[Bug 669055] New: Virtual Box's DHCP Server fails with Internal Network adapter setting for VMs
https://bugzilla.novell.com/show_bug.cgi?id=669055 https://bugzilla.novell.com/show_bug.cgi?id=669055#c0 Summary: Virtual Box's DHCP Server fails with Internal Network adapter setting for VMs Classification: Internal Novell Products Product: openSUSE Build Service Version: master Platform: i686 OS/Version: openSUSE 11.3 Status: NEW Severity: Normal Priority: P5 - None Component: build process AssignedTo: mls@novell.com ReportedBy: cshorler@googlemail.com QAContact: adrian@novell.com Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.2.13) Gecko/20101203 SUSE/3.6.13-0.2.1 Firefox/3.6.13 - Virtual Box 4.0.2 (From Factory or Build Service), this may also happen with v3 as included with openSUSE 11.3 - I haven't tested that. - VM based on openSUSE 11.3 (although I doubt that makes any difference given the nature of the problem). Reproducible: Always Steps to Reproduce: To reproduce: - Use VBoxManage to set up a DHCPServer for "intnet" (this is essential) (I used private range 10.0.0.2 - 10.0.0.254, ip of DHCP 10.0.0.1, netmask/24) - Create a VM (I used an image I have on SUSE Studio) - Ensure the VM is configured to Internal Network (intnet), not NAT - Start the VM and configure the guest OS for DHCP Actual Results: DHCPCD never acquires an IP. Cause / Solution: Look at the running processes on the host - the IPC is failing for the DHCP Server and the guest is not getting it's DHCP allocated IP. The problem is due to wrong permissions of the binary that is launched via IPC. The VBoxSVC starts VBoxNetDHCP which promptly becomes a zombie! If you browse the source code to src/VBox/NetworkServices/DHCP you'll find the cause of the problem. Because we are compiling with 'Hardened security' this binary (VBoxNetDHCP) needs to be SetUID (Similar to some of the other binarys). The reason it works when the adapter is set to NAT is because the implementation code is called directly from a binary that is SetUID in that case. I've tested setting the permissions to 4750 and it seems to work. Also, I think that /etc/permissions.easy and secure would need amending so chkconfig would work correctly if run in set mode. I haven't investigated a patch yet, but looking at the spec file it looks as if some comments can be removed to fix part of the problem and editing /etc/permissions.xxxx and running chkconfig/suseconfig should fix the rest? Note: - There are quite a lot of comments on permissions in the spec file, they don't appear to concern this file (I only looked briefly). Expected Results: Virtual Box DHCP Server works with VMs set to Internal Network. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=669055 https://bugzilla.novell.com/show_bug.cgi?id=669055#c1 --- Comment #1 from Christopher HORLER <cshorler@googlemail.com> 2011-02-03 12:31:26 UTC --- Forgot to mention that I also changed the file group to vboxusers -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=669055 https://bugzilla.novell.com/show_bug.cgi?id=669055#c Christopher HORLER <cshorler@googlemail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|mls@novell.com |mseben@gmail.com QAContact|adrian@novell.com |opensuse-communityscreening | |@forge.provo.novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=669055 https://bugzilla.novell.com/show_bug.cgi?id=669055#c2 --- Comment #2 from Christopher HORLER <cshorler@googlemail.com> 2011-02-05 17:41:51 UTC --- I'm testing a patch now, also fixes for python and development packages (which seem to be broken on 11.3 - perhaps everywhere?) