On Wed, Dec 29, 2021 at 10:15 AM Larry Finger <Larry.Finger@lwfinger.net> wrote:
On 12/29/21 00:47, Andrei Borzenkov wrote:
This means every user in a guest system has to belong to the vboxsf group which is certainly not default and defeats the idea of having normal installation under VB. Besides having this device accessible to multiple users has potential security implications allowing other users to snoop shared clipboard content.
/dev/vboxuser is used by VBoxClient which is started as part of (currently, only X11) user sessions. So it is just natural to automatically provide access to the currently logged in user and *only* to this user.
I meant "in the manner of vboxsf." The actual group would be vboxusers. Every user of VirtualBox already must be a member of this group.
Sorry? What exactly does "user of VirtualBox" mean? We are talking about the *guest* system. Guest system does not have "VirtualBox users" at all, it has normal users created as part of installation. And normal installation most certainly does not add users to "vboxusers" group. You seem to think about the host system. The problem is inside the guest system.