Since a recent update (I can't identify which one exactly), Virtualbox fails to launch any virtual guest using a host-only network interface. The root problems seems to comes from a malfunction in vboxnetadp module, responsible for this kind of network setup, as the vboxnet0 virtual interface is not created anymore. $ VBoxNetAdpCtl vboxnet0 add VBoxNetAdpCtl: Error while adding vboxnet0: failed to open /dev/vboxnetctl: Permission denied $ ls -l /dev/vboxnetctl crw------- 1 root root 10, 119 nov. 1 13:34 /dev/vboxnetctl Given than VBoxNetAdpCtl is setuid root, perms should not be an issue. Relaxing those perms to make them read/write by members of group vboxusers just change the error message: $ VBoxNetAdpCtl vboxnet0 add VBoxNetAdpCtl: Error while adding vboxnet0: failed to open /dev/vboxnetctl: Operation not permitted $ ls -l /dev/vboxnetctl crw-rw---- 1 root vboxusers 10, 119 nov. 1 13:34 /dev/vboxnetctl I'm stuck...
Assigning to the registered maintainer.
Assignee: bugsquad => tmbCC: (none) => marja11
Depends on: (none) => 30381
I'm in a similar situation. /dev/vboxnetctl can't communicatio with the user. Just try to open the file as user (if permissions are set): cat /dev/vboxnetctl cat: /dev/vboxnetctl: Operation not permitted and this is pretty the same VBox shows: VBoxNetAdpCtl add VBoxNetAdpCtl: Error while adding new interface: failed to open /dev/vboxnetctl: Operation not permitted when it tries to open and communicate with the kernel driver. I assume the kerneldriver itself is checking some permissions or operations on the guest are not permitted as the must, in order for the kmod to create a new interface.
CC: (none) => mageia
running a bit through the source code, I found this bit here: * Device open. Called on open /dev/vboxnetctl ... #ifdef VBOX_WITH_HARDENING /* * Only root is allowed to access the device, enforce it! */ if (!capable(CAP_SYS_ADMIN)) ... return -EPERM; that explains, why users are unable to communicate with /dev/vboxnetctl But what is the correct way on enabling devices, if VirtualBox is not run as root?! ls -la /usr/lib64/virtualbox/VBoxNetAdpCtl -r-s--x--x 1 root root 33312 Apr 21 21:23 /usr/lib64/virtualbox/VBoxNetAdpCtl* => VBoxNetAdpCtl is running as setuid - so why does this return "Operation not permitted" - I assume CAP_SYS_ADMIN does not work for setuid programs?!
try with virtualbox-6.1.34-1.10.mga8 in updates_testing. you need to reboot after to ensure you get proper privilegies... and you must ensure your user is part of vboxusers... I'm still debating with myself if access to vboxnet changes should be protected by a separate group... to keep privilegie separation more fine-grained...
As root run virtualbox. Select File/Host Network manager, then create a host only adapter. Then as a user, use the settings for the vboxguest to add the network adapter to the guest. Note that multiple users can have vb guests talking to each other over the host only adapter. Since it can be used by multiple users, the adapter itself must be created by root.
CC: (none) => davidwhodgins
I think this bug should be closed as invalid as it's working as intended. While it's a change from prior versions, it appears to be intentional. I'll leave it to tmb to decide.
By running virtualbox as root to create the host only network, it created ... $ cat /etc/sysconfig/network-scripts/ifcfg-vboxnet0 DEVICE=vboxnet0 BOOTPROTO=dhcp ONBOOT=yes $ ip link|tail -n 2 5: vboxnet0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000 link/ether 0a:00:27:00:00:00 brd ff:ff:ff:ff:ff:ff The above two commands are both on the host.
@Dave: sure they are created. Did you try to use the interface after reboot?
Seems by default vboxnet0 is not recreated on reboot. Two options I've found to get it created. Run VirtualBox as root after reboot, though you don't have to do anything with it. Add the following line to /etc/rc.d/rc.local (create the file and mark it executable if it doesn't already exist. VBoxManage list hostonlyifs Either running Virtualbox after reboot, or adding the above line and rebooting results in ... $ ip link|tail -n 2 5: vboxnet0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000 link/ether 0a:00:27:00:00:00 brd ff:ff:ff:ff:ff:ff
It would probably be better to have /etc/sysconfig/network-scripts/ifup-eth run the VBoxManage command if ifcfg-vbox* exists, as an enhancement request.
I don't know why/what. Just compared mga with another pc running debian. vboxnet interfaces are recreated after reboot and work. And this worked in mga before. I did an update of mga6 (where it worked) to mga8. It seems linked somehow to the virtualbox hardening. I rarely use this image, but I really think this should work somehow. I'm ok, if root has to create the interface via virtualbox, but the interface should work after reboot, without running VirtualBox as root again. I usally don't give root passwords to normal users.....
I don't know what the hardening was done to fix, but I think it's safe to assume it's a security issue. Adding "VBoxManage list hostonlyifs" to /etc/rc.d/rc.local ensures the users do not need to be given the root password.
CC: (none) => doktor5000