Bug 12130

Summary: USB devices created 664 root:root can't be used in VirtualBox
Product: Mageia Reporter: Frank Griffin <ftg>
Component: RPM PackagesAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: mageia, thierry.vignaud
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: virtualbox CVE:
Status comment:

Description Frank Griffin 2013-12-27 19:27:28 CET 
I downloaded and installed the Oracle Extensions pack for VBox which includes USB support.  I created a USB filter for my device, but could not get VB to attach it to the VM no matter what.

Recalling the problems of ownership/permissions between CUPS and dbus in the past, I located the devie entry in /dev/bus/usb/nnn/nnn and saw that it had 
        664 root root
On a hunch, I did a chmod to 666, and at that point VBox attached it to the VM just fine.

Apparently, the UID running VBox needs to have write access to a USB device in order to attach it to a VM.

I'm not sure of the best way to handle this.  The first thing that comes to mind is to create the device with vboxusers group ownership if the vboxusers group exists (i. e. VBox is installed).

Reproducible: 

Steps to Reproduce:
Comment 1 Thierry Vignaud 2013-12-28 16:20:53 CET 
Wrong package.
A couples notes:
- the extension pack brings USB2 support
  (you don't need it for USB support)
- 666 permissions are wrong for USB devices anyway

If you want to be able to do more than just mounting USB devices, you need root permissions and thus you should run VBox as root an not user.

Status: NEW => RESOLVED
CC: (none) => mageia, thierry.vignaud
Resolution: (none) => INVALID
Source RPM: dbus => udev, virtualbox

Comment 2 Colin Guthrie 2013-12-28 16:40:53 CET 
An alternative would be to tag the relevant devices as uaccess (TAG+="uaccess" in a udev rule).

This would ensure that udev sets appropriate ACLs on the device to let the currently logged in user access the device nodes. This might cause problems if you switch away (thus causing your session to become inactive and for the ACLs to be removed). Otherwise you can add a rule that sets the nodes to have a group level ACL (or just be group owned) by a given group (e.g. "vboxusers" and add your user to that group).

In fact virtualbox ships some default udev rules: /usr/lib/udev/rules.d/virtualbox.rules which in turn runs /usr/share/virtualbox/VBoxCreateUSBNode.sh which automatically chowns the nodes to vboxusers group. So all you really need to do is add your user to that group and everything should work (and I'm pretty sure Virtualbox even pops up a dialog telling you this if you try).
Comment 3 Frank Griffin 2014-01-02 16:06:39 CET 
(In reply to Thierry Vignaud from comment #1)
> Wrong package.
> A couples notes:
> - the extension pack brings USB2 support
>   (you don't need it for USB support)
> - 666 permissions are wrong for USB devices anyway
> 
> If you want to be able to do more than just mounting USB devices, you need
> root permissions and thus you should run VBox as root an not user.

The VB docs say that running as root is a bad idea.  

I didn't suggest setting a 666 ownership, I merely said that that was what I did to test my hypothesis.  The docs actually say that if the UID running VB should be in a vboxusers group, but no such group appears to be created with our VB install.

I created one and added the VB user to it, but that made no difference.

I see no reason why this should be INVALID.  With virtualization increasingly important, and given that our VB install is set up to launch VB from GUI as the desktop user, the requirement for VB running as user to support USB(2) is reasonable.

Status: RESOLVED => REOPENED
Resolution: INVALID => (none)

Comment 4 Frank Griffin 2014-01-02 16:13:13 CET 
(In reply to Colin Guthrie from comment #2)

> In fact virtualbox ships some default udev rules:
> /usr/lib/udev/rules.d/virtualbox.rules which in turn runs
> /usr/share/virtualbox/VBoxCreateUSBNode.sh which automatically chowns the
> nodes to vboxusers group. So all you really need to do is add your user to
> that group and everything should work (and I'm pretty sure Virtualbox even
> pops up a dialog telling you this if you try).

As I said above, we don't appear to be creating a vboxusers group at install time.  That would explain why the chmod doesn't take effect.

Source RPM: udev, virtualbox => virtualbox

Comment 5 Manuel Hiebel 2014-01-02 16:58:16 CET 
>but no such group appears to be created with our VB install.

it does, and was alwys the case since years: 
http://svnweb.mageia.org/packages/cauldron/virtualbox/current/SPECS/virtualbox.spec?revision=559323&view=markup#l480
Comment 6 Frank Griffin 2014-01-02 17:47:55 CET 
(In reply to Manuel Hiebel from comment #5)
> >but no such group appears to be created with our VB install.
> 
> it does, and was alwys the case since years: 
> http://svnweb.mageia.org/packages/cauldron/virtualbox/current/SPECS/
> virtualbox.spec?revision=559323&view=markup#l480

Curious.  I checked another system, and the group was there, but it wasn't on the system I first tested with.

In any case, if VB is supposed to be chmod'ing the USB devices to :vboxusers, it clearly isn't for whatever reasons.
Comment 7 Frank Griffin 2014-11-21 14:58:55 CET 
This has been corrected somewhere along the line.  USB now works seamlessly once the user is in the vboxusers group.

Status: REOPENED => RESOLVED
Resolution: (none) => FIXED