VirtualBox

Ticket #1797 (closed defect: fixed)

Opened 6 years ago

Last modified 4 years ago

won't open host network interface => change TAP group setting

Reported by: andrex Owned by:
Priority: major Component: network
Version: VirtualBox 1.6.2 Keywords: VERR_HOSTIF_INIT_FAILED
Cc: Guest type: other
Host type: Linux

Description (last modified by frank) (diff)

I have the dreaded "Failed to open host network interface" problem. I'm using Host Interface networking on a Linux host (Debian AMD64, custom 2.6.24 kernel), with a tap device named vbox0 bridged to lan:

$ brctl show lan
bridge name     bridge id               STP enabled     interfaces
lan             8000.00161711ac84       no              lan0
                                                        vbox0

When user andrex tries to start the VM, it fails with the following VBox.log:

00:00:15.216 VirtualBox 1.6.2 r31466 linux.amd64 (May 31 2008 17:30:23) release log
00:00:15.216 Log opened 2008-07-02T15:28:43.546408000Z
00:00:15.230 VRDP: TCP server listening on port 33891.
00:00:15.238 SUP: Loaded VMMR0.r0 (/usr/lib/virtualbox/VMMR0.r0) at 0xffffffff88d44900 -
  ModuleInit at ffffffff88d50590 and ModuleTerm at ffffffff88d50560
00:00:15.238 SUP: VMMR0EntryEx located at ffffffff88d50300, VMMR0EntryFast at ffffffff88d505e0 and VMMR0EntryInt at ffffffff88d4fb30
00:00:15.256 Failed to open the host network interface vbox0
00:00:15.256 ERROR [COM]: aRC=NS_ERROR_FAILURE (0x80004005)
aIID={d5a1cbda-f5d7-4824-9afe-d640c94c7dcf} aComponent={Console} aText={Failed
to open the host network interface vbox0} aWarning=false, preserve=false
00:00:15.257 ERROR [COM]: aRC=NS_ERROR_FAILURE (0x80004005)
aIID={d5a1cbda-f5d7-4824-9afe-d640c94c7dcf} aComponent={Console} aText={Failed
to initialize Host Interface Networking.
00:00:15.257 VBox status code: -3100 (VERR_HOSTIF_INIT_FAILED)} aWarning=false,
preserve=false
00:00:15.262 Power up failed (vrc=VERR_HOSTIF_INIT_FAILED, hrc=NS_ERROR_FAILURE
(0X80004005))
00:00:16.862 VRDP: TCP server closed.

andrex is a member of the group vboxusers, which has read/write permission on /dev/net/tun:

$ ll /dev/net
total 0
crw-rw---- 1 root vboxusers 10, 200 2008-06-15 14:52 tun

A few other data points:

  • I tried chmod 0666 /dev/net/tun, but it didn't help.
  • root can run this VM, but no other users can AFAICT. So it sure seems like a permission problem, but permissions on interfaces and bridges are hard to debug since they apparently only live in kernel memory. syslog and kern.log provide no useful information.
  • I applied the patch described in  http://www.virtualbox.org/ticket/1714, and that does solve one problem, but /etc/init.d/vboxnet start works correctly now and the problem still isn't resolved.
  • This VM used to work fine with the same configuration. I upgraded my kernel a few weeks ago, and probably upgraded some system tools around the same time, and now I can't get past this problem.

Any help would be much appreciated, as I'm currently dead in the water with this VM. NAT networking isn't an option because it doesn't allow me to read Samba shares.

Thanks, Andrew.

Attachments

config-2.6.26 Download (52.5 KB) - added by andrex 6 years ago.
Kernel config for custom 2.6.26 kernel
config-generic-smp-2.6.27-smp Download (86.4 KB) - added by jennic 6 years ago.
2.6.27 kernel configuration
rc.tap Download (1.3 KB) - added by jennic 6 years ago.
config-2.6.26-1-686 Download (89.5 KB) - added by bello 6 years ago.
Kernel configuration - bello

Change History

comment:1 Changed 6 years ago by frank

  • Host type changed from other to Linux

comment:2 Changed 6 years ago by frank

  • Component changed from other to network
  • Description modified (diff)

comment:3 Changed 6 years ago by lpacor

I just wanted to confirm this.

