Thursday 22 August 2019

How to install Anbox in Fedora 30

Update Nov 21 2020: I fixed the SELinux commands in this article as they were incomplete and caused some confusion. Sorry about that.

How to install Anbox in Fedora 30 as quick as possible.


Open a terminal and type the following commands:

sudo dnf install dkms
sudo dnf install kernel-devel

cd ~
git clone https://github.com/anbox/anbox-modules
cd anbox-modules
sudo cp anbox.conf /etc/modules-load.d/
sudo cp 99-anbox.rules /lib/udev/rules.d/
sudo cp -rT ashmem /usr/src/anbox-ashmem-1
sudo cp -rT binder /usr/src/anbox-binder-1
sudo dkms install anbox-ashmem/1
sudo dkms install anbox-binder/1
sudo modprobe ashmem_linux
sudo modprobe binder_linux


sudo dnf install snapd
sudo ln -s /var/lib/snapd/snap /snap
reboot

snap install --devmode --beta anbox
to update do this: snap refresh --beta --devmode anbox

But wait...Anbox doesn't launch!
because SELinux.
Don't disable SELinux, that's a bad idea.
Instead use SELinux Troubleshooter to find out the cause. To fix it I did this, it might be different for you:

sudo ausearch -c servicemanager --raw | audit2allow -M my-servicemanager
sudo semodule -X 300 -i my-servicemanager.pp
sudo ausearch -c anboxd --raw | audit2allow -M my-anboxd
sudo semodule -X 300 -i my-anboxd.pp
sudo ausearch -c gatekeeperd --raw | audit2allow -M my-gatekeeperd
sudo semodule -X 300 -i my-gatekeeperd.pp

Then launch Anbox. You might need to reboot first though.

Also, install adb so you can do:
adb install filename.apk <--- to install apks into anbox (assuming you don't have your real android device plugged in)


20 comments:

  1. This solution works for me, thanks a lot!

    ReplyDelete
  2. Thanks! I think the ` sudo ln -s /var/lib/snapd/snap /snap` is optional here

    ReplyDelete
  3. After the command "sudo semodule -X 300 -i my-servicemanager.pp", I got the following error:
    libsemanage.map_file: Unable to open my-servicemanager.pp
    (No such file or directory).
    libsemanage.semanage_direct_install_file: Unable to read file my-servicemanager.pp
    (No such file or directory).
    semodule: Failed on my-servicemanager.pp!

    What should I do?

    ReplyDelete
  4. snap was refusing to install anbox, "error: too early for operation, device not yet seeded or device model not acknowledged".

    I tried installing a dummy snap package first (sudo snap install hello-world), then installing anbox as recommended worked (sudo snap install --devmode --beta anbox)

    Maybe that can help others.
    (Running Fedora 31)

    ReplyDelete
    Replies
    1. Just type 'sudo snap install' instead of snap

      Delete
  5. my fault really, but I spent 4 hours scouring selinux documentation only to become frustrated, disable selinux, and find that it was not selinux related at all.
    Not the first time this has happened to me. the snapd-2.42.2-1.fc30.x86_64 package appears to depend on snapd-selinux-2.42.2-1.fc30.noarch which appears to set selinux in permissive mode for the relevant contexts. (there are AVC messages with permissive=1 appended)
    It looks like this bug is both old and unresolved, I'm surprised that it didn't come up for you.
    https://github.com/anbox/anbox/issues/754

    ReplyDelete
  6. So it WAS selinux, but the AVC denials seem difficult to reproduce, probably because I can't understand the steps taken when running anbox.appmgr. I found the easiest solution is to reboot the computer (restarting the container-manager service and other anbox services didn't reproduce the AVC denials, and running anbox.appmgr when the services are already started did not reproduce the denials)

    echo $(date +"%x %R") > .start
    anbox.appmgr
    sudo ausearch -m avc -ts $(cat .start) --raw | audit2allow -M anbox-allow1
    sudo semodule -i anbox-allow1.pp
    sudo reboot

    echo $(date +"%x %R") > .start
    anbox.appmgr
    sudo ausearch -m avc -ts $(cat .start) --raw | audit2allow -M anbox-allow2
    sudo semodule -i anbox-allow2.pp
    sudo reboot

    echo $(date +"%x %R") > .start
    anbox.appmgr
    sudo ausearch -m avc -ts $(cat .start) --raw | audit2allow -M anbox-allow3
    sudo semodule -i anbox-allow3.pp
    sudo reboot

    rm anbox-allow*.pp

    ReplyDelete
  7. I think I have replicated the launch order of anbox.appmgr, this may allow one to run the session-manager without rebooting each time.

