diff options
Diffstat (limited to 'src/VBox/Installer/linux')
-rwxr-xr-x | src/VBox/Installer/linux/VBox.sh | 30 | ||||
-rwxr-xr-x | src/VBox/Installer/linux/install.sh | 15 | ||||
-rw-r--r-- | src/VBox/Installer/linux/rpm/VirtualBox.tmpl.spec | 7 | ||||
-rwxr-xr-x | src/VBox/Installer/linux/vboxdrv.sh | 6 |
4 files changed, 33 insertions, 25 deletions
diff --git a/src/VBox/Installer/linux/VBox.sh b/src/VBox/Installer/linux/VBox.sh index fb584d48..31e32f91 100755 --- a/src/VBox/Installer/linux/VBox.sh +++ b/src/VBox/Installer/linux/VBox.sh @@ -96,15 +96,33 @@ WARNING: The compilation of the vboxdrv.ko kernel module failed during the EOF fi -SERVER_PID=`ps -U \`whoami\` | grep VBoxSVC | awk '{ print $1 }'` +# Get effective user name to use it in order to compose XPCOM IPC socket path. +VBOX_EFFECTIVE_USER="$(whoami)" +if [ -z "$VBOX_EFFECTIVE_USER" ]; then + cat << EOF +WARNING: Unable to detect effective user name. VirtualBox might run incorrectly. +EOF +fi + +# Variables LOGNAME and USER are used by XPCOM code in order to +# compose IPC socket path. If they set to something which is different +# from the effective user name, it might result in misbehavior. +# Setting VBOX_IPC_SOCKETID will tell XPCOM code which path it should use explicitly. +[ -n "$LOGNAME" ] && [ "$LOGNAME" = "$VBOX_EFFECTIVE_USER" ] || vbox_override_env="1" +[ -n "$USER" ] && [ "$USER" = "$VBOX_EFFECTIVE_USER" ] || vbox_override_env="1" + +if [ -n "$vbox_override_env" ]; then +cat << EOF +WARNING: Environment variable LOGNAME or USER does not correspond to effective user id. +EOF + export VBOX_IPC_SOCKETID="$VBOX_EFFECTIVE_USER" +fi + +SERVER_PID=`ps -U "$VBOX_EFFECTIVE_USER" | grep VBoxSVC | awk '{ print $1 }'` if [ -z "$SERVER_PID" ]; then # Server not running yet/anymore, cleanup socket path. # See IPC_GetDefaultSocketPath()! - if [ -n "$LOGNAME" ]; then - rm -rf /tmp/.vbox-$LOGNAME-ipc > /dev/null 2>&1 - else - rm -rf /tmp/.vbox-$USER-ipc > /dev/null 2>&1 - fi + rm -rf "/tmp/.vbox-$VBOX_EFFECTIVE_USER-ipc" > /dev/null 2>&1 fi if [ "$SHUTDOWN" = "true" ]; then diff --git a/src/VBox/Installer/linux/install.sh b/src/VBox/Installer/linux/install.sh index 9c11eb9b..d32d9270 100755 --- a/src/VBox/Installer/linux/install.sh +++ b/src/VBox/Installer/linux/install.sh @@ -289,11 +289,8 @@ if [ "$ACTION" = "install" ]; then # create symlinks for working around unsupported $ORIGIN/.. in VBoxC.so (setuid), # and finally make sure the directory is only writable by the user (paranoid). if [ -n "$HARDENED" ]; then - if [ -f $INSTALLATION_DIR/VirtualBoxVM ]; then - test -e $INSTALLATION_DIR/VirtualBoxVM && chmod 4511 $INSTALLATION_DIR/VirtualBoxVM - else - test -e $INSTALLATION_DIR/VirtualBox && chmod 4511 $INSTALLATION_DIR/VirtualBox - fi + # Note! Update vboxdrv.sh if the VirtualBoxVM entry changes (bugref:10642). + test -e $INSTALLATION_DIR/VirtualBoxVM && chmod 4511 $INSTALLATION_DIR/VirtualBoxVM test -e $INSTALLATION_DIR/VBoxSDL && chmod 