 So, hi. Thanks for coming. This talk is about in on boxes. This is a format that I've been using for lightning talks. It's mostly a showcase of what boxes is and what features we have. And I also want to do some demos so you can get to know how things really work in practice. And in the very end, I want to describe the features I've been working on. I said I've been working on because it's pretty much just me working on boxes. I get some contributors from external projects that are like related to boxes, but full-time boxes just me. So, some things are kind of moving in a slow pace. If you were here two years ago when I had a talk about GPU pass-through, and at that time we were still experimenting, and then in the meanwhile a lot of things happened with flat-pack containers and silver-blue. So, a lot of plans changed, but we kind of end up moving in a different way. So, the problem kind of persists, but now can be tackled in a different way. So, that's something I want to describe in the end for those who are already experienced with boxes and one more features. Just for me to be able to assess the level of this, how many of you actually know boxes already? Could you please raise your hands? Sweet. And how many of you use boxes? Because, nice. Not as many. So, yeah, my name is Felipe Borges. I work for Red Hat in the desktop team, but I've been involved with GNOME for quite some time. Eight, nine years. And I mostly work in boxes, but I also work in the settings in GNOME. So, if you are, like, setting a printer, user accounts in GNOME, you are using my stuff. And lately, I've been working also with portals to get... I've been feeling very passionate about solving the Linux fragmentation between distributions, and I've been working with flat-pack and portals. So, I've been working really hard on trying to make applications able to integrate with the host operating system. And, surprisingly, box is a very good showcase for that, because boxes is an application that a lot of people wouldn't think we would be able to put in a container, especially because we are putting it, not just boxes, the UI itself, but we are putting LibVert and Kemu and everything inside of container, and what we really require on the host is just access to the hardware devices, right, to slash that. So, yeah, box is also other virtualization features that we have. It sits on top of LibVert, so it's pretty much the same as LibVert Manager, but it has a design that is oriented towards not requiring from the user to understand operating system internals. The use case is more like I'm a web developer, and I want to be able to test how my website does in Internet Explorer, or I am a gamer, and I want to play some indie game on a Windows machine, or I work in a distribution, and I want to pack stuff. I actually get to use boxes a lot on my everyday life, because in Red Hat, I work with Rails, so I have Rails VMs, and sometimes I just need to drop a scratch build inside my Rails VM to be able to test, and boxes just makes it very nice. So, if you work in Red Hat and you have to maintain a package in multiple versions of Rails and test this, this is a great tool for you if you don't want to really mind about understanding virtualization. So, easy downloads, thanks to LibOS Info, which is this library that we have that it's basically divided in two basic concepts, which one of them is a database, which we describe operating systems, the requirements, the devices they support, and then a tooling set that allows for detecting ISOs and images and installation trees, and match them to this database. So, the idea behind boxes is that given an ISO, we are able to detect it and set the right defaults to it, whether it supports virtio scosi for something or not, and the user actually doesn't need to mind anything, and most of the default setup is good, it's just performant. So, we have LibOS Info also allows us to have links to the medias, which are publicly available on the internet. So, boxes allows us to download images. So, if you want to discover some distros or do some distro hoping, or you just don't know where to find ISOs, boxes can do that. And another great feature that boxes has is the express installations, which for detected OSs, for the operating system that we support, we are able to script the installation. So, so far we are able to do express installations in RHEL, in Debian, OpenSUSE, Ubuntu, Fedora, Fedora Silverblue. So, this is pretty neat because you just set up your user account and LibOS Info and boxes are able to get things from your host and pass it to the guest. So, your guest is going to be set up with the profile picture you had on your user account. It's going to be the same on the guest. That's pretty cool. And before I get to that, Fabiano here is the chair of the table. He's the main developer of LibOS Info and without him we wouldn't be able to do this. So, it's great that we have OpenSource software we get to make so much by being able to rely on other people's cooperation and using other people's work. So, the whole LibVar team, I saw some people here as well in the room. So, thanks a lot for that. And drag and drop is something that we get from Spice, which is also something that Boxes uses. And I see some Spice people there in the back as well. We get to drag and drop things onto the display and this is something very useful for just getting your scratch builds inside your guest VMs. We also support folder sharing, but so far it's using a web dev, which is not so good because it's something focused on web and IO is not so fast. So, ideally we are going to use VITI-OFS, which is something that is being developed. I think it's already being merged on the kernel and in Camo. I've been following closely the LibVort list because VITI-OFS is getting merged in LibVort as well. And once it gets there we're going to get it for free and this is going to really enable real folder sharing for Boxes. So, while we are at it, let's open Boxes and actually do some demoing. Here, when I search for Boxes, you see that there are two entries. This is also something pretty cool about Flatpak and Boxes that we are able to build different application IDs for the same app. So, I get to have a Boxes nightly build. So, every single night, or actually every single commit that gets merged into master produces a Flatpak build, uploads to our Flatpak repository and users get these updates automatically if they have GNOME. So, if you have GNOME software and we have automatic updates, these Boxes is like up to date as yesterday. So, this is pretty nice and you also can have your stable and your stable Boxes, which is the one with the official releases of your distribution. And they share a different