Mailinglist Archive: opensuse-factory (396 mails)
| < Previous | Next > |
[opensuse-factory] virtualbox from suse repo + usb support
- From: Michal Šebeň <mseben@xxxxxxxxx>
- Date: Thu, 20 Jan 2011 09:21:46 +0100
- Message-id: <AANLkTikJgmr8rPYJJ7MUHmUzR0E7h1gk6psfDjU7oZg8@mail.gmail.com>
hi folks,
as you might know, since virtualbox 4.0.0 "usb guest support" feature
is now open source code,
but during tests i found the problem : virtualbox needs full access to
usb nodes, which of course, could lead to serious security problem
(see bnc#664520 for details) - this means that (currently) virtualbox
(provided by suse) doesn't have usb guest support enabled, by default
as a workaround I added comment with two udev lines, which creates usb
nodes in /dev/vboxusb/ dir with r/w access for vboxusers group (which
feeds the virtualbox's needs), so after enabling these two lines (in
/etc/udev/rules.d/60-vboxdrv.rules) , your attached usb devices will
be available also in virtualized guest system, but please keep in mind
this could be real security problem !
JFYI how Oracle's virtualbox rpm deal with this situation
(unacceptable due to possible security issue - basically they do the
same as we with our two line comment in .rules file):
- in post install of specfile : udev rule is added,
http://www.virtualbox.org/browser/trunk/src/VBox/Installer/linux/rpm/VirtualBox.tmpl.spec#L239
- this udev rule is triggered if usb device is added/removed - and it
call VBoxCreateUSBNode.sh script
http://www.virtualbox.org/browser/trunk/src/VBox/Installer/linux/VBoxCreateUSBNode.sh
- VBoxCreateUSBNode.sh (build /dev/vboxusb dir with usb devices and
grand acces to $group) || (destroy /dev/vboxusb device)
bye
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
as you might know, since virtualbox 4.0.0 "usb guest support" feature
is now open source code,
but during tests i found the problem : virtualbox needs full access to
usb nodes, which of course, could lead to serious security problem
(see bnc#664520 for details) - this means that (currently) virtualbox
(provided by suse) doesn't have usb guest support enabled, by default
as a workaround I added comment with two udev lines, which creates usb
nodes in /dev/vboxusb/ dir with r/w access for vboxusers group (which
feeds the virtualbox's needs), so after enabling these two lines (in
/etc/udev/rules.d/60-vboxdrv.rules) , your attached usb devices will
be available also in virtualized guest system, but please keep in mind
this could be real security problem !
JFYI how Oracle's virtualbox rpm deal with this situation
(unacceptable due to possible security issue - basically they do the
same as we with our two line comment in .rules file):
- in post install of specfile : udev rule is added,
http://www.virtualbox.org/browser/trunk/src/VBox/Installer/linux/rpm/VirtualBox.tmpl.spec#L239
- this udev rule is triggered if usb device is added/removed - and it
call VBoxCreateUSBNode.sh script
http://www.virtualbox.org/browser/trunk/src/VBox/Installer/linux/VBoxCreateUSBNode.sh
- VBoxCreateUSBNode.sh (build /dev/vboxusb dir with usb devices and
grand acces to $group) || (destroy /dev/vboxusb device)
bye
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
| < Previous | Next > |