Autostart in VirtualBox 5.1.18 and Solaris 11.3

Discussions related to using VirtualBox on Solaris hosts.

Autostart in VirtualBox 5.1.18 and Solaris 11.3

Postby Carlos Azevedo » 15. Apr 2017, 21:58

This post is regarding the discussion on Ticket #11720 (https://www.virtualbox.org/ticket/11720) which seems not be solved after all and remains until now in VirtualBox 5.1.8. So I'm posting it here in case that ticket do not grab attention by referring to a rather old version of VirtualBox. Here's my comment to that ticket:

-----------------------------------------
Hello Sirs,

I'm on Solaris 11.3 (GA aka "release repo") and VirtualBox 5.1.18 and the issue seems to persist although all the previous discussion remains pretty much valid. What I would suggest further investigation is that the "logins -g" command may have a bug as it correctly returns user logins only if those user logins have the value of the "-g" parameter as their primary group. For instance, if the primary group of users user1 and user2 is staff all will work as expected (no bug revealed). But if vboxuser is their secondary group and we select that group on the respective SMF property (implying that we'll run a "logins -g vboxuser") no login will be returned by logins and the script will fail.

The suggestion for a fix perhaps could be to adjst the line that contains "logins -g $VW_VBOXGROUP | cut -d' ' -f1" to the following:

Code: Select all   Expand viewCollapse view
for VW_USER in $(echo $(logins -g $VW_VBOXGROUP | cut -d' ' -f1) $(getent group $VW_VBOXGROUP | cut -d: -f4 | tr , ' ') | xargs -n1 | sort -u)


Regards!
-----------------------------------------

I hope I could have made some mistake, but if not I'd like to ask a fix.
Thanks!
Carlos Azevedo
 
Posts: 14
Joined: 3. Jul 2012, 19:02

Re: Autostart in VirtualBox 5.1.18 and Solaris 11.3

Postby Carlos Azevedo » 17. Apr 2017, 09:11

In fact I've been studying the feature under Solaris 11.3 release + VirtualBox 5.1.18 and I've got a few more comments about it. I'll remark that the format of the "Autostart configuration file" isn't strictly documented; all we have is an sample that's apparently fair enough but that may cause difficulties if you have to deal with it as it happens to be the case due to an apparent bug in VBoxAutostart binary file. VBoxAutostart doesn't really consider the policy file as it should because it forces us to declare the rules for every user that is part of config/vboxgroup. In fact, if a user from config/vboxgroup doesn't have a rule in the configuration file, the authorization should be inferred from the default_policy declaration, but that's is not current behavior of VBoxAutostart. In fact, another behavioral problem is that if a user's rule lists "deny", it's not the case for VBoxAutostart exit with a non-zero value, because this will cause the SMF method to trigger a maintenance status for the service.

Here is some extra code (plus auxiliary scripts) for the SMF service method script as an idea for a fix:

Excerpt from /opt/VirtualBox/smf-autostart.sh with the suggested fixes
Code: Select all   Expand viewCollapse view
        ...
        # Auxiliary scripts path
        SCRIPT_PATH=${0%/`/usr/bin/basename $0`}

        # Auxiliary temporary cache files
        TMPFILE1=`mktemp`
        TMPFILE2=`mktemp`
        trap 'rm -f -- "$TMPFILE1" "$TMPFILE2"' EXIT

        # Tokenize and cache autostart configuration file
        ${SCRIPT_PATH}/smf-vboxautostart-tokenize.sh $VW_CONFIG $TMPFILE1

        # Cache auxiliary AWK script for checking user allow rule
        ${SCRIPT_PATH}/smf-vboxautostart-allow-entries.sh $TMPFILE2