I have a 64 bit server running openSUSE 11.0 and I installed Virtualbox from the openSUSE repository.

I am not able to get this host networking work, everything just stops before being able to start with the guest installation with "VBox status code: -3100 (VERR_HOSTIF_INIT_FAILED)".

NAT networking works, but it isn't an option since the VM should become a mail server and should be reachable from outside and the smtp port is needed on the host as well.

Since I am quite new to VBox I am trying to get things done as "root", I'll try with another user once I am able to have my VMs running ...

Thanks a lot for your help! Luca

comment:4 Changed 6 years ago by andrex

I just upgraded to kernel 2.6.25, and I'm no longer able to reproduce this problem. Members of the vboxusers group can start the VM, and host interface networking works fine.

comment:5 Changed 6 years ago by andrex

I'm now using VirtualBox 1.6.4. I now have two VMs, both using host interface networking, connected to the same bridge:

$ brctl show lan
bridge name     bridge id               STP enabled     interfaces
lan             8000.00161711ac84       no              lan0
                                                        vbox-TinyXP
                                                        vbox-Win2K

The problem now occurs on one of the two VMs:

VM name Guest OS Interface name Works for ordinary user?
Win2K Win2K vbox-Win2K Yes
TinyXP none yet vbox-TinyXP No

So, host-only networking:

  • works for ordinary users (in the virtualbox group) with only some interfaces.
  • always works for root.
  • used to not work on the vbox-Win2K interface, but started working at some point, maybe coincidentally when I upgraded my kernel.

This sure reads like some kind of permission problem on the host interfaces, but I don't know what that would be. I'm not able to find any information about any such permissions.

$ ls -l /dev/net/tun
crw-rw---- 1 root vboxusers 10, 200 2008-08-30 13:38 /dev/net/tun

Thanks, Andrew.

comment:6 Changed 6 years ago by andrex

This problem is still present in version 2.0.0.

Can someone please update the version field in the ticket? I'm not able to do that. Thanks, Andrew.

comment:7 Changed 6 years ago by jennic

I am having the same problem.

VirtualBox 2.0.2_OSE running on fully patched Slackware Linux 12.1 running a 2.6.27 kernel.

I have no problems whatsoever creating the TAP device:

10:28:32 vboxhost:~$ /etc/rc.d/rc.tap start Starting TAP: tap0 Set 'tap0' persistent and owned by uid 0 gid 215

crw-rw-rw- 1 root vboxusers 10, 200 2008-10-14 17:40 /dev/net/tun

But if anyone but root tries to start a guest OS (in fact, this is without even a guest OS, this is with an untouched fresh VBox disk), the following log is produced:

00:04:10.815 VirtualBox 2.0.2_OSE r12420 linux.x86 (Oct 14 2008 09:21:28) release log 00:04:10.815 Log opened 2008-10-15T09:28:51.096351000Z 00:04:10.815 OS Product: Linux 00:04:10.815 OS Release: 2.6.27-smp-vboxhost 00:04:10.815 OS Version: #1 SMP Mon Oct 13 17:22:15 BST 2008 00:04:10.820 Your keyboard layout does not appear to fully supported by 00:04:10.820 VirtualBox. If you would like to help us improve the product, 00:04:10.820 please submit a bug report and attach this logfile. 00:04:10.820 00:04:10.820 The correct table for your layout is: 00:04:10.820 "`\xac","1!","2\"","3\xa3","4$","5%","6","7&","8*","9(","0)","-_","=+", 00:04:10.820 "qQ","wW","eE","rR","tT","yY","uU","iI","oO","pP","[{","]}", 00:04:10.820 "aA","sS","dD","fF","gG","hH","jJ","kK","lL",";:","'@","#~", 00:04:10.820 "zZ","xX","cC","vV","bB","nN","mM",",<",".>","/?","\|","\x0\x0","\x0\x0" 00:04:10.821 00:04:10.832 SUP: Loaded VMMR0.r0 (/usr/lib/virtualbox/VMMR0.r0) at 0xfa7f9060 - ModuleInit at fa8065f0 and ModuleTerm at fa8065b0 00:04:10.832 SUP: VMMR0EntryEx located at fa806370, VMMR0EntryFast at fa806640 and VMMR0EntryInt at fa8059d0 00:04:10.871 Failed to open the host network interface tap0 00:04:10.871 ERROR [COM]: aRC=NS_ERROR_FAILURE (0x80004005) aIID={d5a1cbda-f5d7-4824-9afe-d640c94c7dcf} aComponent={Console} aText={Failed to open the host network interface tap0} aWarning=false, preserve=false 00:04:10.874 ERROR [COM]: aRC=NS_ERROR_FAILURE (0x80004005) aIID={d5a1cbda-f5d7-4824-9afe-d640c94c7dcf} aComponent={Console} aText={Failed to initialize Host Interface Networking. 00:04:10.874 VBox status code: -3100 (VERR_HOSTIF_INIT_FAILED)} aWarning=false, preserve=false 00:04:10.883 Power up failed (vrc=VERR_HOSTIF_INIT_FAILED, hrc=NS_ERROR_FAILURE (0X80004005))

