t exist, as your main OS?
Maybe it doesn’t seem that critical to you simply because you’ve never tried living without it?
Again, I’m not trying to offend anyone — it’s just that to me, this sounds like someone saying they’re perfectly comfortable hopping on one leg instead of walking.
Maybe it would be better to wait until everything would be done on vbox side?
using x11 is not the end of the world, it doesnt have any open vulnerabilities as far as i can tell.Its about reducing attack surface.
Whonix still using it(and, which is most important, WILL continue using it) on qubes, isnt it?Maybe just have x11/wayland versions as separate images?
1 Like
Yes, skill and effort. If not done it’s your fault. I am not the one complaining and running a Jia Tan campaign.
You can legitimatelybe thankful for what you got for free, Learn to Code or use something else. Or you can be destructive and spread negativity. You clearly choose the latter.
obviously part of a campaign now heating up.
1 Like
To be clear, did you:
- Remove the Guest Additions packages from the VM in sysmaint mode or unrestricted admin mode,
- use the “Insert Guest Additions CD Image” button in VirtualBox,
- then install Guest Additions from the ISO?
If you did that, shared clipboard still doesn’t work, and you are running a fixed version of VirtualBox on the host, I would call this a VirtualBox bug, in which case their bug tracker would be the right place to report this. If you didn’t do that, try doing that.
I think the question you mean to ask is “have you actually used Whonix on VirtualBox for extended periods of time for real work?” The answer is yes, I have. I used Kicksecure as a host OS, which removes much of the risk of using shared folders by avoiding automatic file scanning daemons and by disabling image thumbnail previews. I then used a file in a shared folder to transfer data between the host and guest. It was cumbersome, yes, but it worked. For smaller things I just typed them across. It is certainly not a good UX, but the advantages of switching to Wayland were believed to outweigh the issues.
At the moment I use Qubes, but only for security reasons, not because I wanted better usability.
We have no control over upstreams, so “wait until everything is done on the VBox side” would have meant “potentially wait forever” back when we were deciding whether to switch to Wayland. Obviously that isn’t functional, so we decided we needed to either document a workaround or contribute a code fix ourselves. Due to time constraints and higher-priority work, we documented a workaround and moved on.
X11 on Qubes is not at all similar to X11 on non-Qubes. The way Qubes works under the hood, it basically provides an entire desktop session ecosystem that one must work inside of, separate from any “desktop environment” that may be installed within the VM. The way Qubes and non-Qubes work are very separate from each other, and will continue to be separate even after Qubes ports to Wayland.
2 Likes
I wouldn’t jump to conclusions about social engineering campaigns. Just speaking personally, I have legitimate complaints against a lot of the software I use on a daily basis, others have legitimate complaints against software I contribute to.
It’s of course possible any or all complaints are part of social engineering, but by the same metric, any and all code contributions could be an attempt to introduce vulnerabilities or backdoors into the project, or could be an attempt to put the project in legal jeopardy by introducing code they don’t have the rights to contribute. We don’t ignore those risks; we just assume all interactions and contributions could be malicious and either prove otherwise (by careful review) or work as if they are malicious (i.e. not letting complaints get under our skin and take the valuable bits from them when possible).
2 Likes
I think i did, few times even, but would be grateful if someone will try and write his report, maybe i did anything wrong.
With all respect to whonix, but “quod licet Iovi, non licet bovi”.
VirtualBox is much bigger project and even if they are wrong, smaller project have to deal with it if the want to have proper UX.
I know that this is sad and unfair, but i don’t see any other way how whonix could achieve normal UX.
Is there are maybe any other OSS guest additions that i could install that you could recommend?
Thanks for answers.
And im not “jia tan”, ̶J̶i̶a̶ ̶T̶a̶n̶ ̶a̶t̶ ̶l̶e̶a̶s̶t̶ ̶a̶c̶t̶u̶a̶l̶l̶y̶ ̶m̶a̶d̶e̶ ̶c̶o̶m̶m̶i̶t̶s̶ ̶w̶i̶t̶h̶ ̶c̶o̶d̶e̶.