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=669055 https://bugzilla.novell.com/show_bug.cgi?id=669055#c3 Michal Seben <mseben@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED Component|build process |Basesystem Version|master |Milestone 6 of 6 AssignedTo|mseben@gmail.com |bnc-team-screening@forge.pr | |ovo.novell.com Product|openSUSE Build Service |openSUSE 11.4 Target Milestone|--- |Milestone 6 of 6 QAContact|opensuse-communityscreening |qa@suse.de |@forge.provo.novell.com | --- Comment #3 from Michal Seben <mseben@gmail.com> 2011-02-07 10:22:19 UTC --- :Christopher security team have to decide about setting setuid bit on VBoxNetDHCP, regarding of Comment 2 : please reopen new bug report if you think python or development packages contains bug thanks for you work on virtualbox package! :security team, we need setuid bit on /usr/lib/virtualbox/VBoxNetDHCP, source code is here : http://www.virtualbox.org/browser/trunk/src/VBox/NetworkServices/DHCP/VBoxNe... see Comment 0 for more info thanks! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=669055 https://bugzilla.novell.com/show_bug.cgi?id=669055#c4 --- Comment #4 from Christopher HORLER <cshorler@googlemail.com> 2011-02-07 22:16:52 UTC --- Hi Michal / 'Security'! Re security / permissions, I expected that would be the case - so I patched permissions and submitted a Request yesterday referencing this bug. Request #60178 Bug is opened on Python and fix is also submitted. You can now do 'import vboxapi'. Haven't really used it - but I suspect it would be quite straight forward to implement some kind of system / yast module using this supplementing the vboxes init script. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=669055 https://bugzilla.novell.com/show_bug.cgi?id=669055#c5 Marcus Meissner <meissner@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner@novell.com AssignedTo|bnc-team-screening@forge.pr |security-team@suse.de |ovo.novell.com | Summary|Virtual Box's DHCP Server |AUDIT-0: VBoxNetDHCP / |fails with Internal Network |Virtual Box's DHCP Server |adapter setting for VMs |fails with Internal Network | |adapter setting for VMs --- Comment #5 from Marcus Meissner <meissner@novell.com> 2011-02-10 12:37:32 UTC --- you need to assign it to security though so we see it, doing so now. we do the adjustment for permissions after auditing the binary. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=669055 https://bugzilla.novell.com/show_bug.cgi?id=669055#c6 --- Comment #6 from Thomas Biege <thomas@novell.com> 2011-02-14 18:33:51 UTC --- (In reply to comment #4)
Hi Michal / 'Security'!
Re security / permissions, I expected that would be the case - so I patched permissions and submitted a Request yesterday referencing this bug. Request #60178
You submitted it to Factory. Did older versions need this update too? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=669055 https://bugzilla.novell.com/show_bug.cgi?id=669055#c7 Swamp Workflow Management <swamp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |maint:running:38684:low --- Comment #7 from Swamp Workflow Management <swamp@suse.com> 2011-02-14 18:35:19 UTC --- The SWAMPID for this issue is 38684. This issue was rated as low. Please submit fixed packages until 2011-03-14. Also create a patchinfo file using this link: https://swamp.suse.de/webswamp/wf/38684 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=669055 https://bugzilla.novell.com/show_bug.cgi?id=669055#c8 --- Comment #8 from Thomas Biege <thomas@novell.com> 2011-02-14 18:36:25 UTC --- (In reply to comment #6)
(In reply to comment #4)
Hi Michal / 'Security'!
Re security / permissions, I expected that would be the case - so I patched permissions and submitted a Request yesterday referencing this bug. Request #60178
You submitted it to Factory. Did older versions need this update too?
