VirtualBox 6 SlackBuild (x86_64 current) QT Fatal - setuid
I managed to modify ponce's slackbuild to build VirtualBox 6 on current(kernel 4.19.15).
First I modified "vboxdrv.sh-setup.diff" just to take into account the slightly different vboxdrv.sh in VirtualBox 6. Next I added these patches (from arch I believe)(think they may be overkill) https://github.com/archlinuxcn/repo/...virtualbox-svn Tweaked the slackbuild slightly to read them from a folder and ran the build. Here is a complete Slackbuild version minus the sources to download from Oracle. http://lehcar.no-ip.org:8080/~rich/virtualbox.tar.gz (sources needed: SDKRef.pdf UserManual.pdf VBoxGuestAdditions_6.0.0.iso VirtualBox-6.0.0.tar.bz2) Then I use virtualbox-kernel-mksrctarball.sh in the virtualbox-kernel build from ponce, modify version to 6.0.0 and build. Note: "I did add vboxusers group and my user to the group" The issue I have is if I use the HARDENING=yes when I run virtualbox as normal (non-root) user I get: Code:
Qt FATAL: FATAL: The application binary appears to be running setuid, this is a security hole. I tried a couple commands suggested like: Code:
cd /usr/lib64/virtualbox/VBox; chmod 4755 {VBox{Headless,Net{AdpCtl,DHCP,NAT},SDL,VolInfo},VirtualBoxVM} I also found one suggestion to add this: (but I did not know which file to add this to...) Code:
QCoreApplication::setSetuidAllowed(true); -- Of Note if I use the binary from Oracle it does work, guessing they compile with a static Qt5. (https://download.virtualbox.org/virt...inux_amd64.run) Anybody have any fix suggestion, or suggest the file to patch to add the QCoreApplication commands? Would really like to use the HARDEDED version and prefer the SlackBuild to binary. --Not critical as the binary really works ok, just more of a learning thing. |
Quote:
The sticky bit is the t bit, with numeric value 1xxx and shown as a t as the LAST char of the mode. Symbolic (in chmod) you set setuid with u+s, setgid (group) with g+s and sticky with +t - as there's only one t-bit you do not need a prefix (and you can remove them again with the same letters but a - inbetween, so u-s etc). |
Quote:
|
I get:
Code:
***** Checking iasl ***** Edit: I needed to install the recent acpica (🎩 to ppr:kut). |
Quote:
I tried the SlackBuild a while back and found downloading and installing directly from Virtualbox.org (in your case, VirtualBox-6.0.2-128162-Linux_amd64.run) to be simplest. Though I am still using 5.2 and haven't tried 6.0 Ken |
making vboxdrv: "no such file or directory"s
I get this issue:
Code:
=== Building 'vboxdrv' module === |
I got those errors when I tried the to tweak this for virtualbox-kernel-6.0.2 ((related SUPDrvMangling.h: No such file or directory)) let me go back and see if I can still build virtualbox-kernel-6.0.0 (I believe it worked for me)
(although it barked about Qt FATAL: FATAL:) DEPS: I've got all the deps SlackBuilds.org for virtualbox says + JDK and QT5 and QT5web building virtualbox using: Code:
JAVA=yes WEBSERVICE=yes ./virtualbox.SlackBuild Code:
./virtualbox-kernel-mksrctarball.sh http://lehcar.no-ip.org:8080/~rich/v...-kernel.tar.gz test build running again now... |
you are 100% correct:
fatal error: /tmp/SBo/virtualbox-kernel-6.0.0/vboxdrv/vboxdrv/include/VBox/SUPDrvMangling.h --I'll see if I can hash it out --google suggests installing dkms? (not sure about that idea) |
Installing dkms from slackbuilds.org seems to have helped.
- bumped to version 6.0.2. (commented out a couple patches that seem no longer needed) --I saw a couple patches to build without installing dkms but did not test them yet here is a set of 3 builds: http://lehcar.no-ip.org:8080/~rich/v..._builds.tar.gz there is a downloads_needed.txt file in each folder giving needed downloads from virtualbox. It seems to work flawlessly for root, but still gives non-root user the Qt5 error. Code:
Qt FATAL: FATAL: The application binary appears to be running setuid, this is a security hole. |
Quote:
Code:
# We don't want an init-script building kernel modules. But with HARDENING=no, I still get the Qt security hole error. Solution: Code:
chmod -s /usr/lib64/virtualbox/VirtualBox |
Awesome, I was going the other way did not realize "chmod -s /usr/lib64/virtualbox/VirtualBox" was the fix...
Thank you so much!!! |
Here is a final product for anyone interested:
http://lehcar.no-ip.org:8080/~rich/v..._builds.tar.gz Disclaimer: I only modified existing work from ponce and Heinz Wiesinger and others, along with suggestions from folks on this forum. For my build I had slackware64-current (multilib) The following SlackBuilds from slackbuilds.org acpica jdk dkms Qt5 qt5-webkit (used these options on build:) Code:
HARDENING=yes JAVA=yes WEBSERVICE=yes ./virtualbox.SlackBuild Enjoy, and thanks all :) |
When I click the "Show" button for a running box, a fullscreen view of the desktop doesn't pop up. I see the live thumbnail preview, however.
Anyone else experience this with 6.0.2? |
Interesting It seems to behave correctly for me, I wonder if it is the WM. I'm using i3 window manager. (sometimes I use xfce) I'll switch to that and try.
I should correct the file /etc/rc.d/rc.vboxdrv (to remove some of the non-slackware options) (start,stop,restart work fine) -seems correct in xfce and i3 windows managers. Which one you are you using? |
Quote:
|
All times are GMT -5. The time now is 04:39 PM. |