[vbox-dev] Why is VirtualBox suid root?

Klaus Espenlaub klaus.espenlaub at oracle.com
Tue Oct 17 19:34:35 UTC 2017

Hi Denis,

On 17.10.2017 14:03, Denis Medvedev wrote:
> Dear developers,
> I want to ask a small question:
> Why is VirtualBox suid root while vboxmanage is not?

VM processes must be suid root (they're dropping the privileges for good 
immediately after starting, so don't worry that Joe User running VMs can 
turn the system upside down). VBoxManage is a simple API client which 
won't ever have a VM running inside, so it doesn't need it.

VBoxHeadless again does.

> Is it possible to make VirtualBox not suid root?

Short term it's probably impossible (I suspect even when using the GUI 
exclusively to show the screen of a headless VM, i.e. using the separate 
UI case which has limitations). Long term it's the direction in which 
we're heading, by making the separate UI case the only possibility.


> Denis Medvedev

More information about the vbox-dev mailing list