diff --git a/virtualbox-60-vboxdrv.rules b/virtualbox-60-vboxdrv.rules deleted file mode 100644 index d5e4f4b..0000000 --- a/virtualbox-60-vboxdrv.rules +++ /dev/null @@ -1,10 +0,0 @@ -KERNEL=="vboxdrv", NAME="vboxdrv", OWNER="root", GROUP="vboxusers", MODE="0660" -KERNEL=="vboxdrvu", NAME="vboxdrvu", OWNER="root", GROUP="vboxusers", MODE="0660" -KERNEL=="vboxnetctl", NAME="vboxnetctl", OWNER="root",GROUP="vboxusers", MODE="0660" -# -#these lines below give access permission to vboxusers to properly work with usb nodes, but enabling them could be security risk (bnc#664520) !! -#if you can live with this security problem put these lines below in to the new file /etc/udev/rules.d/60-vboxdrv.rules so they will stay enabled also after package update -#SUBSYSTEM=="usb_device", ACTION=="add", RUN+="/usr/lib/udev/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass} vboxusers" -#SUBSYSTEM=="usb", ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="/usr/lib/udev/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass} vboxusers" -#SUBSYSTEM=="usb_device", ACTION=="remove", RUN+="/usr/lib/udev/VBoxCreateUSBNode.sh --remove $major $minor" -#SUBSYSTEM=="usb", ACTION=="remove", ENV{DEVTYPE}=="usb_device", RUN+="/usr/lib/udev/VBoxCreateUSBNode.sh --remove $major $minor" diff --git a/virtualbox-default.virtualbox b/virtualbox-default.virtualbox index bd1d3db..7fbd434 100644 --- a/virtualbox-default.virtualbox +++ b/virtualbox-default.virtualbox @@ -14,3 +14,13 @@ # #SHUTDOWN_USERS="foo bar" #SHUTDOWN="savestate" + +# ------------------------------------------------------------------------------------------------- +# By default, vboxdrv creates a file /etc/udev/rules.d/60-vboxdrv.rules every time, it is started, +# that allows full control of this hosts usb devices in virtual machines (given, you allow accessing +# them with the GUI). +# In order to control this ability yourself, copy the generated /etc/udev/rules.d/60-vboxdrv.rules +# file to another name and modify to your needs, e.g. comment out all lines beginning with SUBSYSTEM, +# which will make this hosts usb devices inaccessible AND enable the next line. +#INSTALL_NO_UDEV=1 + diff --git a/virtualbox.changes b/virtualbox.changes index 56975be..f411416 100644 --- a/virtualbox.changes +++ b/virtualbox.changes @@ -39,6 +39,24 @@ This is a maintenance release. The following items were fixed and/or added: "changeset_60565.diff" is removed - fixed in upstream. "vbox-kernel47-cpu_has_pge.diff" -s removed - also fixed in upstream. +------------------------------------------------------------------- +Thu Aug 11 19:38:37 UTC 2016 - hpj@urpla.net + +- adjust file attributes on SUID helpers to avoid chkstat issues + +------------------------------------------------------------------- +Thu Aug 11 11:48:53 UTC 2016 - hpj@urpla.net + +- remove obsolete libgsoap-devel (again) +- remove /usr/lib/udev/rules.d/60-vboxdrv.rules + - it is overruled from vboxdrv init script anyway + - vboxdrv generates a /etc/udev/rules.d/60-vboxdrv.rules file + on _every_ start, note that fact in /etc/default/virtualbox + and describe a strategy to control this behaviour +- relocate VBoxCreateUSBNode.sh to /usr/lib/virtualbox + this is, where vboxdrv, resp. the generated 60-vboxdrv.rules + file is expecting