        # Get default policy
        VW_POLICY=`${SCRIPT_PATH}/smf-vboxautostart-policy.sh $TMPFILE1`

        # Get all users
        # for VW_USER in `logins -g $VW_VBOXGROUP | cut -d' ' -f1`
        for VW_USER in $(echo `logins -g $VW_VBOXGROUP | cut -d' ' -f1` `getent group $VW_VBOXGROUP | cut -d: -f4 | tr , ' '` | xargs -n1 | sort -u)
        do
            if [[ `${SCRIPT_PATH}/smf-vboxautostart-user.sh $TMPFILE1 $TMPFILE2 $VW_USER` == "true" ]] || \
             ( [[ "$VW_POLICY" == "allow" ]] && [[ `${SCRIPT_PATH}/smf-vboxautostart-user.sh $TMPFILE1 $TMPFILE2 $VW_USER` != "false" ]] ); then

                su - "$VW_USER" -c "/opt/VirtualBox/VBoxAutostart --stop --config \"$VW_CONFIG\" --logrotate \"$VW_ROTATE\" --logsize \"$VW_LOGSIZE\" --loginterval \"$VW_LOGINTERVAL\""

                VW_EXIT=$?
                if [ $VW_EXIT != 0 ]; then
                    echo "VBoxAutostart failed with $VW_EXIT."
                    VW_EXIT=1
                    break
                fi
            fi
        done
        ...

And here are the additional shell scripts for the fix:

/opt/VirtualBox/smf-vboxautostart-tokenize.sh
Code: Select all   Expand viewCollapse view
#!/bin/sh

#
# Parse and tokenize the VirtualBox Autostart configuration file.
# $1 should be the configuration file.
# $2 should be the output file name to use.
#
if [[ -n "$1" ]] && [[ -n "$2" ]]; then
        cat "$1" |tr -d '[:blank:]' |sed -e 's/#.*//' -e 's/{/{=/' -e 's/}/=}/' |tr '=' '\n' |sed -e '/^$/ d' >"$2"
fi

/opt/VirtualBox/smf-vboxautostart-allow-entries.sh
Code: Select all   Expand viewCollapse view
#!/bin/sh

#
# Report an user's allow rule value in VirtualBox Autostart policy.
# $1 should be the output file name to use.
#

if [[ -n "$1" ]]; then

cat <<"EOF" >$1
BEGIN {
        policy = "unknown"
        users = 0
}

/^[A-Za-z0-9._-]+/ {
#
        if ( $0 == "default_policy" ) {
                getline
                if ( $0 == "allow" || $0 == "deny" ) {
                        policy = $0
                }  else {
                        print "Invalid policy!"
                        exit 1
                }
        } else {
                if ( $0 == "allow" ) {
                        getline
                        allow[u] = $0
                } else if ( $0 == "startup_delay" ) {
                        getline
                        startup_delay[u] = $0
                } else {
                        # Got an user!
                        u = users++
                        user[u] = $0
                }
        }
}

END {
        for (i in user) {
                printf( "%s:%s\n", user[i], allow[i] )
        }
}
EOF

fi

/opt/VirtualBox/smf-vboxautostart-policy.sh
Code: Select all   Expand viewCollapse view
#!/bin/sh

#
# Report the current VirtualBox Autostart policy.
# $1 should the tokenized configuration file.
#
if [[ -n "$1" ]]; then
        cat "$1" |awk '/^default_policy$/ {getline; if ($0=="allow"||$0=="deny") print $0}'
fi

/opt/VirtualBox/smf-vboxautostart-user.sh
Code: Select all   Expand viewCollapse view
#!/bin/sh

#
# Report an user's allow rule value in VirtualBox Autostart policy.
# $1 should be the tokenized configuration file.
# $2 should be the auxiliary awk script.
# $3 should be the user to query.
#

if [[ -n "$1" ]] && [[ -n "$2" ]] && [[ -n "$3" ]]; then
        cat "$1" |awk -f $2 |grep "$3:" |sed "s/$3://"
fi


Regards.
Carlos Azevedo
 
Posts: 14
Joined: 3. Jul 2012, 19:02


Return to VirtualBox on Solaris Hosts

Who is online

Users browsing this forum: No registered users and 2 guests