comment:8 follow-up: ↓ 9 Changed 6 years ago by andrex

Problem persists in version 2.0.2. Can someone please update the version field in the ticket?

Also, jennic is right, the problem happens even before any OS is installed, with a fresh VBox disk. In my case it happens with some interfaces, but not with one.

Thanks, Andrew.

comment:9 in reply to: ↑ 8 Changed 6 years ago by bello

I have the same problem, but managed to deal with it. Apparently, being a member of group vboxusers is not enough. When I start VirtualBox from the command line (I'm using Debian Linux, BTW), I get the following error when trying to start a VM:

Failed to initialize Host Interface Networking. VBox status code: -3100 (VERR_HOSTIF_INIT_FAILED).

However, if I issue 'newgrp vboxusers' before starting VirtualBox, everything works fine. Furthermore, if after 'newgrp vboxusers' I issue 'newgrp whateverothergroup', the problem returns. I think this is a bug in VirtualBox.

comment:10 Changed 6 years ago by frank

bello, please add the current user permanently to the group vboxusers. This is explained in the user manual.

comment:11 Changed 6 years ago by jennic

frank, in each case we have ensured that the user in question is a member of the vboxusers group, including bello when he says "Apparently, being a member of group vboxusers is not enough".

I did see mention somewhere of there possibly being an issue with the way the kernel handles permissions and why it is hard to debug because the kernel holds permissions in memory only, but I can't remember where I saw it. It might make sense that for some reason the kernel is not picking up the group membership correctly and so using the newgrp command might be a method of forcing the kernel to pick this information up.

Thank you for the suggestion bello, I will try it when I get to work tomorrow and report back to see if it solves the problem.

comment:12 Changed 6 years ago by frank

Right, I missed that part. Which Linux distribution is that? I assume that you are not trying to start VBox as root, am I correct?

comment:13 Changed 6 years ago by andrex

OK, this is bizarre.  It does not make sense.  But to my amazement, it's true.

$ whoami
andrex

$ groups
parents dialout cdrom floppy tape audio dip backup video plugdev staff 
users lpadmin scanner camera fuse drupaldev ckdev vboxusers

$ VirtualBox
[ start VM -> fails with VERR_HOSTIF_INIT_FAILED ]

$ newgrp vboxusers

$$ groups
vboxusers dialout cdrom floppy tape audio dip backup video plugdev staff 
users lpadmin scanner camera fuse drupaldev ckdev parents

$$ VirtualBox
[ start VM -> succeeds! ]

I'm going to hazard a guess here:  VirtualBox is only checking the first element of the user's group vector.  In the first case above it's not vboxusers, and access to the interface is denied.  In the second case it is vboxusers, and access succeeds.

Nice catch, bello. Andrew.

comment:14 Changed 6 years ago by frank

I still would like to know which Linux distribution we are talking about. And no, VirtualBox is not checking any group vector. It just tries to open /dev/net/tun which either succeeds or fails.

comment:15 Changed 6 years ago by andrex

OK. Mine is Debian, with a custom 2.6.26 kernel. I'm attaching my kernel config.

Changed 6 years ago by andrex

Kernel config for custom 2.6.26 kernel

comment:16 Changed 6 years ago by jennic

As above, I'm running Slackware 12.1 with a custom 2.6.27 kernel that is very similar to the stock Slackware generic kernel + defaults from make oldconfig but with dynticks etc. enabled to allow for PowerTOP.

Kernel config attached.