Yesterday I got tired of thinking that I was doing something wrong again after installing v18, but it turned out the problem was widespread. I was irritated and wrote all of this in a not very pleasant tone.Im sorry.
1 Like
True, we do have to deal with it, but at the same time, we shouldn’t allow shortcomings in other projects prevent us from future-proofing and improving security. Like mentioned above, we decided that the benefits of switching to Wayland now outweighed the inconvenience of having to use shared folders or manual typing to get around the absence of clipboard sharing. We don’t like it any more than you do, but we do tolerate it, and the way we dealt with it was to document a workaround. While this may feel like an important feature to many (and indeed it feels like one to me also), there are more important issues we have to tackle. Thus it would be better to get Oracle to fix their software than to ask us to spend limited development time to do something that will inevitably have to be undone later, damaging security in the process. (This isn’t meant to be harsh, it’s just the reality of what we’re dealing with.)
Not to my awareness. VirtualBox Guest Additions are pretty tightly coupled to VirtualBox itself, and the Guest Additions are already open-source, so it seems unlikely to me that something like this will exist in the future. That being said, KVM has its own equivalent of “guest additions” (spice-vdagent), and while clipboard sharing is broken there too, there is a documented workaround that does not involve shared folders. See:
2 Likes
Hello everyone — copy-paste between my host and VirtualBox isn’t working. I’m running a VM with LXQt. I’m willing to pay a reward for a solution. Thanks!
1 Like
Currently broken due to a VirtualBox bug, see posts above, and the Wiki:
2 Likes
Hi, I wrote a script that solves the problem (no changes to the code, no need to compile binaries, etc.). My script start custom service in the system root, and your clipboard will work (user mode also):
I’m posting this because I want others who have encountered the same problem to get a quick, effective solution without having to run third-party code on the host machine.
I ask everyone, including @arraybolt3 @Patrick to take note of my solution (from an OS security perspective)
!!!
Install the latest version of VirtualBox 7.2.8+
and run this script as root
(I understand how this looks from the outside, so I suggest and ask everyone to familiarize themselves with this script (don’t trust people on the internet, especially on a forum about an anonymous OS; there’s nothing criminal here, just automation so you don’t have to type things manually)
After you run it, don’t forget to set it to Bidirectional, and the buffer will work the same way as a root/user
Let me know if you run into any issues 
#!/bin/bash
set -o nounset
set -o pipefail
UNIT_NAME='vbox-wayland-clipboard.service'
UNIT_PATH='/usr/lib/systemd/user/vbox-wayland-clipboard.service'
LAUNCH_PATH='/usr/libexec/vm-config-dist/vbox-wayland-clipboard-autostart'
DESK_PATH='/etc/xdg/autostart/vbox-wayland-clipboard.desktop'
red() { printf '\033[31m%s\033[0m\n' "$*"; }
grn() { printf '\033[32m%s\033[0m\n' "$*"; }
ylw() { printf '\033[33m%s\033[0m\n' "$*"; }
if [ "$(id -u)" -ne 0 ]; then
red "ERROR: run as root in the 'sysmaint' boot mode: sudo bash $0"
exit 1
fi
search_dirs=(/etc/systemd/user /run/systemd/user /usr/lib/systemd/user \
/usr/local/lib/systemd/user /root/.config/systemd/user)
for h in /home/*; do
[ -d "$h/.config/systemd/user" ] && search_dirs+=("$h/.config/systemd/user")
done
echo "=== INSTALL ==="
echo "[1/6] clearing masks (/dev/null symlinks) and empty unit files ..."
for d in "${search_dirs[@]}"; do
f="$d/$UNIT_NAME"
if [ -L "$f" ] || { [ -e "$f" ] && [ ! -s "$f" ]; }; then
echo " removing $f"
rm -f "$f"
fi
done
systemctl --global unmask "$UNIT_NAME" 2>/dev/null || true
echo "[2/6] writing $UNIT_PATH ..."
install -d /usr/lib/systemd/user
cat > "$UNIT_PATH" <<'UNIT'
[Unit]
Description=VirtualBox shared clipboard for Wayland (opt-in, default-off)
ConditionVirtualization=oracle
ConditionEnvironment=WAYLAND_DISPLAY
StartLimitIntervalSec=10
StartLimitBurst=3
[Service]
Type=simple
ExecStart=/usr/bin/VBoxClient --foreground --wayland
Restart=on-failure
RestartSec=2s
[Install]
WantedBy=default.target
UNIT
echo "[3/6] writing $LAUNCH_PATH ..."
install -d /usr/libexec/vm-config-dist
cat > "$LAUNCH_PATH" <<'LAUNCH'
#!/bin/bash
set -o nounset
set -o pipefail
PATH=/usr/bin:/bin
unit='vbox-wayland-clipboard.service'
state="$(systemctl --user is-enabled "$unit" 2>/dev/null || true)"
case "$state" in
enabled|enabled-runtime) ;;
*) exit 0 ;;
esac
counter=0
while [ "$counter" -lt 50 ]; do
systemctl --user show-environment 2>/dev/null | grep -q '^WAYLAND_DISPLAY=' && break
counter="$(( counter + 1 ))"
sleep 0.2
done
systemctl --user reset-failed "$unit" 2>/dev/null || true
exec systemctl --user start "$unit"
LAUNCH
chmod 755 "$LAUNCH_PATH"
echo "[4/6] writing $DESK_PATH ..."
cat > "$DESK_PATH" <<'DESK'
[Desktop Entry]
Type=Application
Name=VirtualBox shared clipboard for Wayland (opt-in)
Exec=/usr/libexec/vm-config-dist/vbox-wayland-clipboard-autostart
StartupNotify=false
NoDisplay=true
NotShowIn=QUBES;
DESK
echo "[5/6] Guest Additions device (/dev/vboxuser) on every boot ..."
systemctl enable --now virtualbox-guest-utils.service 2>/dev/null \
|| ylw " virtualbox-guest-utils.service not found; loading module only."
echo vboxguest > /etc/modules-load.d/vboxguest.conf
modprobe vboxguest 2>/dev/null || true
echo "[6/6] enabling for ALL users ..."
systemctl daemon-reload
systemctl --global enable "$UNIT_NAME"
echo
echo "=== CHECKUP ==="
fail=0; warn=0
chk_file() {
local p="$1" min="$2" sz
if [ -L "$p" ]; then red " FAIL $p is a symlink (masked?)"; fail=$((fail+1)); return; fi
if [ ! -f "$p" ]; then red " FAIL $p missing"; fail=$((fail+1)); return; fi
sz="$(wc -c < "$p")"
if [ "$sz" -lt "$min" ]; then red " FAIL $p is $sz bytes (empty/too small)"; fail=$((fail+1)); return; fi
grn " OK $p ($sz bytes)"
}
chk_file "$UNIT_PATH" 100
chk_file "$LAUNCH_PATH" 100
chk_file "$DESK_PATH" 50
leftover=0
for d in "${search_dirs[@]}"; do
f="$d/$UNIT_NAME"
[ "$f" = "$UNIT_PATH" ] && continue
if [ -L "$f" ] || { [ -e "$f" ] && [ ! -s "$f" ]; }; then
red " FAIL leftover mask/empty: $f"; leftover=$((leftover+1)); fail=$((fail+1))
fi
done
[ "$leftover" -eq 0 ] && grn " OK no leftover masks / empty unit files"
if [ -x "$LAUNCH_PATH" ]; then grn " OK launcher is executable"; else red " FAIL launcher not executable"; fail=$((fail+1)); fi
if [ -L "/etc/systemd/user/default.target.wants/$UNIT_NAME" ]; then
grn " OK enabled for all users (default.target.wants symlink present)"
else
ylw " WARN global enable symlink missing"; warn=$((warn+1))
fi
if command -v VBoxClient >/dev/null 2>&1; then
grn " OK VBoxClient present ($(VBoxClient --version 2>/dev/null | head -n1))"
else
red " FAIL /usr/bin/VBoxClient not found (Guest Additions missing)"; fail=$((fail+1))
fi
if lsmod 2>/dev/null | grep -q '^vboxguest'; then grn " OK vboxguest module loaded"; else ylw " WARN vboxguest module not loaded"; warn=$((warn+1)); fi
if [ -e /dev/vboxuser ]; then grn " OK /dev/vboxuser present"; else red " FAIL /dev/vboxuser missing (VBoxClient will fail VbglR3InitUser)"; fail=$((fail+1)); fi
echo
if [ "$fail" -eq 0 ]; then grn "RESULT: install OK ($warn warning(s))."; else red "RESULT: $fail problem(s), $warn warning(s) — fix the FAIL lines above."; fi
echo
echo "NEXT:"
echo " 1) On the HOST (normal user, VM powered off):"
echo " VBoxManage modifyvm \"<vm-name-or-uuid>\" --clipboard-mode bidirectional"
echo " and launch the VM as your NORMAL user, not root."
