[vbox-dev] Why is VirtualBox suid root?
Klaus Espenlaub
klaus.espenlaub at oracle.com
Tue Oct 17 19:34:35 UTC 2017
Hi Denis,
On 17.10.2017 14:03, Denis Medvedev wrote:
> Dear developers,
>
> I want to ask a small question:
>
> Why is VirtualBox suid root while vboxmanage is not?
VM processes must be suid root (they're dropping the privileges for good
immediately after starting, so don't worry that Joe User running VMs can
turn the system upside down). VBoxManage is a simple API client which
won't ever have a VM running inside, so it doesn't need it.
VBoxHeadless again does.
> Is it possible to make VirtualBox not suid root?
Short term it's probably impossible (I suspect even when using the GUI
exclusively to show the screen of a headless VM, i.e. using the separate
UI case which has limitations). Long term it's the direction in which
we're heading, by making the separate UI case the only possibility.
Klaus
> Denis Medvedev
More information about the vbox-dev
mailing list