Running VirtualBox as non-root user

Bernhard Fröhlich decke at freebsd.org
Wed Sep 29 18:17:35 UTC 2021 

On Wed, Sep 29, 2021 at 8:01 PM Mario Lobo <lobo at bsd.com.br> wrote:
>
> Hi;
>
> Here is what I've done so far:
>
> - Created user vbox and put it in vboxuser group
> - Went as far as chown -R vbox:vboxuser /usr/local/lib/virtualbox
> - Executables are with the SUiD bit set
> -r-s--x---  1 vbox  vboxusers     32064 Sep 21 22:18 VBoxSDL
> -r-s--x---  1 vbox  vboxusers     16064 Sep 21 22:18 VBoxNetAdpCtl
> -r-s--x---  1 vbox  vboxusers     32064 Sep 21 22:18 VBoxNetDHCP
> -r-s--x---  1 vbox  vboxusers     32064 Sep 21 22:18 VBoxNetNAT
> -r-s--s---  1 vbox  vboxusers     32352 Sep 22 17:55 VirtualBoxVM
>
> - Imported a test VM
> - Ran the VM as root to make sure it's working
> - started VirtualBox as user vbox, and it starts fine
>
> VirtualBox GUI starts fine as user vbox but when I try to start the test VM
> from it, I get:
>
> Effective UID is not root (euid=1001 egid=920 uid=1001 gid=1001) (rc=-10)
> where: SUPR3HardenedMain what: 2 VERR_PERMISSION_DENIED (-10) - Permission
> denied.
>
> Starting it from  VirtualBoxVM --startvm test issues the same error:
>
> VirtualBoxVM: Error -10 in SUPR3HardenedMain!
> VirtualBoxVM: Effective UID is not root (euid=1001 egid=920 uid=1001
> gid=1001)
> where: SUPR3HardenedMain
> what:  2
> VERR_PERMISSION_DENIED (-10) - Permission denied.
>
> Any pointer for anything else I should be doing or is missing?

Puh it's been a long time for me but from what I read there are two things that
sound problematic to me.

1) vbox uses something that they call "hardening" which does some checks
in addition to the suid/sgid bits. Changing permissions and/or
user/group is asking
for trouble! I'd recommend to reinstall the vbox package in that case. The
instructions in the handbook should be enough.

pw groupmod vboxusers -m yourusername

2) Starting a VM as root is definitely not a good idea either. The
problem is that
vbox it will create some temporary files/directories as root somewhere
under /tmp
or was it /var? When the VM is stopped the directories are left and you won't be
able to write to them as user afterwards. If the VM is not running it
should be okay
to just delete them but please have a look at the content first to make sure.

-- 
Bernhard Froehlich
http://www.bluelife.at/

More information about the freebsd-questions mailing list