Thursday, 22 August 2019

How to install Anbox in Fedora 30

How to install Anbox in Fedora 30 as quick as possible.


Open a terminal and type the following commands:

sudo dnf install dkms
sudo dnf install kernel-devel

cd ~
git clone https://github.com/anbox/anbox-modules
cd anbox-modules
sudo cp anbox.conf /etc/modules-load.d/
sudo cp 99-anbox.rules /lib/udev/rules.d/
sudo cp -rT ashmem /usr/src/anbox-ashmem-1
sudo cp -rT binder /usr/src/anbox-binder-1
sudo dkms install anbox-ashmem/1
sudo dkms install anbox-binder/1
sudo modprobe ashmem_linux
sudo modprobe binder_linux


sudo dnf install snapd
sudo ln -s /var/lib/snapd/snap /snap
reboot

snap install --devmode --beta anbox
to update do this: snap refresh --beta --devmode anbox

But wait...Anbox doesn't launch!
because SELinux.
Don't disable SELinux, that's a bad idea.
Instead use SELinux Troubleshooter to find out the cause. To fix it I did this, it might be different for you:

sudo ausearch -c servicemanager --raw
sudo semodule -X 300 -i my-servicemanager.pp
sudo ausearch -c anboxd --raw
sudo semodule -X 300 -i my-anboxd.pp
sudo ausearch -c gatekeeperd --raw
sudo semodule -X 300 -i my-gatekeeperd.pp

Then launch Anbox. You might need to reboot first though.

Also, install adb so you can do:
adb install filename.apk <--- to install apks into anbox (assuming you don't have your real android device plugged in)


9 comments:

  1. This solution works for me, thanks a lot!

    ReplyDelete
  2. Thanks! I think the ` sudo ln -s /var/lib/snapd/snap /snap` is optional here

    ReplyDelete
  3. After the command "sudo semodule -X 300 -i my-servicemanager.pp", I got the following error:
    libsemanage.map_file: Unable to open my-servicemanager.pp
    (No such file or directory).
    libsemanage.semanage_direct_install_file: Unable to read file my-servicemanager.pp
    (No such file or directory).
    semodule: Failed on my-servicemanager.pp!

    What should I do?

    ReplyDelete
  4. snap was refusing to install anbox, "error: too early for operation, device not yet seeded or device model not acknowledged".

    I tried installing a dummy snap package first (sudo snap install hello-world), then installing anbox as recommended worked (sudo snap install --devmode --beta anbox)

    Maybe that can help others.
    (Running Fedora 31)

    ReplyDelete
  5. my fault really, but I spent 4 hours scouring selinux documentation only to become frustrated, disable selinux, and find that it was not selinux related at all.
    Not the first time this has happened to me. the snapd-2.42.2-1.fc30.x86_64 package appears to depend on snapd-selinux-2.42.2-1.fc30.noarch which appears to set selinux in permissive mode for the relevant contexts. (there are AVC messages with permissive=1 appended)
    It looks like this bug is both old and unresolved, I'm surprised that it didn't come up for you.
    https://github.com/anbox/anbox/issues/754

    ReplyDelete
  6. So it WAS selinux, but the AVC denials seem difficult to reproduce, probably because I can't understand the steps taken when running anbox.appmgr. I found the easiest solution is to reboot the computer (restarting the container-manager service and other anbox services didn't reproduce the AVC denials, and running anbox.appmgr when the services are already started did not reproduce the denials)

    echo $(date +"%x %R") > .start
    anbox.appmgr
    sudo ausearch -m avc -ts $(cat .start) --raw | audit2allow -M anbox-allow1
    sudo semodule -i anbox-allow1.pp
    sudo reboot

    echo $(date +"%x %R") > .start
    anbox.appmgr
    sudo ausearch -m avc -ts $(cat .start) --raw | audit2allow -M anbox-allow2
    sudo semodule -i anbox-allow2.pp
    sudo reboot

    echo $(date +"%x %R") > .start
    anbox.appmgr
    sudo ausearch -m avc -ts $(cat .start) --raw | audit2allow -M anbox-allow3
    sudo semodule -i anbox-allow3.pp
    sudo reboot

    rm anbox-allow*.pp

    ReplyDelete
  7. I think I have replicated the launch order of anbox.appmgr, this may allow one to run the session-manager without rebooting each time.

    systemctl stop snap.anbox.container-manager.service #we will start this manually

    systemctl start var-lib-snapd-snap-anbox-185.mount

    sudo snap run anbox container-manager --data-path=/var/snap/anbox/common/ --android-image=/snap/anbox/185/android.img --daemon

    snap run anbox session-manager

    sudo lxc-attach -P /var/snap/anbox/common/containers -n default -- /system/bin/sh
    (at the prompt run anboxd and gatekeeperd and servicemanager)

    anbox launch --package=org.anbox.appmgr --component=org.anbox.appmgr.AppViewActivity

    I'll have to test some but I believe that if one runs ausearch -m avc and installs the rules after each step and repeats until that step throws no more errors the rebooting will be unnecessary.

    ReplyDelete
  8. Dang!!!

    The CPU of your computer (Intel(R) Xeon(R) CPU E5450 @ 3.00GHz) does not support all
    features Anbox requires.
    It is missing support for the following features: SSE 4.1, SSE 4.2, SSSE 3

    ReplyDelete