[vbox-dev] Removing suid root bit from VBoxDRMClient
Hans de Goede
hdegoede at redhat.com
Mon Jun 8 15:46:58 GMT 2020
Hi All,
While looking into upgrading the Fedora virtualbox-guest-additions packages to 6.0.10
I noticed that the "VBoxClient --vmsvga-x11" call in VBoxClient-all has been replaced
with "VBoxClient --vmsvga" and that that one will either behave as the old --vmsvga-x11
version (when running under a X11 session) or it will start /usr/bin/VBoxDRMClient.
I added /usr/bin/VBoxDRMClient to the Fedora packages, but after that resizing of
a GNOME3 as Wayland-compositor session inside the guest still did not work.
The issue seems to be that /usr/bin/VBoxDRMClient needs more rights, I guess that
the upstream version of the guest-additions installs it suid root ?
That is not necessary and since Fedora ships virtualbox-guest-additions as part of
the default workstation install we would like to avoid adding another suid root binary
to the default install.
Instead I've written a udev rule + systemd service to replace the "VBoxClient --vmsvga"
call inside VBoxClient-all. These config files will start /usr/bin/VBoxDRMClient
when running inside a VBox VM with VMSVGA graphics. Note this will now run independent
of the type of session (X11 or Wayland) running inside the VM. This means that X11
sessions now also use VBoxDRMClient rather then VBoxClient --vmsvga-x11 for resizing.
This works fine and if upstream adopts this, then the VBoxClient --vmsvga-x11
can be dropped.
The udev rule and systemd file can be found here. Feel free to use these under the
MIT license:
https://src.fedoraproject.org/rpms/virtualbox-guest-additions/blob/master/f/VirtualBox-60-vboxguest.rules
https://src.fedoraproject.org/rpms/virtualbox-guest-additions/blob/master/f/vboxclient.service
Regards,
Hans
More information about the vbox-dev
mailing list