From owner-freebsd-questions@freebsd.org Wed Sep 29 19:08:05 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0E61C679918 for ; Wed, 29 Sep 2021 19:08:05 +0000 (UTC) (envelope-from dalescott@shaw.ca) Received: from omta002.cacentral1.a.cloudfilter.net (omta002.cacentral1.a.cloudfilter.net [3.97.99.33]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HKQr46N5Lz4jtp; Wed, 29 Sep 2021 19:08:04 +0000 (UTC) (envelope-from dalescott@shaw.ca) Received: from shw-obgw-4001a.ext.cloudfilter.net ([10.228.9.142]) by cmsmtp with ESMTP id Vc8jmNep3ps7PVew0mDLx2; Wed, 29 Sep 2021 19:08:04 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=shaw.ca; s=s20180605; t=1632942484; bh=S1BoCAXk9RA/H8GpHSDywgdpKHYhHbxHYdUUIfOcsfI=; h=Date:From:To:Cc:In-Reply-To:References:Subject; b=GL7Y9mUbBtxPYEgJDsI/U0WC5tiwFdR262aNefgdXfHFWB2di/czARE9Z0Br4Xcin 1I8ZS6nFntcypDv2vXbaJtezlj1SVaeHzfHZ/ubsLWePwG0a+9pqfZk4I7OQwxzFD6 OLdSqouZS4rFEh2YFmMxDPh3dwosCDp7RDEGrIubEs4YNKxe9pCnGmFEC1BivlBFrY qesE0sbigSGNVpeDLOlbR9kcK/UuETboDhRpCse4Ka/oLe59z/71zVAGxjSlRhg/2M ihd3uWKT5TLShe7eqmapiq6tXDLnPRyFl9tPpgaRZZmXRp5Anga2xcrixdUWFo9BAh cyPO0T9plVQqw== Received: from cds220.dcs.int.inet ([64.59.134.6]) by cmsmtp with ESMTP id VevzmeDw8U9pxVevzmrllm; Wed, 29 Sep 2021 19:08:04 +0000 X-Authority-Analysis: v=2.4 cv=Bbi7bph2 c=1 sm=1 tr=0 ts=6154b994 a=9zdlX7M534QhL7mOrorEvQ==:117 a=FKkrIqjQGGEA:10 a=on0NmgUIp3IA:10 a=IkcTkHD0fZMA:10 a=5mcg790sAAAA:8 a=6I5d2MoRAAAA:8 a=_pxgbcHMAAAA:8 a=jJSEoD67AAAA:8 a=zWynsvDfuWc8EsIIisgA:9 a=QEXdDO2ut3YA:10 a=uQeDYW1NI25gHNlrW_eK:22 a=IjZwj45LgO3ly-622nXo:22 a=Wq6Fn18McuFsL2SXrvNs:22 a=XYRPOkugSPYE58mp8SVz:22 Date: Wed, 29 Sep 2021 13:08:03 -0600 (MDT) From: Dale Scott To: Bernhard =?utf-8?Q?Fr=C3=B6hlich?= Cc: Mario Lobo , freebsd-questions , freebsd-virtualization@freebsd.org Message-ID: <650834006.36091303.1632942483218.JavaMail.zimbra@shaw.ca> In-Reply-To: References: Subject: Re: Running VirtualBox as non-root user MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Originating-IP: [162.223.103.50, 162.223.103.50] X-Mailer: Zimbra 8.8.15_GA_4125 (ZimbraWebClient - GC94 (Win)/8.8.15_GA_3968) Thread-Topic: Running VirtualBox as non-root user Thread-Index: iMnxaAImQO0KERWEoUesqZWS04v55Q== X-CMAE-Envelope: MS4xfAdwUhMKiQNhuw3Vq3kkKWP9AHK9Uv8OoxXoILxyjmT/R6GxLk4VVRD9wSjDAjfcyoxK/aqXwbBCnL+CSZgjsqGMBgdNuhyt0DaGFvn6E/hryq7OQxJ0 jjIneR+224ZXvo9VtRAkPOCz7jPAumMwqFXXk/7JuAoLQoWRhsERxjWEzcXztvQWO8PVbLQ0WiwqzePfK5vuhpPBmdA5umYgyRaQ6VuWUM56VvNmd51NJ8Il eaASxK8O8tFvE3AIx3fKQJU6IydM2sMKioKQcvgzf8LpJX281LCTSWYMBKThihwcG7xxYtFF6ByPxgbPwjxV8Q== X-Rspamd-Queue-Id: 4HKQr46N5Lz4jtp X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Sep 2021 19:08:05 -0000 I don't have a solution, but I can report I'm happily running virtualbox-os= e headless as a non-root user (me, the vm's are stored in my user directory= ) using phpvirtualbox served by Apache. dale@whizzer:~ % sudo pkg info | grep virtual phpvirtualbox-6.1 AJAX