「Anbox」の版間の差分

提供: ArchWiki
ナビゲーションに移動 検索に移動
(→‎Prerequisite: 最新に差し替え)
(アーカイブ)
タグ: 新規リダイレクト
 
(同じ利用者による、間の8版が非表示)
1行目: 1行目:
  +
#redirect [[ArchWiki:アーカイブ]]
[[Category:仮想化]]
 
[[Category:Android]]
+
[[Category:アーカイブ]]
[[en:Anbox]]
 
[[ru:Anbox]]
 
{{Related articles start}}
 
{{Related|Linux Containers}}
 
{{Related articles end}}
 
Anbox は GNU/Linux ディストリビューションで Android を実行するための [[Linux_Containers|コンテナベース]] のソフトウェアです。
 
 
== Prerequisite ==
 
 
To use anbox-style packages you need two kernel modules named 'binder' and 'ashmem'.
 
 
They are not activated in Arch Linux's default kernel ({{Pkg|linux}}), thus you need to either install a kernel which ships these modules or (re)build a kernel, or use dkms to install the kernel modules seperately.
 
See below for further details.
 
 
You might also need to configure your bootloader to use a different kernel. Please refer to the wiki page of your bootloader how to boot with the new kernel. Booting into another kernel (version) is one of the few occasions when you have to reboot a Linux system. You should boot into the kernel that includes the modules before starting Anbox.
 
 
=== Module installation options ===
 
 
To get a compatible kernel, you have the following options:
 
 
==== Using Linux-Zen ====
 
 
The {{Pkg|linux-zen}} kernel includes the necessary modules out of the box.
 
 
==== Installing anbox-modules-dkms ====
 
 
Currently, the dkms modules have been updated to work for kernels up to and including version 5.13. Please note, that using ''KProbes'' may have security implications and you should be aware of certain risks involved with this software, see [[#Security|Security]].
 
 
If you wish to use anbox related projects, the {{Pkg|linux-lts}} plus {{aur|anbox-modules-dkms}} works up to kernel 5.13.
 
 
The {{aur|anbox-modules-dkms}} package will install both binder & ashmem as '''kernel modules'''.
 
 
Run the following commands as root to activate binder and ashmem:
 
 
$ modprobe binder_linux devices=binder,hwbinder,vndbinder,anbox-binder,anbox-hwbinder,anbox-vndbinder
 
$ modprobe ashmem_linux
 
 
After loading the modules, you may also need to mount binder:
 
 
$ mkdir -p /dev/binderfs
 
$ mount -t binder binder /dev/binderfs
 
 
===== Security =====
 
 
In an LWN news post, Jonathan Corbet noted that {{ic|kallsyms_lookup_name()}} was to be unexported. See https://lwn.net/Articles/813350/
 
 
''"One of the basic rules of kernel-module development is that modules can only access symbols (functions and data structures) that have been explicitly exported. Even then, many symbols are restricted so that only modules with a GPL-compatible license can access them."''
 
 
This caused anbox-modules to no longer build, as this was an out-of-tree user of {{ic|kallsyms_lookup_name()}}
 
 
Therefore, to use anbox related software with '''kernel modules''', there is a [https://github.com/choff/anbox-modules/commit/4af9d5d591f33a0d8d7fb0735e280fa51ccef53e maintained fork of anbox-modules by C. Hoff] which explains the issue, with anbox in mind:
 
 
On kernel 5.7 and later, kallsyms_lookup_name() can no longer be called from a kernel module for reasons described here: https://lwn.net/Articles/813350/ As binder really needs to use kallsysms_lookup_name() to access some kernel functions that otherwise wouldn't be accessible, KProbes are used on later kernels to get the address of kallsysms_lookup_name(). The function is afterwards used just as before. This is a very dirty hack though and the much better solution would be if all the functions that are currently resolved with kallsysms_lookup_name() would get an EXPORT_SYMBOL() annotation to make them directly accessible to kernel modules.
 
 
See also, https://github.com/anbox/anbox-modules/pull/76.
 
 
==== Building a kernel ====
 
 
The necessary modules are included in the source code of most regular kernels, but need to be activated in the kernel config file.
 
After that you need to (re)build the kernel, see [[Kernel#Compilation]].
 
 
Add or modify the following options in the kernel config file:
 
 
CONFIG_ASHMEM=y
 
CONFIG_ANDROID=y
 
CONFIG_ANDROID_BINDER_IPC=y
 
CONFIG_ANDROID_BINDERFS=y
 
CONFIG_ANDROID_BINDER_DEVICES="binder,hwbinder,vndbinder"
 
CONFIG_SW_SYNC=y
 
CONFIG_UHID=m
 
 
With your new kernel, you will need to append the following to your boot arguments:
 
 
{{ic|<nowiki>binder.devices=binder,hwbinder,vndbinder,anbox-binder,anbox-hwbinder,anbox-vndbinder</nowiki>}}
 
 
When setting compilation options, you have 2 options available: binder and binderfs. Instructions for both are provided below:
 
 
===== Using binder =====
 
 
The modules can either be compiled into the kernel ({{ic|y}}), into modules ({{ic|m}}), or not at all ({{ic|n}}). Also, not all combinations in the configuration are possible, and some options will require other options.
 
 
The configuration options below will compile ashmem and binder into the kernel, while the last option specifies that there will be three devices created in the {{ic|/dev/}} directory, when the binder module is loaded.
 
 
{{bc|1=
 
CONFIG_ASHMEM=y
 
CONFIG_ANDROID=y
 
CONFIG_ANDROID_BINDER_IPC=y
 
CONFIG_ANDROID_BINDERFS=y
 
CONFIG_ANDROID_BINDER_DEVICES="binder,hwbinder,vndbinder"
 
CONFIG_SW_SYNC=y
 
CONFIG_UHID=m
 
}}
 
 
When building a kernel from the AUR, one can update the configuration with the following steps:
 
 
# run {{ic|makepkg --nobuild}}, which will download the sources, verify and extract them and run the {{ic|prepare()}} function.
 
# edit the {{ic|.config}} file (with the dot in the filename), which is located at the base of the kernel directory.
 
# at the end of the {{ic|prepare()}} function was probably a command which regenerates the makefiles with information from the configuration, possibly {{ic|make olddefconfig}}. Move that to the {{ic|build()}} function, or execute it yourself.
 
# run {{ic|makepkg --noextract}}, which will continue from the place where {{ic|makepkg --nobuild}} stopped.
 
 
===== Using binderfs =====
 
 
Not everybody was happy with the binder module in Linux. To address the issues, binderfs was created. One has to choose between the old and the new way when compiling the kernel. With the options below, one will use binderfs instead.
 
 
With the kernel sources comes also a simple script to set configuration options. It will not do dependency checks, just like when editing the configuration by hand. When being in the same directory where the {{ic|.config}} file lies, one can execute the following commands:
 
 
{{bc|
 
scripts/config --module CONFIG_ASHMEM
 
scripts/config --enable CONFIG_ANDROID
 
scripts/config --enable CONFIG_ANDROID_BINDER_IPC
 
scripts/config --enable CONFIG_ANDROID_BINDERFS
 
scripts/config --set-str CONFIG_ANDROID_BINDER_DEVICES ""
 
}}
 
 
When building a kernel from the AUR, it is enough to insert these lines at the right place in the [[PKGBUILD]], usually in {{ic|prepare()}}.
 
 
=== Loading the kernel modules ===
 
 
==== Load binder ====
 
 
When a kernel provides them as build-in, you do not need to manually load them. The {{Pkg|linux-zen}} kernel is one of those and loading is not required.
 
If the used kernel has them build as modules, they need to be explicitly loaded as Anbox does not load them on demand; starting an app will fail if they are not loaded.
 
