VirtualBox

Ticket #3143 (closed defect: fixed)

Opened 10 months ago

Last modified 9 months ago

VirtualBox 2.1.2 kills USB printing via hplip on OpenSUSE 11.1 -> fixed in SVN

Reported by: birefringence Assigned to:
Priority: critical Component: USB
Version: VirtualBox 2.1.2 Keywords:
Cc: Guest type: other
Host type: Linux

Description

Starting with version 2.1.2 VirtualBox changes the group of all devices under /dev/bus/usb/ to "vboxusers". This change seems to be in effect after installing the RPM package and is independent of whether VirtualBox is actually running or not. For printing to work, the printer device has to be writable by the group "lp".

Change History

2009-01-24 13:30:30 changed by birefringence

More specifically: VirtualBox effectively overwrites the settings specified /lib/udev/rules.d/50-udev-default.rules

2009-01-25 12:22:34 changed by birefringence

I found the culprit: It's the file /etc/udev/rules.d/60-vboxdrv.rules

2009-01-26 08:39:41 changed by frank

This behavior is intended as we actually don't know how to handle this correctly. On one hand, a user wishes to access every USB device from his VM. Therefore this udev rule was introduced. On the other hand, it should be possible to keep the original access rules for USB devices.

Any hint is appreciated. This behavior can be adapted by changing/removing these two USB udev rules.

2009-01-27 22:28:26 changed by birefringence

Is it possible to use HAL instead of udev for the permissions? As far as I understand, HAL e.g. gives write permissions for USB drives to local users via ACLs.

2009-01-27 22:43:37 changed by michael

  • summary changed from VirtualBox 2.1.2 kills USB printing via hplip on OpenSUSE 11.1 to VirtualBox 2.1.2 kills USB printing via hplip on OpenSUSE 11.1 -> fixed in SVN.

This should be fixed in SVN by lowering the priority of the VirtualBox udev rule. I'm not sure if giving access to all USB devices to everyone at the console would be a good thing - currently you have to explicitly make a user a member of the vboxusers group to give them access, which does give a certain amount of control over it. What do you think?

2009-01-28 22:27:58 changed by birefringence

Ok, giving write access to everyone is really not a good idea. I guess, it's not possible to give write access to the vboxusers group via ACLs? That would allow more flexibility ...

2009-01-29 10:04:37 changed by michael

Quite possibly, I just don't know much about this yet. Do you know anything about it, or have any good pointers to information?

2009-01-30 10:06:13 changed by woro

Hmm, wondering what the *best* solution is but probably an ACL rule allowing vboxusers access to all USB devices is an option.

I _think_ that can be done using udev rules similar to this: SUBSYSTEM=="usb_device", RUN+="/sbin/udev.vbox.sh" SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", RUN+="/sbin/udev.vbox.sh"

/sbin/udev.vbox.sh: if test -n "${DEVICE}"; then

/usr/bin/setfacl -m g:vboxusers:rw ${DEVICE}

fi

Selective ACL settings are nowadays done using hal together with policykit but in case where every USB device should be accessible by a certain group the above could probably work. That's completely untested though and for example /usr/bin/setfacl looks problematic since it's probably not available in time but it probably helps.

2009-02-16 20:15:53 changed by frank

In version 2.1.4 we moved the udev rule more to the beginning of the list decreasing the priority. Waiting for more feedback.

2009-02-16 20:48:22 changed by sandervl73

  • status changed from new to closed.
  • resolution set to fixed.

© 2009 Sun Microsystems, Inc.
ContactPrivacy policy