namespace. The application IDs are different, so the VMs are not exchangeable between each other and this allows you to actually not break VMs once a new feature gets introduced. So, you get to keep your stable VMs and also play with the new features at the same time. So, let's open the unstable Boxes and this is how the welcome screen looks like. And, in the meanwhile, I was thinking we could create a VM and then I'll be talking about Boxes. So, here the Create Virtual Machines Dialogue has detected sources. We use Tracker, which is this GNOME technology that is mining for files and trying to extract information about these files. And that's how we populated this detected resources list. So, these are files, like image bootable images in my downloads folder in my home system that Boxes can just boot. You see that we are able to assign a logo to them, like a readable username and that's all thanks to this combination between Tracker and Libo as info. And here below the feature downloads. So, distros have also the autonomy to overwrite these. So, if you work for another distro and you want to promote something else other than RHEL, Fedora, and Fedora Civil Blue, you also get to package Boxes as such that you can recommend your own apps, your own distros. And here we get like the whole as info database where you can search, filter and all. Let's do a Fedora Civil Blue, I guess. So, here it's already prefilled from my key ring. So, my credentials from the key ring. I will just put here DevConf maybe. So, I don't expose my password. And yeah, it's going to create a Fedora Civil Blue installation with a user account, which has the same username as mine and this password that I'm setting. And here I get some chance to customize. Let's set the memory a little bit higher. So, I get a little bit more of performance. But yeah, this is very straightforward. And I get to create. And yeah, you just can go for a coffee or for DevConf for a talk and in the meanwhile, the machine is going to get installed. You can also just click on the display and just watch install. Might be therapeutic or so. Remote connections is also something that Boxes has been supporting because we just get the sense that you have machines you want to manage, some of them might be virtual, some of them might just be bare metals elsewhere. And even your virtual machines, they could be in a remote broker and Boxes will be able to connect to that. So, virtual and remote machines, we are treating them the same. You can filter them on the UI, but we are treating them the same and that's why these both belong in Boxes. We support VNC connections, RDP connections, and we also act as a SSH client. So, in case you just want to have a fancy terminal emulator that actually automatically remembers your connections, that's something Boxes can do. We also do clones, we do very similarly to the previous talk. We just copy the virtual machine, recreate the network interface to avoid MAC address conflicts and snapshots. Once you install our machine in Boxes, we automatically create a snapshot. This is also like snapshots is a feature that LeapVert has, but we just took the next step of all things. We just took the next step of already going forward and creating a snapshot for you. So, once you install the machine, you already have the snapshot of the first boot. So, you can just install whatever you want, break the machine as much as you want, and then you can just revert to that snapshot. This is very useful. I can, well actually after you install the silver blue machine, we could check that out. And since we are getting to the second part of the talk, I will talk about what I've been working on lately. As in working progress, I have this import-export feature that I've been rushing to landing 3.36. GNOME has a release now in five of March. I've got it working so far. I have to tweak a little bit of performance issues, but basically we are able to produce an archive which includes the key call of the image, so the backing disk of the image, and the LeapVert file and some extra metadata, including the LeapWise info XML of that one. So once you create this package, you'll be able to send this to another user, and they'll be able to just boot your virtual machine as well. So this can help you to create backups of your virtual machines, import from old version of boxes to a new version of boxes. I imagine also that a lot of virtual machine oriented deployments, somebody is just cooking up a virtual machine and they are sharing for other colleagues to be able to code in the same environment. So this is something that you can easily do. Hence here the GPU pass through that I mentioned before that two years ago I had a talk here and the experiment we are struggling with was to how to automatically unload the dedicated GPU driver, tell grub not to load, not to pass the kernel, the call to load the driver on the next boot. So we'll be free to finally assign the dedicated GPU to the guest. And actually the flat pack instead of constraining us because of the container limitation is actually enabling us to do that because with flat pack we have portals and portals are privileged processes running on the host, which means that boxes now can do a call over D-Bus to a specific portal and this portal would be able to escalate privileges with polyskid and let's say rewrite the grub entry to not load the driver, unload the driver in case of hot plugging. So GPU pass through is actually going to come to life in flat pack before it comes to bare metal because yeah it's just hard to escalate privileges from application point of view and with flat pack you're gonna be able to do that. And here sharing folders with UTIO FS it's also something pretty cool that the, I don't know if you folks know but the purism is developing a GNOME based operating system for phones. And one of the nice things is that it runs flat pack apps. So the ideas that you're using GNOME builder are IDE and you build an application and builder automatically composes a flat pack bundle and puts this inside of an existing VM you have in boxes and you get to test this. So we are trying to mimic what Android Studio has which you get to open an emulator and see an Android there. So this will be very cool for GNOME based or Linux based phones but also be able to work very nicely for Android because we also have Android with x86 support and one of the features that I want to work on for the next cycles is to support ARM emulation so then we will be able to even support real OS operating system. So a lot of possibilities but before I get there let's see how the silver blue installation is going. Also it's still copying writing objects. Yeah, when I experimented at home it was a little