[vbox-dev] Removing suid root bit from VBoxDRMClient

Frank Batschulat frank.batschulat at oracle.com
Tue Jun 9 09:34:10 GMT 2020 

I have filed the following bug to track this issue:

Ticket #19647 Fedora: Removing suid root bit from VBoxDRMClient
https://www.virtualbox.org/ticket/19647

On Mon, 08 Jun 2020 17:46:58 +0200, Hans de Goede <hdegoede at redhat.com>  
wrote:

> Hi All,
>
> While looking into upgrading the Fedora virtualbox-guest-additions  
> packages to 6.0.10
> I noticed that the  "VBoxClient --vmsvga-x11" call in VBoxClient-all has  
> been replaced
> with "VBoxClient --vmsvga" and that that one will either behave as the  
> old --vmsvga-x11
> version (when running under a X11 session) or it will start  
> /usr/bin/VBoxDRMClient.
>
> I added /usr/bin/VBoxDRMClient to the Fedora packages, but after that  
> resizing of
> a GNOME3 as Wayland-compositor session inside the guest still did not  
> work.
>
> The issue seems to be that /usr/bin/VBoxDRMClient needs more rights, I  
> guess that
> the upstream version of the guest-additions installs it suid root ?
>
> That is not necessary and since Fedora ships virtualbox-guest-additions  
> as part of
> the default workstation install we would like to avoid adding another  
> suid root binary
> to the default install.
>
> Instead I've written a udev rule + systemd service to replace the  
> "VBoxClient --vmsvga"
> call inside VBoxClient-all. These config files will start  
> /usr/bin/VBoxDRMClient
> when running inside a VBox VM with VMSVGA graphics. Note this will now  
> run independent
> of the type of session (X11 or Wayland) running inside the VM. This  
> means that X11
> sessions now also use VBoxDRMClient rather then VBoxClient --vmsvga-x11  
> for resizing.
>
> This works fine and if upstream adopts this, then the VBoxClient  
> --vmsvga-x11
> can be dropped.
>
> The udev rule and systemd file can be found here. Feel free to use these  
> under the
> MIT license:
>
> https://src.fedoraproject.org/rpms/virtualbox-guest-additions/blob/master/f/VirtualBox-60-vboxguest.rules
> https://src.fedoraproject.org/rpms/virtualbox-guest-additions/blob/master/f/vboxclient.service
>
> Regards,
>
> Hans
>
> _______________________________________________
> vbox-dev mailing list
> vbox-dev at virtualbox.org
> https://www.virtualbox.org/mailman/listinfo/vbox-dev


-- 
frankB

Oracle Virtualbox Development

More information about the vbox-dev mailing list