Published on

Kali in a LXD container


How to run Kali Linux with GUI apps in a LXD container

If you are using a linux distro like Ubuntu as your host OS, and you want to have a light Kali machine without reserving the resources for a Virtual Machine you can easily install Kali in a LXD container.

I use this mostly to play HackTheBox, but you can use the same solution to spin any other linux distro box for testing some GUI app without altering your host.

Getting the container working with GUI was a bit painful, that's why I thought the internet needed this post.

If you understood the title of this post and kept reading I assume you have some minimum linux knowledge, so I will go straight to the point.

1. Install lxd

Something like sudo apt install lxd should do the job. If you are on some other random distro (btw) I guess you know how to install stuff on your system.

2. Create the profile

Run echo $DISPLAY. This gives you your display id. You need this later.

Create a file with the following content:

  environment.DISPLAY: :0
  raw.idmap: both 1000 1000
description: GUI LXD profile
    path: /tmp/.pulse-native
    source: /run/user/1000/pulse/native
    type: disk
    path: /tmp/.X11-unix/X0
    source: /tmp/.X11-unix/X0
    type: disk
    type: gpu
name: gui

This is the critical part, the field environment.DISPLAY needs to match your output in your echo $DISPLAY.

This also assumes that your host user has id 1000. It's the most common setup, but could be something to troubleshoot.

For this example, I named the file lxdguiprofile.txt. If you give it a different name remember to replace it in the next command.

Create the profile using this config file:

lxc profile create gui
cat lxdguiprofile.txt | lxc profile edit gui
lxc profile list

You should see your profile in the list.

3. Launch the container

Create a container named xkali using the gui profile to complete the default profile:

lxc launch --profile default --profile gui images:kali/current/amd64 xkali

Use images:ubuntu/focal/amd64 for ubuntu instead of kali.

4. Get a root shell to your container:

lxc exec xkali bash

The rest of the steps are meant to be run inside the container, using that given privileged shell.

5. Create the kali user

It's a good practice not to run everything as root, so let's create a sudo user:

adduser kali
usermod -aG sudo kali
sed -i '1 i\TERM=xterm-256color' /home/kali/.bashrc

6. Install tools and dependencies

apt update
apt install -y x11-apps mesa-utils pulseaudio
apt install -y kali-linux-default kali-desktop-xfce

The installation may take a while. After that you should have a kali installation in the created container.

Using the container

The workflow with the container would be:

  1. Start the container: lxc start xkali
  2. Log into the container as kali: lxc exec xkali -- sudo -u kali bash. You should probably have an alias for this comand, so that you can quickly get another terminal.
  3. Launch some GUI app and do some educational hacking.
  4. Stop the container: lxc stop xkali


The next steps are optional, but I imagine they are pretty common things that any Kali installation should have:

  • Disable core dumps:

    sh -c "echo 'Set disable_coredump false' > /etc/sudo.conf"

    Core dumps may pose a security risk, and you are unlikely to check them out.

  • Install the latest Firefox. Kali comes with some sort of LTS version, more stable, but many extensions don't work, and we will need FoxyProxy.

  • Install FoxyProxy and Wappalyzer Firefox extensions.

  • Install Burp: sudo apt install burpsuite

  • Fix audio:

    sudo apt install pulseaudio
    sed -i "s/; enable-shm = yes/enable-shm = no/g" /etc/pulse/client.conf
    echo export PULSE_SERVER=unix:/tmp/.pulse-native | tee --append /home/kali/.profile

Leave a comment

This blog is all brand new and I don't yet have a comment section. You can leave a comment via Hacker News or Mastodon. I could add some more detail to any of the steps if someone needs it.