it + ------------------------------------------------------------------- Mon Aug 8 17:13:27 UTC 2016 - Larry.Finger@lwfinger.net diff --git a/virtualbox.spec b/virtualbox.spec index 0f0a293..9df060a 100644 --- a/virtualbox.spec +++ b/virtualbox.spec @@ -32,7 +32,6 @@ Url: http://www.virtualbox.org/ #%(bash %{_sourcedir}/virtualbox-patch-source.sh VirtualBox-%{version}.tar.bz2) Source0: VirtualBox-%{version}-patched.tar.bz2 Source1: UserManual.pdf -Source2: %{name}-60-vboxdrv.rules Source3: %{name}-60-vboxguest.rules Source4: %{name}-default.virtualbox Source5: %{name}-host-kmp-files @@ -108,7 +107,6 @@ BuildRequires: kbuild >= 0.1.9998svn2808 BuildRequires: kernel-syms BuildRequires: libcap-devel BuildRequires: libcurl-devel -BuildRequires: libgsoap-devel BuildRequires: libidl-devel BuildRequires: libopenssl-devel BuildRequires: libqt5-linguist @@ -546,8 +544,6 @@ install -m 644 out/linux.*/release/bin/virtualbox.desktop %{buildroot}%{_datadir # create a menu entry install -m 644 out/linux.*/release/bin/VBox.png %{buildroot}%{_datadir}/pixmaps/virtualbox.png -# install udev rule for host (virtualbox) -install -m 644 %{SOURCE2} %{buildroot}%{_udevrulesdir}/60-vboxdrv.rules # install config with session shutdown defs install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/default/virtualbox #install wrapper script @@ -570,7 +566,7 @@ install -m 640 %{SOURCE13} %{buildroot}%{_var}/adm/fillup-templates/sysconfig.vb install -d -m 755 %{buildroot}%{_sysconfdir}/vbox echo -e "#settings for vboxwebsrn\nVBOXWEB_USER=root" > %{buildroot}%{_sysconfdir}/vbox/vbox.cfg # install udev helper script for creating usb devices -install -m 0755 -D src/VBox/Installer/linux/VBoxCreateUSBNode.sh %{buildroot}%{_udevrulesdir}/../VBoxCreateUSBNode.sh +install -m 0755 -D src/VBox/Installer/linux/VBoxCreateUSBNode.sh %{buildroot}%{_vbox_instdir}/VBoxCreateUSBNode.sh ###################################################### echo "entrering python-virtualbox install section" ###################################################### @@ -771,7 +767,6 @@ exit 0 %{_vbox_instdir}/components/*.xpt %dir %{_datadir}/virtualbox %config %{_sysconfdir}/default/virtualbox -%{_udevrulesdir}/60-vboxdrv.rules %config %{_sysconfdir}/init.d/vboxdrv %dir %{_sysconfdir}/vbox %config %{_sysconfdir}/vbox/vbox.cfg @@ -779,12 +774,12 @@ exit 0 %{_var}/adm/fillup-templates/sysconfig.vbox %{_sbindir}/rcvboxes %{_sbindir}/rcvboxdrv -%{_udevrulesdir}/../VBoxCreateUSBNode.sh -#%verify(not mode) %attr(4755,root,vboxusers) %{_vbox_instdir}/VBoxNetNAT -%verify(not mode) %attr(4755,root,vboxusers) %{_vbox_instdir}/VBoxNetDHCP -%verify(not mode) %attr(4755,root,vboxusers) %{_vbox_instdir}/VBoxNetAdpCtl -%verify(not mode) %attr(4755,root,vboxusers) %{_vbox_instdir}/VBoxHeadless -%verify(not mode) %attr(4755,root,vboxusers) %{_vbox_instdir}/VBoxSDL +%{_vbox_instdir}/VBoxCreateUSBNode.sh +#%verify(not mode) %attr(4750,root,vboxusers) %{_vbox_instdir}/VBoxNetNAT +%verify(not mode) %attr(4750,root,vboxusers) %{_vbox_instdir}/VBoxNetDHCP +%verify(not mode) %attr(4750,root,vboxusers) %{_vbox_instdir}/VBoxNetAdpCtl +%verify(not mode) %attr(4750,root,vboxusers) %{_vbox_instdir}/VBoxHeadless +%verify(not mode) %attr(4750,root,vboxusers) %{_vbox_instdir}/VBoxSDL %files qt %defattr(-, root, root)