It should be noted that there is some precedent for this type of behaviour. In a Solaris 7 environment still running here, access permissions are only checked against the first 8 groups, if the relevant group is not found in the first 8, then access is denied.

Changed 6 years ago by jennic

2.6.27 kernel configuration

comment:17 Changed 6 years ago by michael

Could those experiencing this problem try executing

touch /dev/net/tun

to see whether or not this produces an error?

comment:18 Changed 6 years ago by jennic

No error for me.

However, I'm looking into the possibility that my problem may be unrelated having not first used VBoxAddIF to add the tap interface to the VirtualBox config. I have suddenly come across this instruction having not previously seen it in any setup documentation I've seen so far.

comment:19 Changed 6 years ago by andrex

No error for me.

$ whoami
andrex

$ ls -l /dev/net/tun
crw-rw---- 1 root vboxusers 10, 200 2008-09-10 17:23 /dev/net/tun

$ touch /dev/net/tun

$ ls -l /dev/net/tun
crw-rw---- 1 root vboxusers 10, 200 2008-10-16 04:10 /dev/net/tun

comment:20 Changed 6 years ago by jennic

Ok, I can confirm that adding VBoxAddIF to the end of my start script does indeed solve my problem, but I don't think newgrp did. I may perhaps be experiencing a different issue.

If anyone might be able to clarify, I am attaching my rc.tap file that is my initialisation script for my bridged interface.

By the way, I am also very unclear as to why a username must be provided for use of the bridge. Surely it would be possible to provide a group name? Currently, if I wanted to provide another user access to the bridge, I would have to replace the username in the init script...(!)

Changed 6 years ago by jennic

comment:21 Changed 6 years ago by bello

I am using Debian testing (Lenny), with a 2.6.26 kernel straight from the distribution (Debian package linux-image-2.6.26-1-686, version 2.6.26-5), and I have access to /dev/net/tun:

$ ls -l /dev/net/tun crw-rw---- 1 root vboxusers 10, 200 Out 16 08:52 /dev/net/tun $ touch /dev/net/tun $ ls -l /dev/net/tun crw-rw---- 1 root vboxusers 10, 200 Out 16 09:00 /dev/net/tun

Group vboxusers is #5 on my list. Running VBoxAddIF before VirtualBox does not help:

$ sudo VBoxAddIF vbox0 -g vboxusers br0 VirtualBox host networking interface creation utility, version 1.6.2_OSE (C) 2005-2007 Sun Microsystems, Inc. All rights reserved.

Creating the permanent host networking interface "vbox0" for group vboxusers. $ VirtualBox # (VERR_HOSTIF_INIT_FAILED when trying to run the VM) $ newgrp vboxusers $ VirtualBox # (runs OK) $ newgrp $ VirtualBox # (VERR_HOSTIF_INIT_FAILED when trying to run the VM)

Would it be possible to make VirtualBox change to group vboxusers before trying to open /dev/net/tun?

comment:22 Changed 6 years ago by bello

Sorry about the last post. Forgot to format it properly:

I am using Debian testing (Lenny), with a 2.6.26 kernel straight from the distribution (Debian package linux-image-2.6.26-1-686, version 2.6.26-5), and I have access to /dev/net/tun:

  $ ls -l /dev/net/tun
  crw-rw---- 1 root vboxusers 10, 200 Out 16 08:52 /dev/net/tun
  $ touch /dev/net/tun
  $ ls -l /dev/net/tun
  crw-rw---- 1 root vboxusers 10, 200 Out 16 09:00 /dev/net/tun

Group vboxusers is #5 on my list. Running VBoxAddIF before VirtualBox does not help:

  $ sudo VBoxAddIF vbox0 -g vboxusers br0
  VirtualBox host networking interface creation utility, version 1.6.2_OSE
  (C) 2005-2007 Sun Microsystems, Inc.
  All rights reserved.
  
  Creating the permanent host networking interface "vbox0" for group vboxusers.
  $ VirtualBox  # (VERR_HOSTIF_INIT_FAILED when trying to run the VM)
  $ newgrp vboxusers
  $ VirtualBox  # (runs OK)
  $ newgrp
  $ VirtualBox  # (VERR_HOSTIF_INIT_FAILED when trying to run the VM)

Would it be possible to make VirtualBox change to group vboxusers before trying to open /dev/net/tun?

comment:23 Changed 6 years ago by frank

jennic, back to your problem: Of course you should use VBoxAddIF. Your original posting from 10/15/08 showed that the TAP device was successfully created and owned by uid 0 which means owned by root of course. If you use VBoxAddIF then the TAP interface is assigned to the correct user.

