http://bugzilla.opensuse.org/show_bug.cgi?id=1041117 Bug ID: 1041117 Summary: VirtualBox as a default user: needs extra permissions, USB passthru security risk, missing /dev/vboxdrv Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Virtualization:Tools Assignee: virt-bugs@suse.de Reporter: moritzrakow@web.de QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Created attachment 726708 --> http://bugzilla.opensuse.org/attachment.cgi?id=726708&action=edit USB passthru warning on VirtualBox start ## Overview Starting a virtual machine does not work out of the box. In the default config, the user needs extra privileges (vboxusers), there is a USB passthru security issue, and the virtual machine does not start because of a missing kernel module. ## Steps to reproduce 1. install the virtualbox package. 2. Attempt to start virtualbox. 3. Add yourself to the vboxusers group. 4. Log out, log back in again. 3. Start virtualbox a second time, and click away the security warning about USB passthru. It links to Bug 664520. 4. Create a virtual machine, e.g. with the Leap 42.3 Beta Net ISO. 5. Try to start the virtual machine. ## Actual results By default, the user is not permitted to run VirtualBox. Not sure if this is intended behaviour, but the user has to take additional steps to even start the application. The message about the USB security hole pops up (screenshot attached), but rather than pressing enable/disable USB, the only button is "OK". The default choice is to accept the security risk and do nothing. The message ends with an encouraging "This message will not be seen again!". The recommendation is to edit /etc/udev/rules.d/60-vboxdrv.rules but the user has not the permissions to do so. Should the default behaviour not be to avoid the security risk, with an option somewhere to *enable* USB passthru? Should a warning message like this not be able to be shown a second time and the information be displayed next to the relevant settings option? Then, there is an error when starting the virtual machine:

The VirtualBox Linux kernel driver (vboxdrv) is either not loaded or there is a permission problem with /dev/vboxdrv. Please reinstall the kernel module by executing '/sbin/vboxconfig' as root.

/dev/vboxdrv does not exist. ## Expected result A user will by default be allowed to start VirtualBox. The default configuration will be to avoid the USB passthru security risk, with an explanation for those choosing to *opt in*. It should not require root privileges to opt out of a security risk, in this case by editing /etc/udev/rules.d/60-vboxdrv.rules Starting a virtual machine will not fail because something else needs to be installed. ## Build and hardware USB/DVD iso on 64bit laptop, updated to build 0253. ## Additional comments Maybe there are good reasons to not include users by default in the vboxusers group and to enable USB passthru. Regardless, the warning message is not very useful, advocating one thing (disable USB passthru), but making the opposite the default which is not easy to change. -- You are receiving this mail because: You are on the CC list for the bug.