Web Interface for VirtualBox virtualbox-ose-kmod-6.1.22_1 VirtualBox kernel module for FreeBSD virtualbox-ose-nox11-6.1.22_2 General-purpose full virtualizer for x86 har= dware dale@whizzer:~ % uname -a FreeBSD whizzer.dalescott.net 12.2-RELEASE-p7 FreeBSD 12.2-RELEASE-p7 GENER= IC amd64 dale@whizzer:~ % Good luck, Dale ----- Original Message ----- > From: "Bernhard Fr=C3=B6hlich" > To: "Mario Lobo" > Cc: "freebsd-questions" , freebsd-virtuali= zation@freebsd.org > Sent: Wednesday, September 29, 2021 12:17:18 PM > Subject: Re: Running VirtualBox as non-root user > On Wed, Sep 29, 2021 at 8:01 PM Mario Lobo wrote: >> >> Hi; >> >> Here is what I've done so far: >> >> - Created user vbox and put it in vboxuser group >> - Went as far as chown -R vbox:vboxuser /usr/local/lib/virtualbox >> - Executables are with the SUiD bit set >> -r-s--x--- 1 vbox vboxusers 32064 Sep 21 22:18 VBoxSDL >> -r-s--x--- 1 vbox vboxusers 16064 Sep 21 22:18 VBoxNetAdpCtl >> -r-s--x--- 1 vbox vboxusers 32064 Sep 21 22:18 VBoxNetDHCP >> -r-s--x--- 1 vbox vboxusers 32064 Sep 21 22:18 VBoxNetNAT >> -r-s--s--- 1 vbox vboxusers 32352 Sep 22 17:55 VirtualBoxVM >> >> - Imported a test VM >> - Ran the VM as root to make sure it's working >> - started VirtualBox as user vbox, and it starts fine >> >> VirtualBox GUI starts fine as user vbox but when I try to start the test= VM >> from it, I get: >> >> Effective UID is not root (euid=3D1001 egid=3D920 uid=3D1001 gid=3D1001)= (rc=3D-10) >> where: SUPR3HardenedMain what: 2 VERR_PERMISSION_DENIED (-10) - Permissi= on >> denied. >> >> Starting it from VirtualBoxVM --startvm test issues the same error: >> >> VirtualBoxVM: Error -10 in SUPR3HardenedMain! >> VirtualBoxVM: Effective UID is not root (euid=3D1001 egid=3D920 uid=3D10= 01 >> gid=3D1001) >> where: SUPR3HardenedMain >> what: 2 >> VERR_PERMISSION_DENIED (-10) - Permission denied. >> >> Any pointer for anything else I should be doing or is missing? >=20 > Puh it's been a long time for me but from what I read there are two thing= s that > sound problematic to me. >=20 > 1) vbox uses something that they call "hardening" which does some checks > in addition to the suid/sgid bits. Changing permissions and/or > user/group is asking > for trouble! I'd recommend to reinstall the vbox package in that case. Th= e > instructions in the handbook should be enough. >=20 > pw groupmod vboxusers -m yourusername >=20 > 2) Starting a VM as root is definitely not a good idea either. The > problem is that > vbox it will create some temporary files/directories as root somewhere > under /tmp > or was it /var? When the VM is stopped the directories are left and you w= on't be > able to write to them as user afterwards. If the VM is not running it > should be okay > to just delete them but please have a look at the content first to make s= ure. >=20 > -- > Bernhard Froehlich > http://www.bluelife.at/ > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg"