VirtualBox

Ticket #3143 (closed defect: fixed)

Opened 5 years ago

Last modified 4 years ago

VirtualBox 2.1.2 kills USB printing via hplip on OpenSUSE 11.1 -> fixed in SVN

Reported by: birefringence Owned by:
Priority: critical Component: USB
Version: VirtualBox 2.1.2 Keywords:
Cc: Guest type: other
Host type: Linux

Description

Starting with version 2.1.2 VirtualBox changes the group of all devices under /dev/bus/usb/ to "vboxusers". This change seems to be in effect after installing the RPM package and is independent of whether VirtualBox is actually running or not. For printing to work, the printer device has to be writable by the group "lp".

Change History

comment:1 Changed 5 years ago by birefringence

More specifically: VirtualBox effectively overwrites the settings specified /lib/udev/rules.d/50-udev-default.rules

comment:2 Changed 5 years ago by birefringence

I found the culprit: It's the file /etc/udev/rules.d/60-vboxdrv.rules

comment:3 Changed 5 years ago by frank

This behavior is intended as we actually don't know how to handle this correctly. On one hand, a user wishes to access every USB device from his VM. Therefore this udev rule was introduced. On the other hand, it should be possible to keep the original access rules for USB devices.

Any hint is appreciated. This behavior can be adapted by changing/removing these two USB udev rules.

comment:4 Changed 5 years ago by birefringence

Is it possible to use HAL instead of udev for the permissions? As far as I understand, HAL e.g. gives write permissions for USB drives to local users via ACLs.

comment:5 Changed 5 years ago by michael

  • Summary changed from VirtualBox 2.1.2 kills USB printing via hplip on OpenSUSE 11.1 to VirtualBox 2.1.2 kills USB printing via hplip on OpenSUSE 11.1 -> fixed in SVN

This should be fixed in SVN by lowering the priority of the VirtualBox udev rule. I'm not sure if giving access to all USB devices to everyone at the console would be a good thing - currently you have to explicitly make a user a member of the vboxusers group to give them access, which does give a certain amount of control over it. What do you think?

comment:6 Changed 5 years ago by birefringence

Ok, giving write access to everyone is really not a good idea. I guess, it's not possible to give write access to the vboxusers group via ACLs? That would allow more flexibility ...

comment:7 Changed 5 years ago by michael

Quite possibly, I just don't know much about this yet. Do you know anything about it, or have any good pointers to information?

comment:8 Changed 5 years ago by woro

Hmm, wondering what the *best* solution is but probably an ACL rule allowing vboxusers access to all USB devices is an option.

I _think_ that can be done using udev rules similar to this: SUBSYSTEM=="usb_device", RUN+="/sbin/udev.vbox.sh" SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", RUN+="/sbin/udev.vbox.sh"

/sbin/udev.vbox.sh: if test -n "${DEVICE}"; then

/usr/bin/setfacl -m g:vboxusers:rw ${DEVICE}

fi

Selective ACL settings are nowadays done using hal together with policykit but in case where every USB device should be accessible by a certain group the above could probably work. That's completely untested though and for example /usr/bin/setfacl looks problematic since it's probably not available in time but it probably helps.

comment:9 Changed 5 years ago by frank

In version 2.1.4 we moved the udev rule more to the beginning of the list decreasing the priority. Waiting for more feedback.

comment:10 Changed 5 years ago by sandervl73

  • Status changed from new to closed
  • Resolution set to fixed
Note: See TracTickets for help on using tickets.

www.oracle.com
ContactPrivacy policyTerms of Use