 
To load them right now, use:
 
 
# modprobe -a binder-linux ashmem-linux
 
 
To automatically load them at boot, one can load them via the {{ic|systemd-modules-load.service}}. To do so, create a file inside {{ic|/etc/modules-load.d/}}, which contains the lines:
 
 
{{hc|/etc/modules-load.d/anbox.conf|
 
ashmem_linux
 
binder_linux
 
}}
 
 
==== Mounting binderfs ====
 
 
If your kernel uses binderfs, there is one more step to do: Mounting a binder filesystem.
 
 
Firstly, you will need a mountpoint. By default, Anbox will look at {{ic|/dev/binderfs}}. You can create that directory now, but it will be removed at boot time.
 
 
You can use [[systemd-tmpfiles]] to create this directory at boot time. For that, create a file in {{ic|/etc/tmpfiles.d/}} with the content:
 
 
{{hc|/etc/tmpfiles.d/anbox.conf|
 
d! /dev/binderfs 0755 root root
 
}}
 
 
Secondly, you need to mount the binder filesystem. This can be done by
 
 
# mount -t binder none /dev/binderfs
 
 
To mount it always at boot, add a line in the [[fstab]]. Using the option {{ic|nofail}} here will not greet you with a recovery shell when you are booting a kernel without binderfs support (such as the standard kernel).
 
 
{{hc|/etc/fstab|
 
none /dev/binderfs binder nofail 0 0
 
}}
 
 
== インストール ==
 
 
=== Install an Android Image ===
 
 
{{Note|The images are outdated (based on Android 7.1). For now there are no newer images available from upstream. See also [[Talk:Anbox#Anbox-Images outdated]].}}
 
 
[[Install]] one of these images:
 
 
* {{AUR|anbox-image}} (official Anbox image)
 
* {{AUR|anbox-image-houdini}} (includes Houdini)
 
* {{AUR|anbox-image-houdini-rooted}} (includes Houdini and SuperSU)
 
* {{AUR|anbox-image-gapps}} (includes Houdini and OpenGApps)
 
* {{AUR|anbox-image-gapps-rooted}} (includes Houdini, OpenGApps and SuperSU)
 
* You can find more images in the [[AUR]], search for [https://aur.archlinux.org/packages/?K=anbox-image anbox-image].
 
 
{{Tip |
 
* Generally, one needs Houdini to run ARM applications on a x86_64 computer.
 
* If you want Google apps, OpenGApps is a good way to go. }}
 
 
=== Install Anbox ===
 
 
[[Install]] the {{AUR|anbox-git}} package.
 
 
Afterwards, [[start/enable]] {{ic|anbox-container-manager.service}}.
 
 
You have now all the required steps done to use Anbox! In the menu of your desktop environment, you should find several entries in the category ''Others'', which can now be launched.
 
 
The first call will take longer. Behind the scenes, {{ic|anbox session-manager}} will be launched. For testing purposes, you can also execute {{ic|anbox session-manager}} manually in a terminal. That is '''very''' useful if anbox crashes and you want to report or fix the bug. Just launch it, and wait until it crashes (if ever).
 
 
There is also a ''systemd'' unit for users, which can be used to start the session-manager on bootup; [[start/enable]] the {{ic|anbox-session-manager.service}} user unit. An advantage of this unit is that logs can be found in the event of a crash:
 
 
$ journalctl --user -b -u anbox-session-manager
 
 
Keep in mind though, that when it crashes and you start a new app, it will also start the session-manager, but it will be run independently from ''systemd''.
 
 
== Network ==
 
 
=== Via NetworkManager ===
 
 
If you are using [[NetworkManager]] you can use it to configure the networking.
 
 
Execute the following command to create the bridge connection:
 
 
$ nmcli con add type bridge ifname anbox0 -- connection.id anbox-net ipv4.method shared ipv4.addresses 192.168.250.1/24
 
 
* {{ic|ifname anbox0}} specifies the bridge interface name, in this case {{ic|anbox0}}. Do not change this as Anbox will only detect the bridge interface if it is named {{ic|anbox0}}.
 