4511 $INSTALLATION_DIR/VBoxSDL test -e $INSTALLATION_DIR/VBoxHeadless && chmod 4511 $INSTALLATION_DIR/VBoxHeadless test -e $INSTALLATION_DIR/VBoxNetDHCP && chmod 4511 $INSTALLATION_DIR/VBoxNetDHCP @@ -325,9 +322,7 @@ if [ "$ACTION" = "install" ]; then # Create symlinks to start binaries ln -sf $INSTALLATION_DIR/VBox.sh /usr/bin/VirtualBox - if [ -f $INSTALLATION_DIR/VirtualBoxVM ]; then - ln -sf $INSTALLATION_DIR/VBox.sh /usr/bin/VirtualBoxVM - fi + ln -sf $INSTALLATION_DIR/VBox.sh /usr/bin/VirtualBoxVM ln -sf $INSTALLATION_DIR/VBox.sh /usr/bin/VBoxManage ln -sf $INSTALLATION_DIR/VBox.sh /usr/bin/VBoxSDL ln -sf $INSTALLATION_DIR/VBox.sh /usr/bin/VBoxVRDP @@ -362,9 +357,7 @@ if [ "$ACTION" = "install" ]; then # Convenience symlinks. The creation fails if the FS is not case sensitive ln -sf VirtualBox /usr/bin/virtualbox > /dev/null 2>&1 - if [ -f $INSTALLATION_DIR/VirtualBoxVM ]; then - ln -sf VirtualBoxVM /usr/bin/virtualboxvm > /dev/null 2>&1 - fi + ln -sf VirtualBoxVM /usr/bin/virtualboxvm > /dev/null 2>&1 ln -sf VBoxManage /usr/bin/vboxmanage > /dev/null 2>&1 ln -sf VBoxSDL /usr/bin/vboxsdl > /dev/null 2>&1 ln -sf VBoxHeadless /usr/bin/vboxheadless > /dev/null 2>&1 diff --git a/src/VBox/Installer/linux/rpm/VirtualBox.tmpl.spec b/src/VBox/Installer/linux/rpm/VirtualBox.tmpl.spec index 829322aa..bab95a70 100644 --- a/src/VBox/Installer/linux/rpm/VirtualBox.tmpl.spec +++ b/src/VBox/Installer/linux/rpm/VirtualBox.tmpl.spec @@ -223,13 +223,8 @@ if [ -f $RPM_BUILD_ROOT/usr/lib/virtualbox/libQt5CoreVBox.so.5 ]; then fi rm -f $RPM_BUILD_ROOT/usr/lib/virtualbox/chrpath ln -s ../VBoxVMM.so $RPM_BUILD_ROOT/usr/lib/virtualbox/components/VBoxVMM.so -for i in VBoxHeadless VBoxNetDHCP VBoxNetNAT VBoxNetAdpCtl; do +for i in VirtualBoxVM VBoxHeadless VBoxNetDHCP VBoxNetNAT VBoxNetAdpCtl; do chmod 4511 $RPM_BUILD_ROOT/usr/lib/virtualbox/$i; done -if test -e $RPM_BUILD_ROOT/usr/lib/virtualbox/VirtualBoxVM; then - chmod 4511 $RPM_BUILD_ROOT/usr/lib/virtualbox/VirtualBoxVM -else - chmod 4511 $RPM_BUILD_ROOT/usr/lib/virtualbox/VirtualBox -fi if [ -f $RPM_BUILD_ROOT/usr/lib/virtualbox/VBoxVolInfo ]; then chmod 4511 $RPM_BUILD_ROOT/usr/lib/virtualbox/VBoxVolInfo fi diff --git a/src/VBox/Installer/linux/vboxdrv.sh b/src/VBox/Installer/linux/vboxdrv.sh index 4077c169..5e6842cf 100755 --- a/src/VBox/Installer/linux/vboxdrv.sh +++ b/src/VBox/Installer/linux/vboxdrv.sh @@ -85,10 +85,12 @@ else # Applies to Debian packages only (but shouldn't hurt elsewhere) exit 0 fi -VIRTUALBOX="${INSTALL_DIR}/VirtualBox" VBOXMANAGE="${INSTALL_DIR}/VBoxManage" BUILDINTMP="${MODULE_SRC}/build_in_tmp" -if test -u "${VIRTUALBOX}"; then + +# If the VirtualBoxVM file has the set-uid bit set or if it doesn't exist, setup vboxdrv +# in hardened mode. Otherwise, do the developer mode using vboxusers for access control. +if test -u "${INSTALL_DIR}/VirtualBoxVM" || test '!' -e "${INSTALL_DIR}/VirtualBoxVM"; then GROUP=root DEVICE_MODE=0600 else |