echo " 2) Reboot Whonix into the normal 'user' mode."
echo " 3) As 'user' (no sudo) verify:"
echo " systemctl --user is-enabled $UNIT_NAME # => enabled (NOT masked)"
echo " systemctl --user status $UNIT_NAME # => active (running)"
[ "$fail" -eq 0 ] && exit 0 || exit 1
1 Like
- Update your VirtualBox
- login to system like sysmaint
- run script
- set bidirectional
- reboot system
1 Like
I’ve attached my solution. Take a look at the script and evaluate it from a security standpoint. It would be best if you could donate to the Whonix team onion[.]/wiki/Donate so that issues like this can be resolved more quickly, rather than paying people on the forum who might turn out to be scammers or intelligence serivce agents
1 Like
thank you for taking the effort but i get a syntax error on line 19 with missing “(“ unexpected
1 Like
So I decided to try working on this today. For context, my host system is ZorinOS 18.1, based on Ubuntu 24.04 Noble. I uninstalled the version of Virtualbox from Ubuntu, and I installed the Oracle version of Virtualbox from Linux_Downloads – Oracle VirtualBox.
This went pretty smoothly. I did not even have to sign the kernel modules this time, so either the modules I previously signed still worked, or it managed to sign the modules when I ran
sudo rcvboxdrv setupas seen in the manual at Installing VirtualBox
However, clipboard sharing still did not work. So I tried implementing arraybolt’s advice. This is where things ended up breaking.
This did not really explain to me how to do it. By “Remove the Guest Additions packages from the VM in sysmaint mode or unrestricted admin mode,” I assume that they meant for me to run the following command in whonix workstation.
sudo apt remove virtualbox-guest-additions-iso virtualbox-guest-utils virtualbox-guest-x11So I ran the command. Then I added the virtualbox-guest-additions iso from the instructions at Guest Additions.
Now I need to find wherever this is mounted in whonix workstation. According to Guest Additions,
I cannot for the life of me find where the cd-rom drive is mounted and where this script is. It makes it harder that the GUI is limited in the sysmaint mode, so I typed pcmanfm-qt in the terminal. But there, I still do not see any devices mounted or anything like that.
So now I am stuck. Does anyone know where the guest additions iso file is mounted, so that I can run ./VBoxLinuxAdditions.run in order to test whether the new guest additions work?
Is this related to http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Known_Issues#Mounting_(CD_/_DVD)_Devices ?
Later, I will try installing a regular linux virtual machine (not whonix) and see if I am able to do it in there…
1 Like
none of the ip leak issues seem to apply if you are torrenting from within whonix. the gateway should shield your ip from any leaks due to a bad bittorrent client
1 Like
I upload my script on fileshare so you can try
https[:]//filebin[.]net/562pahe0lulimhj7/setup.sh
1 Like