* {{ic|connection.id anbox-net}} specifies the name of the connection to be {{ic|anbox-net}} when it appears in [[NetworkManager]]. You can change this if you wish.
 
* {{ic|ipv4.method shared}} instructs [[NetworkManager]] to create a NAT network and route outgoing packets according to the system routing rules. For that, the {{Pkg|dnsmasq}} package is required. [[dnsmasq]] does not needs to be configured or be started as systemd service, it will be used behind the scenes by NetworkManager — if it is not available, this step will fail silently. You can leave this and the {{ic|ipv4.addresses}} parameter out if you wish to attach the Anbox container directly to a specific network, see [[Network bridge#With NetworkManager]]. If you choose this option, you must also change the network configuration of the container in {{ic|anbox-container-manager.service}}, see the next bullet point.
 
* {{ic|ipv4.addresses 192.168.250.1/24}} specifies the default gateway and subnet of the NAT network. If you wish to change this (e.g. to {{ic|192.168.42.1/24}}) you must also indicate the new subnet to anbox in the {{ic|anbox-container-manager.service}} using: {{ic|1=--container-network-address=192.168.42.2/24 --container-network-gateway=192.168.42.1}}
 
 
[[NetworkManager]] will automatically setup the bridge every reboot so you only need to execute the command once.
 
 
=== Via systemd-networkd ===
 
 
The package {{AUR|anbox-git}} provides configuration files for {{ic|systemd-networkd}} in {{ic|/usr/lib/systemd/network/}} to enable networking in anbox.
 
 
Therefore, you can [[start/enable]] {{ic|systemd-networkd}} before starting {{ic|anbox-container-manager.service}}.
 
 
=== Via anbox-bridge script ===
 
 
Alternatively you can use the anbox-bridge script [https://raw.githubusercontent.com/anbox/anbox/master/scripts/anbox-bridge.sh used by the project].
 
 
You must execute {{ic|anbox-bridge}} every time before starting {{ic|anbox-container-manager.service}} in order to get network working in Anbox. The easiest solution for that is to create a drop-in file for the service.
 
 
{{hc|/etc/systemd/system/anbox-container-manager.service.d/enable-anbox-bridge.conf|2=
 
[Service]
 
ExecStartPre=/usr/bin/anbox-bridge start
 
ExecStopPost=/usr/bin/anbox-bridge stop
 
}}
 
 
== 使用方法 ==
 
 
anbox 内でネットワークを使えるようにするため {{ic|anbox}} を起動する前に毎回 {{ic|anbox-bridge}} を実行してください。
 
 
それから、デスクトップランチャーの '''Other''' カテゴリから android アプリケーションを実行できます。
 
 
adb を使ってデバッグしたい場合、{{Pkg|android-tools}} をインストールしてください。
 
 
$ adb shell
 
 
=== Installing apps ===
 
 
Unless you picked an image with Houdini, Anbox does not have support for ARM applications. So apps must have a x86_64 architecture.
 
 
==== Through adb ====
 
 
To install {{ic|''/path/to/app.apk''}}
 
 
$ adb install ''/path/to/app.apk''
 
 
To get the list of installed applications
 
 
$ adb shell pm list packages
 
 
Note that output will be similar to {{ic|''package:app.name''}}, where {{ic|''app.name''}} is different from the one displayed in the Anbox container.
 
 
To uninstall {{ic|''app.name''}}
 
 
$ adb uninstall ''app.name''
 
 
If {{ic|''app.name''}} is a system app
 
 
$ adb uninstall --user 0 ''app.name''
 
 
==== Through apps stores ====
 
 
Apps can be easily installed through apps stores. In {{AUR|anbox-image-gapps}} PlayStore is included.
 
 
=== Sensor data ===
 
 
Via dbus different sensors can be set. Documentation on that can be found at
 
[https://github.com/anbox/anbox/blob/master/docs/dbus.md dbus.md].
 
