VirtualBox, SELinux, and FUDCon bracelets

A couple of weeks back i deleted that spare Windows partition i had lying around. I decided that i had no regular need for it, and there was no reason to keep the bloated piece of garbage Vista is lying around. The only (dis)advantage is that i can no longer use it to play games. It never played them perfectly anyways. The advantage though, is that Microsoft can no longer install .Net plugins into my Firefox setup let my computer be infected with their shoddy business practices.

Well, i still would like to have access to a couple of programs that i just can't seem to get to work right on wine and/or other methods. Being the secular stallmanist i am, i don't mind using open source software on windows now and then, and there are a few programs i like to use. Hearing about the updated VirtualBox release that now does 3D acceleration pretty well, i decided to give it a try. Yes it works :D. Unfortunately it does not work with SELinux in enforcing mode, but i don't mind switching to Permissive for the few hours i need to do something with it.

On a completely unrelated note, the FUDCon bracelet i've been wearing for about a year now finally broke at work yesterday. I have another one, but i haven't decided if i want to start wearing that one now. Does anyone else wear them still, or even abuse them to hold doors open to overheating server rooms?

7 flames:

Anoniem zei

Any access vector denials? Should not be too hard to implement a solution for your virtualbox issue.

You can run the semodule command plus -DB options to expose and hidden access vector denials if you can not find any.

baard zei

About the FUDcon bracelets,
yes Jeroen still uses them for aforementioned purposes :)


lkundrak zei

Hi! I actually develop VirtualBox-OSE RPM Fusion package with SELinux turned on Enforcing, so I'm quite surprised to hear about denials.

By chance isn't this your problem?

Yankee zei

I'm not getting denials so much as the entire VM comes crashing down the moment i try to start up a 3d app. I haven't gotten to the bottom of this yet.

BTW, this is Windows XP guests running with 3d enabled trying to do milkdrop.

Yankee zei

I ran VB with semodule -DB setup, got a bunch of warnings, but nothing seemed like it was the culprit. I mainly got a bunch of warnings about policy kit. Oh well..

Anoniem zei

If SELinux denied access (e.g. it works in permissive), than there should be an audit trail.

1. Normal avc denial
2. Hidden avc denial ( exposed by semodule -DB)
3. User space object manager denials (example DBUS) Look in /var/log/messages

Yankee zei

Ok, strangely enough, i tested it again, but this time in Enforcing mode to see what errors i would get it /var/log/messages. Zilch. Instead, it worked, as unexpected. I guess it's a problem solved, but i don't know why it crashed originally, and i don't know how to reproduce the bug.