virtualbox/virtualbox-wrapper.sh
Larry Finger af26c92399 - Revise warning screen concerning USB passthru - fixes bnc#1041137.
USB passthru opens a security hole, yet it is so valuable that many users want the feature, thus it is our default.
  Previously, a user needed to edit a udev rule to disable passthru. The bad part was that an update of VB changed the
  rule back to allow passthru without any notification. These changes modify the popup to allow the user to accept or decline
  passthru. If the user declines, then the root password is requested and the udev rule is modified. As these modifications will be
  lost with the next VB update, the inode of the udev rule is kept. If the user has previously declined and the inode has changed,
  the popup will show the next time VB is started. File "fix_usb_rules.sh" is added.

OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=336
2017-06-08 22:26:55 +00:00

59 lines
1.9 KiB
Bash

#!/bin/bash
export QT_NO_KDE_INTEGRATION=1
# make certain that the user/group combination is valid
/usr/bin/id -nG | grep -v -e "root" -e "vboxusers" >/dev/null && /usr/lib/virtualbox/VBoxPermissionMessage && exit
#
# Handle the issue regarding USB passthru
# The following conditions apply:
# 1. If ~/.vbox/enable exists, the user accepts the security risk.
# 2. If ~/.vbox/disable exists, the user does not accept the risk. That file will contain the inode of /etc/udev/rules.d/60-vboxdrv.rules.
# When that changes, the VBoxUSB_DevRules will again be displayed as that means that VB has been reloaded.
#
devrules()
{
/usr/lib/virtualbox/VBoxUSB_DevRules
if [ $? -eq 0 ] ; then
# User accepts the risk
touch ~/.vbox/enable
rm -f ~/.vbox/disable
else
# User declines the risk - save the inode
echo "" > ~/.vbox/disable
rm -f ~/.vbox/enable
fi
}
# Start of main routine
#
# Ensure that ~/.vbox exists
mkdir -p ~/.vbox/
# Get the inode for /etc/udev/rules.d/60-vboxdrv.rules
INODE=$(stat /etc/udev/rules.d/60-vboxdrv.rules | grep Inode | cut -d' ' -f3)
if [ ! -f ~/.vbox/enable ] && [ ! -f ~/.vbox/disable ] ; then
# Neither file exists - find what the user wants
devrules
fi
# Get the original Inode if it exists
if [ -f ~/.vbox/disable ] ; then
read LINE < ~/.vbox/disable
else
LINE=" "
fi
# If user originally declined, make certain that /etc/udev/rules.d/60-vboxdrv.rules has not been changed
if [ -f ~/.vbox/disable ] && [ "$LINE" != "$INODE" ] && [ "$LINE" != "" ] ; then
# disable is selected and the Inode has changed - ask again
devrules
fi
if [ -f ~/.vbox/disable ] ; then
echo $INODE > ~/.vbox/disable
if [ "$LINE" != "$INODE" ] ; then
if [ -f /usr/bin/kdesu ] ; then
kdesu /sbin/vbox-fix-usb-rules.sh
fi
if [ -f /usr/bin/gnomesu ] ; then
gnomesu /sbin/vbox-fix-usb-rules.sh
fi
fi
fi
# Now run the VB GUI
LD_LIBRARY_PATH="/usr/lib/virtualbox${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}" /usr/lib/virtualbox/VirtualBox $@