I was too heady... audit still needed. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=669055 https://bugzilla.novell.com/show_bug.cgi?id=669055#c9 --- Comment #9 from Christopher HORLER <cshorler@googlemail.com> 2011-02-16 21:26:28 UTC --- re audit - okay, no problem - I respect the audit process. re do older versions require update? Only submitted to Factory alone because I don't know the Build Service well enough yet to submit to all of 11.x simultaneously! (that said, the test was only done with 11.3 and VBox 4) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=669055 https://bugzilla.novell.com/show_bug.cgi?id=669055#c10 --- Comment #10 from Marcus Meissner <meissner@novell.com> 2011-02-22 14:19:06 UTC --- nothing for you to do, the old versions dont need updates as long as no version updates are done. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=669055 https://bugzilla.novell.com/show_bug.cgi?id=669055#c11 --- Comment #11 from Sebastian Krahmer <krahmer@novell.com> 2011-03-07 15:03:08 UTC --- I dont have too many problems giving it mode 04750, since it shares the code with lot of other VBox binaries which already have that mode. They seem to properly check pathnames and drop privileges, keeping CAP_NET_RAW and BIND_SERVICE. So, there is a "go" from our side. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=669055 https://bugzilla.novell.com/show_bug.cgi?id=669055#c12 --- Comment #12 from Ludwig Nussel <lnussel@novell.com> 2011-03-07 16:24:42 CET --- fixed for Factory. Is this needed on 11.4 too? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=669055 https://bugzilla.novell.com/show_bug.cgi?id=669055#c13 --- Comment #13 from Christopher HORLER <cshorler@googlemail.com> 2011-03-08 20:49:10 UTC --- I believe so, that's why I submitted the bug -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=669055 https://bugzilla.novell.com/show_bug.cgi?id=669055#c14 Ludwig Nussel <lnussel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |maintenance@opensuse.org --- Comment #14 from Ludwig Nussel <lnussel@novell.com> 2011-03-09 08:46:02 CET --- in that case we need a maintenance update for permissions -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=669055 https://bugzilla.novell.com/show_bug.cgi?id=669055#c15 --- Comment #15 from Marcus Meissner <meissner@novell.com> 2011-03-10 07:46:53 UTC --- is good I guess +1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=669055 https://bugzilla.novell.com/show_bug.cgi?id=669055#c16 Christian Dengler <cdengler@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED CC| |cdengler@novell.com InfoProvider|maintenance@opensuse.org | --- Comment #16 from Christian Dengler <cdengler@novell.com> 2011-03-15 13:25:52 UTC --- +1 ... update started. SwampID: 39395 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=669055 https://bugzilla.novell.com/show_bug.cgi?id=669055#c17 Swamp Workflow Management <swamp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:38684:low |maint:running:38684:low | |maint:running:39395:low --- Comment #17 from Swamp Workflow Management <swamp@suse.com> 2011-03-15 13:45:59 UTC --- The SWAMPID for this issue is 39395. This issue was rated as low. Please submit fixed packages until 2011-04-12. Also create a patchinfo file using this link: https://swamp.suse.de/webswamp/wf/39395 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=669055 https://bugzilla.novell.com/show_bug.cgi?id=669055#c Ludwig Nussel <lnussel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|security-team@suse.de |lnussel@novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=669055 https://bugzilla.novell.com/show_bug.cgi?id=669055#c Ludwig Nussel <lnussel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |679785 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=669055 https://bugzilla.novell.com/show_bug.cgi?id=669055#c18 --- Comment #18 from Ludwig Nussel <lnussel@novell.com> 2011-03-15 15:57:48 CET --- permissions package submitted (sr#64189) note bug 679785 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=669055 https://bugzilla.novell.com/show_bug.cgi?id=669055#c19 Swamp Workflow Management <swamp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:38684:low |maint:running:38684:low |maint:running:39395:low |maint:running:39395:low | |maint:released:11.4:39400 --- Comment #19 from Swamp Workflow Management <swamp@suse.com> 2011-03-22 13:25:40 UTC --- Update released for: permissions, permissions-debuginfo, permissions-debugsource Products: openSUSE 11.4 (debug, i586, x86_64) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=669055 https://bugzilla.novell.com/show_bug.cgi?id=669055#c Swamp Workflow Management <swamp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:38684:low |maint:running:38684:low |maint:running:39395:low | |maint:released:11.4:39400 | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=669055 https://bugzilla.novell.com/show_bug.cgi?id=669055#c Bug 669055 depends on bug 679785, which changed state. Bug 679785 Summary: virtualbox build fail http://bugzilla.novell.com/show_bug.cgi?id=679785 What |Old Value |New Value ---------------------------------------------------------------------------- Status|NEEDINFO |NEW Status|NEW |RESOLVED Resolution| |FIXED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=669055 https://bugzilla.novell.com/show_bug.cgi?id=669055#c20 Ludwig Nussel <lnussel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #20 from Ludwig Nussel <lnussel@novell.com> 2011-04-08 14:39:33 CEST --- closing -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=669055 https://bugzilla.novell.com/show_bug.cgi?id=669055#c21 --- Comment #21 from Bernhard Wiedemann <bwiedemann@suse.com> 2011-10-31 22:03:24 CET --- This is an autogenerated message for OBS integration: This bug (669055) was mentioned in https://build.opensuse.org/request/show/89843 Tumbleweed / permissions -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com