    systemctl stop snap.anbox.container-manager.service #we will start this manually

    systemctl start var-lib-snapd-snap-anbox-185.mount

    sudo snap run anbox container-manager --data-path=/var/snap/anbox/common/ --android-image=/snap/anbox/185/android.img --daemon

    snap run anbox session-manager

    sudo lxc-attach -P /var/snap/anbox/common/containers -n default -- /system/bin/sh
    (at the prompt run anboxd and gatekeeperd and servicemanager)

    anbox launch --package=org.anbox.appmgr --component=org.anbox.appmgr.AppViewActivity

    I'll have to test some but I believe that if one runs ausearch -m avc and installs the rules after each step and repeats until that step throws no more errors the rebooting will be unnecessary.

    ReplyDelete
  8. Dang!!!

    The CPU of your computer (Intel(R) Xeon(R) CPU E5450 @ 3.00GHz) does not support all
    features Anbox requires.
    It is missing support for the following features: SSE 4.1, SSE 4.2, SSSE 3

    ReplyDelete
  9. Anyone successfully install Anbox Modules on Fedora 32?

    ReplyDelete
    Replies
    1. getting the same, any idea how to fix this?

      Delete
    2. This comment has been removed by the author.

      Delete
    3. Since kernel 5.10, binder and ashmem cannot be compiled as kernel modules anymore... See this issue: https://github.com/anbox/anbox-modules/issues/75

      Delete
  10. Doesn't work in Fedora 32, when I try sudo modprobe ashmem_linux I get modprobe: FATAL: Module ashmem_linux not found in directory /lib/modules/5.7.8-200.fc32.x86_64

    :(

    ReplyDelete
    Replies
    1. follow this answer i got solution
      https://unix.stackexchange.com/questions/110682/yum-installs-kernel-devel-different-from-my-kernel-version

      Delete
  11. For fedora 32 what the way

    ReplyDelete
  12. Hello, i am noob at linux and trying to learn, but im expiriencing erros here, probably due to me not knowing how to do it right .
    [Emrys@fedora ~]$ cd
    [Emrys@fedora ~]$ cd anbox-modules
    [Emrys@fedora anbox-modules]$ sudo cp anbox.conf /etc/modules-load.d/
    [Emrys@fedora anbox-modules]$ sudo cp 99-anbox.rules /lib/udev/rules.d/
    [Emrys@fedora anbox-modules]$ sudo cp -rT ashmem /usr/src/anbox-ashmem-1
    [Emrys@fedora anbox-modules]$ sudo cp -rT binder /usr/src/anbox-binder-1
    [Emrys@fedora anbox-modules]$ sudo dkms install anbox-ashmem/1

    Creating symlink /var/lib/dkms/anbox-ashmem/1/source ->
    /usr/src/anbox-ashmem-1

    DKMS: add completed.
    Error! echo
    Your kernel headers for kernel 5.12.11-300.fc34.x86_64 cannot be found at
    /lib/modules/5.12.11-300.fc34.x86_64/build or /lib/modules/5.12.11-300.fc34.x86_64/source.
    You can use the --kernelsourcedir option to tell DKMS where it's located.
    [Emrys@fedora anbox-modules]$ sudo dkms install anbox-binder/1

    Creating symlink /var/lib/dkms/anbox-binder/1/source ->
    /usr/src/anbox-binder-1

    DKMS: add completed.
    Error! echo
    Your kernel headers for kernel 5.12.11-300.fc34.x86_64 cannot be found at
    /lib/modules/5.12.11-300.fc34.x86_64/build or /lib/modules/5.12.11-300.fc34.x86_64/source.
    You can use the --kernelsourcedir option to tell DKMS where it's located.
    [Emrys@fedora anbox-modules]$ sudo modprobe ashmem_linux
    modprobe: FATAL: Module ashmem_linux not found in directory /lib/modules/5.12.11-300.fc34.x86_64
    [Emrys@fedora anbox-modules]$ sudo modprobe binder_linux
    modprobe: FATAL: Module binder_linux not found in directory /lib/modules/5.12.11-300.fc34.x86_64

    any help please ?

    ReplyDelete