[vbox-dev] (no subject)

Austin English austinenglish at gmail.com
Thu Jan 28 22:29:33 UTC 2016


On Thu, Jan 28, 2016 at 2:22 AM, Frank Mehnert <frank.mehnert at oracle.com> wrote:
> Austin,
>
> On Wednesday 27 January 2016 23:28:55 Austin English wrote:
>> On Wed, Jan 27, 2016 at 1:56 AM, Frank Mehnert <frank.mehnert at oracle.com>
> wrote:
>> > On Wednesday 27 January 2016 00:13:18 Austin English wrote:
>> >> Well, Virtualbox hadn't compiled, I was hitting
>> >> https://www.virtualbox.org/ticket/1499.
>> >>
>> >> Using a 32-bit kernel instead, I was able to get VirtualBox 4.3.32 to
>> >> build. The results:
>> >>
>> >> # hardened, no sudo
>> >> amnesia at amnesia:/media/amnesia/e3f702b9-64b4-40c2-96c3-ef6cf856e129/Virtu
>> >> alB ox-4.3.32/out/linux.x86/release/bin$ ./VirtualBox
>> >> VirtualBox: Error -10 in SUPR3HardenedMain!
>> >> VirtualBox: Effective UID is not root (euid=1000 egid=1000 uid=1000
>> >> gid=1000)
>> >>
>> >> VirtualBox: Tip! It may help to reinstall VirtualBox.
>> >
>> > that will not work of course. Running a hardened build from the bin
>> > directory is not supported. A hardened build will only run if it's
>> > installed to /opt/VirtualBox and the stubs (VirtualBox, VBoxHeadless,
>> > VBoxSDL, VBoxNetDHCP, VBoxNetNAT) are installed as suid root.
>>
>> Thanks for the tip. Is that documented somewhere?
>> https://www.virtualbox.org/wiki/Linux%20build%20instructions indicates
>> that a hardened build can from from the build dir if some symlinks are
>> made (which they were already for me by the build), and some files are
>> chmod'ed/chown'ed. There's no mention of installing to /opt.
>
> the documentation on that page is outdated. I did some fixes mentioning
> that running a hardened build from the bin/ directory will not work.

Thanks! Note you added a typo:

Running a hardened build from tue bin/ directory will not work because
all hardened binaries do explicit link against libraries from
/opt/VirtualBox (fixed path).

tue > the

> The most up-to-date documentation you can find is the source code.

Sure.

I've got a few more corrections for that page (for the debian packages
section), should I file a bug somewhere or send a mail to vbox-dev?



More information about the vbox-dev mailing list