Date: Wed, 29 Sep 2021 13:08:03 -0600 (MDT) From: Dale Scott <dalescott@shaw.ca> To: Bernhard =?utf-8?Q?Fr=C3=B6hlich?= <decke@freebsd.org> Cc: Mario Lobo <lobo@bsd.com.br>, freebsd-questions <FreeBSD-Questions@freebsd.org>, freebsd-virtualization@freebsd.org Subject: Re: Running VirtualBox as non-root user Message-ID: <650834006.36091303.1632942483218.JavaMail.zimbra@shaw.ca> In-Reply-To: <CAE-m3X36hxO1vA_cMKxTo2fTu8KEOfBHzZ%2BH=G2qvJ7GDve5tA@mail.gmail.com> References: <CA%2ByoEx9iL_%2BjHH1tmmt9qAQRYTxq1uO_hscx0VKZ9%2BEL=f0DOQ@mail.gmail.com> <CAE-m3X36hxO1vA_cMKxTo2fTu8KEOfBHzZ%2BH=G2qvJ7GDve5tA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I don't have a solution, but I can report I'm happily running virtualbox-os= e headless as a non-root user (me, the vm's are stored in my user directory= ) using phpvirtualbox served by Apache. dale@whizzer:~ % sudo pkg info | grep virtual phpvirtualbox-6.1 AJAX Web Interface for VirtualBox virtualbox-ose-kmod-6.1.22_1 VirtualBox kernel module for FreeBSD virtualbox-ose-nox11-6.1.22_2 General-purpose full virtualizer for x86 har= dware dale@whizzer:~ % uname -a FreeBSD whizzer.dalescott.net 12.2-RELEASE-p7 FreeBSD 12.2-RELEASE-p7 GENER= IC amd64 dale@whizzer:~ % Good luck, Dale ----- Original Message ----- > From: "Bernhard Fr=C3=B6hlich" <decke@freebsd.org> > To: "Mario Lobo" <lobo@bsd.com.br> > Cc: "freebsd-questions" <FreeBSD-Questions@freebsd.org>, freebsd-virtuali= zation@freebsd.org > Sent: Wednesday, September 29, 2021 12:17:18 PM > Subject: Re: Running VirtualBox as non-root user > On Wed, Sep 29, 2021 at 8:01 PM Mario Lobo <lobo@bsd.com.br> wrote: >> >> Hi; >> >> Here is what I've done so far: >> >> - Created user vbox and put it in vboxuser group >> - Went as far as chown -R vbox:vboxuser /usr/local/lib/virtualbox >> - Executables are with the SUiD bit set >> -r-s--x--- 1 vbox vboxusers 32064 Sep 21 22:18 VBoxSDL >> -r-s--x--- 1 vbox vboxusers 16064 Sep 21 22:18 VBoxNetAdpCtl >> -r-s--x--- 1 vbox vboxusers 32064 Sep 21 22:18 VBoxNetDHCP >> -r-s--x--- 1 vbox vboxusers 32064 Sep 21 22:18 VBoxNetNAT >> -r-s--s--- 1 vbox vboxusers 32352 Sep 22 17:55 VirtualBoxVM >> >> - Imported a test VM >> - Ran the VM as root to make sure it's working >> - started VirtualBox as user vbox, and it starts fine >> >> VirtualBox GUI starts fine as user vbox but when I try to start the test= VM >> from it, I get: >> >> Effective UID is not root (euid=3D1001 egid=3D920 uid=3D1001 gid=3D1001)= (rc=3D-10) >> where: SUPR3HardenedMain what: 2 VERR_PERMISSION_DENIED (-10) - Permissi= on >> denied. >> >> Starting it from VirtualBoxVM --startvm test issues the same error: >> >> VirtualBoxVM: Error -10 in SUPR3HardenedMain! >> VirtualBoxVM: Effective UID is not root (euid=3D1001 egid=3D920 uid=3D10= 01 >> gid=3D1001) >> where: SUPR3HardenedMain >> what: 2 >> VERR_PERMISSION_DENIED (-10) - Permission denied. >> >> Any pointer for anything else I should be doing or is missing? >=20 > Puh it's been a long time for me but from what I read there are two thing= s that > sound problematic to me. >=20 > 1) vbox uses something that they call "hardening" which does some checks > in addition to the suid/sgid bits. Changing permissions and/or > user/group is asking > for trouble! I'd recommend to reinstall the vbox package in that case. Th= e > instructions in the handbook should be enough. >=20 > pw groupmod vboxusers -m yourusername >=20 > 2) Starting a VM as root is definitely not a good idea either. The > problem is that > vbox it will create some temporary files/directories as root somewhere > under /tmp > or was it /var? When the VM is stopped the directories are left and you w= on't be > able to write to them as user afterwards. If the VM is not running it > should be okay > to just delete them but please have a look at the content first to make s= ure. >=20 > -- > Bernhard Froehlich > http://www.bluelife.at/ > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?650834006.36091303.1632942483218.JavaMail.zimbra>