 
==== Temperature data ====
 
 
That is the example from the author (PRs [https://github.com/anbox/anbox/pull/1522 #1522] & [https://github.com/anbox/anbox/pull/1522 #1540]):
 
 
$ dbus-send --session --dest=org.anbox --print-reply /org/anbox org.freedesktop.DBus.Properties.Set string:org.anbox.Sensors string:Temperature variant:double:25.1
 
 
==== GPS data ====
 
 
(introduced by PR [https://github.com/anbox/anbox/pull/1606 #1606])
 
 
GPS sensor data can also be manipulated.
 
 
If your PC has a WWAN card, you can use {{Pkg|gpsd}} and the code from the PR to feed Anbox with GPS data. You do not need to have a SIM-Card for GPS.
 
 
Otherwise, you can also look at the PR to learn how to feed it fake data with the help of [https://www.nmeagen.org].
 
 
=== Root shell ===
 
 
With this [https://github.com/anbox/anbox/blob/master/scripts/anbox-shell.sh script] from the Anbox project one can get a root shell inside the Android container.
 
 
It is not part of the {{AUR|anbox-git}} package, and it also does not use [[adb]].
 
 
== Tips and tricks ==
 
 
=== Android developer options ===
 
 
Some extra steps need to be done besides unlocking them the same way you do on an android phone.
 
When installing the [[#Install Android Image|android image]], some modifications to {{ic|products/anbox.xml}} are required:
 
 
* {{ic|1=<unavailable-feature name="android.hardware.usb.host" />}} is the reason why they are not available.
 
* {{ic|1=<feature name="android.software.backup" />}} will be needed too, to avoid a NullPointerException.
 
 
(reference: [https://github.com/anbox/anbox/issues/444 Github issue #444])
 
 
=== Getting debugging information ===
 
 
Obviously, it is helpful to have debugging symbols in the Anbox build. For that, when [[#Install Anbox|compiling Anbox]], add {{ic|1=options=('!strip')}} to the PKGBUILD, as by default they are removed. And, use either {{ic|1=-DCMAKE_BUILD_TYPE=RelWithDebInfo}} or {{ic|1=-DCMAKE_BUILD_TYPE=Debug}} in the cmake call.
 
 
But there is more to it! Anbox uses [https://github.com/anbox/anbox/tree/master/external/backward-cpp backward-cpp]. If you do not delete the build files for Anbox, it will print pretty stack traces when crashing, which point out the places in the source code.
 
 
Also see the remarks in [[#Install Anbox|Install Anbox]].
 
 
== Troubleshooting ==
 
 
If you run into issues, take a look at the official Issue Tracker: [https://github.com/anbox/anbox/issues]
 
 
=== Old CPUs ===
 
 
Anbox requires support for SSE 4.1/4.2 and SSSE 3, because Android wants that too.
 
Some older CPUs do not provide that, so you probably cannot use Anbox, see:
 
[https://github.com/anbox/anbox/issues/499#issuecomment-399118684 Anbox Github Issue 499].
 
 
=== Secure Boot error ===
 
 
If you get this error message:
 
 
modprobe: ERROR: could not insert 'ashmem_linux': Operation not permitted
 
 
[[Secure Boot]] is likely blocking the module.
 
You can either disable Secure Boot or sign the ashmem module yourself.
 
 
More info can be found in the [https://github.com/anbox/anbox/blob/master/docs/install.md#on-ubuntu-1904-and-later Anbox Github Docs].
 
 
== See also ==
 
 
* [https://github.com/anbox/anbox Official Anbox Github Repo]
 
* [https://anbox.io/ Anbox Website]
 
* [https://mm.gravedo.de/blog/posts/2020-01-21-taking-the-anbox-journey-to-the-next-level Posting by the main Anbox developer]
 
* [https://brauner.github.io/2019/01/09/android-binderfs.html Explanation about binderfs]
 

2024年9月7日 (土) 20:42時点における最新版