To bello and andrex: I still was not able to reproduce your problem. I just tested 2.0.2 on Debian/Sid with Linux 2.6.26.6 (self-compiled kernel) and everything was fine as it should. It does not matter for me at which position vboxusers is placed in the groups list.

comment:24 Changed 6 years ago by andrex

frank, thanks for looking into this. Maybe a diff of my and bello's kernel configs against yours would suggest a suspect?

comment:25 Changed 6 years ago by bello

I don't think the problem is with /dev/net/tun or /dev/vboxdrv:

$ ls -l /dev/net/tun /dev/vboxdrv
crw-rw---- 1 root vboxusers 10, 200 Out 16 09:00 /dev/net/tun
crw-rw---- 1 root vboxusers 10,  60 Out 15 15:43 /dev/vboxdrv
$ VirtualBox  # (VERR_HOSTIF_INIT_FAILED when trying to run the VM)
$ sudo chown bello /dev/net/tun /dev/vboxdrv
$ ls -l /dev/net/tun /dev/vboxdrv
crw-rw---- 1 bello vboxusers 10, 200 Out 16 09:00 /dev/net/tun
crw-rw---- 1 bello vboxusers 10,  60 Out 15 15:43 /dev/vboxdrv
$ VirtualBox  # (VERR_HOSTIF_INIT_FAILED when trying to run the VM)
$ sudo chmod 666 /dev/net/tun /dev/vboxdrv
$ ls -l /dev/net/tun /dev/vboxdrv
crw-rw-rw- 1 bello vboxusers 10, 200 Out 16 09:00 /dev/net/tun
crw-rw-rw- 1 bello vboxusers 10,  60 Out 15 15:43 /dev/vboxdrv
$ VirtualBox  # (VERR_HOSTIF_INIT_FAILED when trying to run the VM)
$ newgrp vboxusers
$ VirtualBox  # (runs OK)

I think the problem is somewhere else. Not even if I own the files and they are world-writable does it work. However, changing the order of groups solves the problem.

comment:26 Changed 6 years ago by andrex

Agreed.

bello and frank, can you please post your kernel configs here, so we can compare them to mine? It seems likely that the problem is due to some kernel feature that both bello and I have enabled and frank has disabled, or vice versa.

comment:27 Changed 6 years ago by frank

Currently I can't because I don't have my installation handy. I had a short look at your configuration this afternoon and did not saw any relevant differnces except perhaps CONFIG_AUDIT. But this was only a short look. But bello, please could you do the following:

$ sudo chmod u+s /usr/bin/strace
$ strace -f -s128 -o log /usr/lib/virtualbox/VirtualBox -startvm VM_NAME

and attach the resulting file log? The strace binary has to setuid root otherwise it will not be possible to strace the VirtualBox process.

comment:28 Changed 6 years ago by michael

bello: might the problem be that your tap interfaces (vbox0/tap0/whatever) are owned by the group vboxusers?

Changed 6 years ago by bello

Kernel configuration - bello

comment:29 Changed 6 years ago by bello

I attached my current kernel configuration. I should have said this earlier, but I am running version 1.6.2_OSE, which is not the latest version. What version are andrex and jennic running? Debian just put out 1.6.6, but the kernel module package virtualbox-ose-modules-2.6.26-1-686 (version 2.6.26+1.6.2-dfsg-4) was not updated, so after upgrading to 1.6.6 (about an hour ago) I had to downgrade back to 1.6.2. I wonder if the problem occurs with recent versions of VirtualBox.

michael: I think the tap interface is supposed to be owned by group vboxusers.

frank: strace didn't work:

$ strace -f -s128 -o log /usr/lib/virtualbox/VirtualBox -startvm Win98
/usr/lib/virtualbox/VirtualBox: error while loading shared libraries: VBoxKeyboard.so: cannot open shared object file: No such file or directory

comment:30 Changed 6 years ago by frank

Andrex, could you help out with an strace dump of VirtualBox 2.0.2?