faster than 10 minutes but I guess you get the idea. I can, for instance, connect to local host as a VNC to demonstrate the remote connection features we have. Yeah, okay. The, yeah, so well I guess you don't need to wait for this. The idea is that it's going to boot and it's going to already start with a user created with those, with those credentials I mentioned before and it also is going to install a despise guest agent so we are going to get for free support for automatic resolution basing on the window sizing, this drag and drop for sharing the folders and a lot of other nice adjustments like guest integrations. So I guess while we install I could take some questions. Please. Okay, so the question was about why the express installation didn't work for Dabian. I guess Fabiano wants to do the legalizing for point. Yes, it does work. Yeah, very often distros are moving with their installation process and we are playing catch. We recently had some issue with open SUSE and it was just about just adjusting paths and stuff with the install scripts but this is something pretty trivial. The idea is that since distros are mostly derived from each other, we are just growing our support base for express installs. Ubuntu was a recent addition. Oh, now the machine is rebooting and it's ready. So now we're going to get a first boot with Fedora Silverblue. So Fedora Silverblue is this OS3 base of rating system that we've been promoting on the desktop teams and it's exactly what I'm running on my host. So my host is read-only and the boxes you are seeing here is all a flat pack. It's all running inside of a container. So here we have Silverblue inside of VM. This is the GNOME welcome screen. So you see if I resize the window that is going to take a while to kick in but the guest agent is going to resize the window. So these are like guest host integrations that we have and something really nice is the drag and drop for folder sharing, let's say I have here pictures. So something small. So if I would drag here, then I just get the picture inside the guest. That's very convenient for me. Now outside of the guest to the host, you need to use folder sharing. So in this case, you would just define a folder in the host that you want to make it available in the guest and then you'll be able to exchange files this way. It's something that it's worth investigating but yeah, it gets really complex when it's talking about display server, especially in a time where we are speaking about making the display server much more protected in terms of security. We don't want applications to be sneaking on each other so maybe it would work in X but if we want to move to Wayland we need to maybe define a protocol for that so it's not so straightforward. So yeah, I guess more questions. Jose, you had a question? Yeah, it's based on the OVA, open virtualization appliance format and I believe that VIRT Manager already supports that format for importing. I think they don't export but they can import. So you'll be able to import VMs from boxes into VIRT Manager very easily by doing this. I wrote this library called LibGOVF and it's a library that allows you to manipulate OVF files. OVF is the XML manifest of open virtualization appliance. And so this library manipulates this XML and allows you to add disks and things like this. So you'd be very straightforward for VIRT Manager to use this library and be able to import things as well. So this is possible. We still have a limited amount of support of OVA features. We support only a single disk for now, some very basics but it gets things working especially because in boxes a lot of people don't have complex setups especially in terms of network because we don't expose network settings. So we are able to constrain what's supported or not. But yeah, you'll be very nice for OVF Manager and also OVIRT. You'll be able to cook up a VM and then uploading into OVIRT. They have a support for OVA as well. Any more questions here in the front? No, it's not, yeah. It's in the works with the portal part. Like the boxes part works but the portal part for escalating privileges is depending on us writing this devices portal for Flatpak and my colleague is working on this devices portal. And I have a front end on top of that that is GPU specific. Yeah, yeah, I consider that for bare metal but for Flatpak I felt like in the container that that wouldn't necessarily work but it's worth investigating. I didn't actually investigate the possibility of having a box I just heard about. Well that actually is not something we have considered but it makes for a strong use case. I actually think we should investigate that and I feel it would be very straightforward to do it because the devices portal would enable us to do any PCI pass through so we'll be able to do assignment of hardware devices directly to the gas so that that's very doable. So that's good to know, good idea. And there was another question. I feel they have a virtual driver that most operating systems need to include so it's more like distros and actually our shipping guest support for a virtual box, some VBox guest tools type of thing. So yeah, we are not really on the point where we are getting distros to ship stuff for us but that would be nice. But yeah, I guess with virtual OS we would and we really need that so. Any more questions or criticism or ideas for features that is not adding an option for something? Please. Cloud images, yeah, usually they are distributed as Kiko images, right? So yeah, we can. We can import. No installation, you just get an instant. Yeah, if you have a Kiko image, I happen to not have any downloaded here I think. But yeah, if I did, you'd be able to double click it and boxes would just boot it. So that. Yeah. Yeah, we do this already. We support existing installation. We have support for what we call installed images. So yeah, this works already. Yeah, to add to that, GNOME is composing Kiko images based on nightly builds as well. So you would be able to just boot a GNOME image that is already installed. And it's generated every day. So that's how we are pointing our designers, translators, documentation, marketing people to test the newest stuff before a release. And that's already something that works. You had another one, right? I would say VirtualBox has our nice exposure of features, just like VIRT Manager. But it's not native virtualization. So I guess in terms of performance, we still obtain better performance with KVM. So if you are aiming for performance, you would go for boxes. If you are aiming for options, I would suggest you go for VIRT Manager, not VirtualBox. And yeah, I don't even need to get to proprietary software. Oh, we are on time. So thanks for coming. Thank you.