summaryrefslogtreecommitdiffstats
path: root/src/VBox/Installer/linux
diff options
context:
space:
mode:
Diffstat (limited to 'src/VBox/Installer/linux')
-rwxr-xr-xsrc/VBox/Installer/linux/VBox.sh30
-rwxr-xr-xsrc/VBox/Installer/linux/install.sh15
-rw-r--r--src/VBox/Installer/linux/rpm/VirtualBox.tmpl.spec7
-rwxr-xr-xsrc/VBox/Installer/linux/vboxdrv.sh6
4 files changed, 33 insertions, 25 deletions
diff --git a/src/VBox/Installer/linux/VBox.sh b/src/VBox/Installer/linux/VBox.sh
index fb584d48..31e32f91 100755
--- a/src/VBox/Installer/linux/VBox.sh
+++ b/src/VBox/Installer/linux/VBox.sh
@@ -96,15 +96,33 @@ WARNING: The compilation of the vboxdrv.ko kernel module failed during the
EOF
fi
-SERVER_PID=`ps -U \`whoami\` | grep VBoxSVC | awk '{ print $1 }'`
+# Get effective user name to use it in order to compose XPCOM IPC socket path.
+VBOX_EFFECTIVE_USER="$(whoami)"
+if [ -z "$VBOX_EFFECTIVE_USER" ]; then
+ cat << EOF
+WARNING: Unable to detect effective user name. VirtualBox might run incorrectly.
+EOF
+fi
+
+# Variables LOGNAME and USER are used by XPCOM code in order to
+# compose IPC socket path. If they set to something which is different
+# from the effective user name, it might result in misbehavior.
+# Setting VBOX_IPC_SOCKETID will tell XPCOM code which path it should use explicitly.
+[ -n "$LOGNAME" ] && [ "$LOGNAME" = "$VBOX_EFFECTIVE_USER" ] || vbox_override_env="1"
+[ -n "$USER" ] && [ "$USER" = "$VBOX_EFFECTIVE_USER" ] || vbox_override_env="1"
+
+if [ -n "$vbox_override_env" ]; then
+cat << EOF
+WARNING: Environment variable LOGNAME or USER does not correspond to effective user id.
+EOF
+ export VBOX_IPC_SOCKETID="$VBOX_EFFECTIVE_USER"
+fi
+
+SERVER_PID=`ps -U "$VBOX_EFFECTIVE_USER" | grep VBoxSVC | awk '{ print $1 }'`
if [ -z "$SERVER_PID" ]; then
# Server not running yet/anymore, cleanup socket path.
# See IPC_GetDefaultSocketPath()!
- if [ -n "$LOGNAME" ]; then
- rm -rf /tmp/.vbox-$LOGNAME-ipc > /dev/null 2>&1
- else
- rm -rf /tmp/.vbox-$USER-ipc > /dev/null 2>&1
- fi
+ rm -rf "/tmp/.vbox-$VBOX_EFFECTIVE_USER-ipc" > /dev/null 2>&1
fi
if [ "$SHUTDOWN" = "true" ]; then
diff --git a/src/VBox/Installer/linux/install.sh b/src/VBox/Installer/linux/install.sh
index 9c11eb9b..d32d9270 100755
--- a/src/VBox/Installer/linux/install.sh
+++ b/src/VBox/Installer/linux/install.sh
@@ -289,11 +289,8 @@ if [ "$ACTION" = "install" ]; then
# create symlinks for working around unsupported $ORIGIN/.. in VBoxC.so (setuid),
# and finally make sure the directory is only writable by the user (paranoid).
if [ -n "$HARDENED" ]; then
- if [ -f $INSTALLATION_DIR/VirtualBoxVM ]; then
- test -e $INSTALLATION_DIR/VirtualBoxVM && chmod 4511 $INSTALLATION_DIR/VirtualBoxVM
- else
- test -e $INSTALLATION_DIR/VirtualBox && chmod 4511 $INSTALLATION_DIR/VirtualBox
- fi
+ # Note! Update vboxdrv.sh if the VirtualBoxVM entry changes (bugref:10642).
+ test -e $INSTALLATION_DIR/VirtualBoxVM && chmod 4511 $INSTALLATION_DIR/VirtualBoxVM
test -e $INSTALLATION_DIR/VBoxSDL && chmod 4511 $INSTALLATION_DIR/VBoxSDL
test -e $INSTALLATION_DIR/VBoxHeadless && chmod 4511 $INSTALLATION_DIR/VBoxHeadless
test -e $INSTALLATION_DIR/VBoxNetDHCP && chmod 4511 $INSTALLATION_DIR/VBoxNetDHCP
@@ -325,9 +322,7 @@ if [ "$ACTION" = "install" ]; then
# Create symlinks to start binaries
ln -sf $INSTALLATION_DIR/VBox.sh /usr/bin/VirtualBox
- if [ -f $INSTALLATION_DIR/VirtualBoxVM ]; then
- ln -sf $INSTALLATION_DIR/VBox.sh /usr/bin/VirtualBoxVM
- fi
+ ln -sf $INSTALLATION_DIR/VBox.sh /usr/bin/VirtualBoxVM
ln -sf $INSTALLATION_DIR/VBox.sh /usr/bin/VBoxManage
ln -sf $INSTALLATION_DIR/VBox.sh /usr/bin/VBoxSDL
ln -sf $INSTALLATION_DIR/VBox.sh /usr/bin/VBoxVRDP
@@ -362,9 +357,7 @@ if [ "$ACTION" = "install" ]; then
# Convenience symlinks. The creation fails if the FS is not case sensitive
ln -sf VirtualBox /usr/bin/virtualbox > /dev/null 2>&1
- if [ -f $INSTALLATION_DIR/VirtualBoxVM ]; then
- ln -sf VirtualBoxVM /usr/bin/virtualboxvm > /dev/null 2>&1
- fi
+ ln -sf VirtualBoxVM /usr/bin/virtualboxvm > /dev/null 2>&1
ln -sf VBoxManage /usr/bin/vboxmanage > /dev/null 2>&1
ln -sf VBoxSDL /usr/bin/vboxsdl > /dev/null 2>&1
ln -sf VBoxHeadless /usr/bin/vboxheadless > /dev/null 2>&1
diff --git a/src/VBox/Installer/linux/rpm/VirtualBox.tmpl.spec b/src/VBox/Installer/linux/rpm/VirtualBox.tmpl.spec
index 829322aa..bab95a70 100644
--- a/src/VBox/Installer/linux/rpm/VirtualBox.tmpl.spec
+++ b/src/VBox/Installer/linux/rpm/VirtualBox.tmpl.spec
@@ -223,13 +223,8 @@ if [ -f $RPM_BUILD_ROOT/usr/lib/virtualbox/libQt5CoreVBox.so.5 ]; then
fi
rm -f $RPM_BUILD_ROOT/usr/lib/virtualbox/chrpath
ln -s ../VBoxVMM.so $RPM_BUILD_ROOT/usr/lib/virtualbox/components/VBoxVMM.so
-for i in VBoxHeadless VBoxNetDHCP VBoxNetNAT VBoxNetAdpCtl; do
+for i in VirtualBoxVM VBoxHeadless VBoxNetDHCP VBoxNetNAT VBoxNetAdpCtl; do
chmod 4511 $RPM_BUILD_ROOT/usr/lib/virtualbox/$i; done
-if test -e $RPM_BUILD_ROOT/usr/lib/virtualbox/VirtualBoxVM; then
- chmod 4511 $RPM_BUILD_ROOT/usr/lib/virtualbox/VirtualBoxVM
-else
- chmod 4511 $RPM_BUILD_ROOT/usr/lib/virtualbox/VirtualBox
-fi
if [ -f $RPM_BUILD_ROOT/usr/lib/virtualbox/VBoxVolInfo ]; then
chmod 4511 $RPM_BUILD_ROOT/usr/lib/virtualbox/VBoxVolInfo
fi
diff --git a/src/VBox/Installer/linux/vboxdrv.sh b/src/VBox/Installer/linux/vboxdrv.sh
index 4077c169..5e6842cf 100755
--- a/src/VBox/Installer/linux/vboxdrv.sh
+++ b/src/VBox/Installer/linux/vboxdrv.sh
@@ -85,10 +85,12 @@ else
# Applies to Debian packages only (but shouldn't hurt elsewhere)
exit 0
fi
-VIRTUALBOX="${INSTALL_DIR}/VirtualBox"
VBOXMANAGE="${INSTALL_DIR}/VBoxManage"
BUILDINTMP="${MODULE_SRC}/build_in_tmp"
-if test -u "${VIRTUALBOX}"; then
+
+# If the VirtualBoxVM file has the set-uid bit set or if it doesn't exist, setup vboxdrv
+# in hardened mode. Otherwise, do the developer mode using vboxusers for access control.
+if test -u "${INSTALL_DIR}/VirtualBoxVM" || test '!' -e "${INSTALL_DIR}/VirtualBoxVM"; then
GROUP=root
DEVICE_MODE=0600
else