[vbox-dev] Removing suid root bit from VBoxDRMClient

Frank Batschulat frank.batschulat at oracle.com
Mon Jun 8 17:44:53 GMT 2020 

Thanks Hans, but right now we have a higher priority problem with fedora  
32,
that is we cannot get our vboxsf kernel module loaded anymore when we  
install
our GAs because the Linux vboxsf kernel module is sticking and the only  
one getting loaded
even though the Fedora specific guest additions you mentioned below have  
been uninstalled.

Also the Linux kernel vboxsf kernel module is incompatible with
our userland commands, our userland cannot talk to your vboxsf kernel  
module anymore.

investigating and fixing these beauty currently has a higher priority for  
us.

On Mon, 08 Jun 2020 17:46:58 +0200, Hans de Goede <hdegoede at redhat.com>  
wrote:

> Hi All,
>
> While looking into upgrading the Fedora virtualbox-guest-additions  
> packages to 6.0.10
> I noticed that the  "VBoxClient --vmsvga-x11" call in VBoxClient-all has  
> been replaced
> with "VBoxClient --vmsvga" and that that one will either behave as the  
> old --vmsvga-x11
> version (when running under a X11 session) or it will start  
> /usr/bin/VBoxDRMClient.
>
> I added /usr/bin/VBoxDRMClient to the Fedora packages, but after that  
> resizing of
> a GNOME3 as Wayland-compositor session inside the guest still did not  
> work.
>
> The issue seems to be that /usr/bin/VBoxDRMClient needs more rights, I  
> guess that
> the upstream version of the guest-additions installs it suid root ?
>
> That is not necessary and since Fedora ships virtualbox-guest-additions  
> as part of
> the default workstation install we would like to avoid adding another  
> suid root binary
> to the default install.
>
> Instead I've written a udev rule + systemd service to replace the  
> "VBoxClient --vmsvga"
> call inside VBoxClient-all. These config files will start  
> /usr/bin/VBoxDRMClient
> when running inside a VBox VM with VMSVGA graphics. Note this will now  
> run independent
> of the type of session (X11 or Wayland) running inside the VM. This  
> means that X11
> sessions now also use VBoxDRMClient rather then VBoxClient --vmsvga-x11  
> for resizing.
>
> This works fine and if upstream adopts this, then the VBoxClient  
> --vmsvga-x11
> can be dropped.
>
> The udev rule and systemd file can be found here. Feel free to use these  
> under the
> MIT license:
>
> https://src.fedoraproject.org/rpms/virtualbox-guest-additions/blob/master/f/VirtualBox-60-vboxguest.rules
> https://src.fedoraproject.org/rpms/virtualbox-guest-additions/blob/master/f/vboxclient.service
>
> Regards,
>
> Hans
>
> _______________________________________________
> vbox-dev mailing list
> vbox-dev at virtualbox.org
> https://www.virtualbox.org/mailman/listinfo/vbox-dev


-- 
frankB

Oracle Virtualbox Development

More information about the vbox-dev mailing list