#3143 closed defect (fixed)
VirtualBox 2.1.2 kills USB printing via hplip on OpenSUSE 11.1 -> fixed in SVN
| Reported by: | birefringence | Owned by: | |
|---|---|---|---|
| Component: | USB | Version: | VirtualBox 2.1.2 |
| Keywords: | Cc: | ||
| Guest type: | other | Host type: | Linux |
Description
Starting with version 2.1.2 VirtualBox changes the group of all devices under /dev/bus/usb/ to "vboxusers". This change seems to be in effect after installing the RPM package and is independent of whether VirtualBox is actually running or not. For printing to work, the printer device has to be writable by the group "lp".
Change History (10)
comment:1 by , 15 years ago
comment:3 by , 15 years ago
This behavior is intended as we actually don't know how to handle this correctly. On one hand, a user wishes to access every USB device from his VM. Therefore this udev rule was introduced. On the other hand, it should be possible to keep the original access rules for USB devices.
Any hint is appreciated. This behavior can be adapted by changing/removing these two USB udev rules.
comment:4 by , 15 years ago
Is it possible to use HAL instead of udev for the permissions? As far as I understand, HAL e.g. gives write permissions for USB drives to local users via ACLs.
comment:5 by , 15 years ago
| Summary: | VirtualBox 2.1.2 kills USB printing via hplip on OpenSUSE 11.1 → VirtualBox 2.1.2 kills USB printing via hplip on OpenSUSE 11.1 -> fixed in SVN |
|---|
This should be fixed in SVN by lowering the priority of the VirtualBox udev rule. I'm not sure if giving access to all USB devices to everyone at the console would be a good thing - currently you have to explicitly make a user a member of the vboxusers group to give them access, which does give a certain amount of control over it. What do you think?
comment:6 by , 15 years ago
Ok, giving write access to everyone is really not a good idea. I guess, it's not possible to give write access to the vboxusers group via ACLs? That would allow more flexibility ...
comment:7 by , 15 years ago
Quite possibly, I just don't know much about this yet. Do you know anything about it, or have any good pointers to information?
comment:8 by , 15 years ago
Hmm, wondering what the *best* solution is but probably an ACL rule allowing vboxusers access to all USB devices is an option.
I _think_ that can be done using udev rules similar to this: SUBSYSTEM=="usb_device", RUN+="/sbin/udev.vbox.sh" SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", RUN+="/sbin/udev.vbox.sh"
/sbin/udev.vbox.sh: if test -n "${DEVICE}"; then
/usr/bin/setfacl -m g:vboxusers:rw ${DEVICE}
fi
Selective ACL settings are nowadays done using hal together with policykit but in case where every USB device should be accessible by a certain group the above could probably work. That's completely untested though and for example /usr/bin/setfacl looks problematic since it's probably not available in time but it probably helps.
comment:9 by , 15 years ago
In version 2.1.4 we moved the udev rule more to the beginning of the list decreasing the priority. Waiting for more feedback.
comment:10 by , 15 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
More specifically: VirtualBox effectively overwrites the settings specified /lib/udev/rules.d/50-udev-default.rules