[vbox-dev] Removing suid root bit from VBoxDRMClient

[Support Team]

Noted.



On Mon, Jun 08 2020, at 03:46 PM, Hans de Goede <hdegoede at redhat.com>

Hi All, While looking into upgrading the Fedora virtualbox-guest-additions
packages to 6.0.10 I noticed that the "VBoxClient --vmsvga-x11" call in
VBoxClient-all has been replaced with "VBoxClient --vmsvga" and that that
one will either behave as the old --vmsvga-x11 version (when running under
a X11 session) or it will start /usr/bin/VBoxDRMClient. I added
/usr/bin/VBoxDRMClient to the Fedora packages, but after that resizing of a
GNOME3 as Wayland-compositor session inside the guest still did not work.
The issue seems to be that /usr/bin/VBoxDRMClient needs more rights, I
guess that the upstream version of the guest-additions installs it suid
root ? That is not necessary and since Fedora ships
virtualbox-guest-additions as part of the default workstation install we
would like to avoid adding another suid root binary to the default install.
Instead I've written a udev rule + systemd service to replace the
"VBoxClient --vmsvga" call inside VBoxClient-all. These config files will
start /usr/bin/VBoxDRMClient when running inside a VBox VM with VMSVGA
graphics. Note this will now run independent of the type of session (X11 or
Wayland) running inside the VM. This means that X11 sessions now also use
VBoxDRMClient rather then VBoxClient --vmsvga-x11 for resizing. This works
fine and if upstream adopts this, then the VBoxClient --vmsvga-x11 can be
dropped. The udev rule and systemd file can be found here. Feel free to use
these under the MIT license:
https://src.fedoraproject.org/rpms/virtualbox-guest-additions/blob/master/f/VirtualBox-60-vboxguest.rules
https://src.fedoraproject.org/rpms/virtualbox-guest-additions/blob/master/f/vboxclient.service
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.virtualbox.org/pipermail/vbox-dev/attachments/20200608/4201dd77/attachment.html>