bello, I was assuming that you are using the 2.0.2 release. With 1.6.2 please do

LD_LIBRARY_PATH=/usr/lib/virtualbox strace -f -s128 -o ~/log /usr/lib/virtualbox/VirtualBox -startvm Win98

Please could you all post the content of your /etc/vbox/interfaces file?

comment:31 Changed 6 years ago by frank

Andrex, the strace dump of course when it fails for you.

comment:32 Changed 6 years ago by bello

Still the same problem:

$ LD_LIBRARY_PATH=/usr/lib/virtualbox strace -f -s128 -o ~/log /usr/lib/virtualbox/VirtualBox -startvm Win98
/usr/lib/virtualbox/VirtualBox: error while loading shared libraries: VBoxKeyboard.so: cannot open shared object file: No such file or directory

Although this works (and then fails with VERR_HOSTIF_INIT_FAILED):

$ LD_LIBRARY_PATH=/usr/lib/virtualbox /usr/lib/virtualbox/VirtualBox -startvm Win98

Here's my /etc/vbox/interfaces:

vbox0 +vboxusers br0

comment:33 follow-up: ↓ 34 Changed 6 years ago by frank

  • Summary changed from won't open host network interface to won't open host network interface => change TAP group setting

bello, thanks. That was helpful. Actually the problem is your +vboxusers setting. We were not aware that a group setting of a TAP device denotes the primary group. But this is indeed forced by the Linux kernel. So change +vboxusers to the user name which is starting vbox (without '+') and it should work. I assume that's the case for andrex as well.

Summary: If a tap device is assigned to a group, that must be the primary group. The next major release will make this problem obsolete as we will change the rules a bit. Note that starting with 2.0.0, VirtualBox is started setuid root...

comment:34 in reply to: ↑ 33 Changed 6 years ago by andrex

Replying to frank:

We were not aware that a group setting of a TAP device denotes the primary group. But this is indeed forced by the Linux kernel.

OK, I didn't know that either. Strange, but I guess there must be a good reason.

So change +vboxusers to the user name which is starting vbox (without '+') and it should work. I assume that's the case for andrex as well.

So far I'm not able to confirm this. I've deleted the interface and recreated it owned by andrex, and so far I still get the error. Let me keep working on this for a bit though. Any other restart needed?

The next major release will make this problem obsolete as we will change the rules a bit.

Not sure how you'll do that, but I'll look forward to the fix. Note that I'm trying to work out a way to share VMs, and group ownership of the interface seems to be an important part of that (though I haven't fully figured out how to do it yet).

Note that starting with 2.0.0, VirtualBox is started setuid root...

Not on my box:

$ lw VirtualBox
lrwxrwxrwx 1 root root    4 2008-09-13 11:54 /usr/bin/VirtualBox -> VBox*
-rwxr-xr-x 1 root root 2384 2008-09-12 11:49 VBox*

and I use the .deb from virtualbox.org. Actually I really hope you don't do this-- the current problem aside, VirtualBox works now without SUID root, and changing to SUID root would be a step backwards. But that's another bug report I guess.

Thanks, Andrew.

comment:35 Changed 6 years ago by frank

Have a look at VBox and you will find out that this is just a shell script calling the executable /usr/lib/virtualbox/VirtualBox. And this one is setuid root. Yes, a restart might be required as the script in `/etc/init.d/vboxnet has to create the tap device with the correct ownership. You might want to check the script yourself and create the tap device yourself with the correct permission during tests.

Regarding setuid in general: This isn't a step backward. Note that the binary /usr/bin/virtualbox/VirtualBox is just a small stub which checks the integrity of the required libraries before starting the real application. Then the /dev/vboxdrv device is opened and finally the privileges are dropped. And then (with limited privileges) the real binary is loaded and the real application starts. Actually this is a step forwards not backwards as this increases the security. But I don't want to discuss this in this defect.

comment:36 Changed 5 years ago by frank

  • Status changed from new to closed
  • Resolution set to fixed

Host networking changed completely with VirtualBox 2.1.0 and VirtualBox 2.2.0.

comment:37 Changed 5 years ago by andrex

Agreed-- this problem has disappeared in 2.1.0, and networking has become much simpler besides. Thanks, and sorry I didn't follow up sooner to report the problem as fixed.

Note: See TracTickets for help on using tickets.

www.oracle.com
ContactPrivacy policyTerms of Use