In fact I've been studying the feature under Solaris 11.3 release + VirtualBox 5.1.18 and I've got a few more comments about it. I'll remark that the format of the "Autostart configuration file" isn't strictly documented; all we have is an sample that's apparently fair enough but that may cause difficulties if you have to deal with it as it happens to be the case due to an apparent bug in VBoxAutostart binary file. VBoxAutostart doesn't really consider the policy file as it should because it forces us to declare the rules for every user that is part of config/vboxgroup. In fact, if a user from config/vboxgroup doesn't have a rule in the configuration file, the authorization should be inferred from the default_policy declaration, but that's is not current behavior of VBoxAutostart. In fact, another behavioral problem is that if a user's rule lists "deny", it's not the case for VBoxAutostart exit with a non-zero value, because this will cause the SMF method to trigger a maintenance status for the service.
Here is some extra code (plus auxiliary scripts) for the SMF service method script as an idea for a fix:
Excerpt from /opt/VirtualBox/smf-autostart.sh with the suggested fixes
Code: Select all
...
# Auxiliary scripts path
SCRIPT_PATH=${0%/`/usr/bin/basename $0`}
# Auxiliary temporary cache files
TMPFILE1=`mktemp`
TMPFILE2=`mktemp`
trap 'rm -f -- "$TMPFILE1" "$TMPFILE2"' EXIT
# Tokenize and cache autostart configuration file
${SCRIPT_PATH}/smf-vboxautostart-tokenize.sh $VW_CONFIG $TMPFILE1
# Cache auxiliary AWK script for checking user allow rule
${SCRIPT_PATH}/smf-vboxautostart-allow-entries.sh $TMPFILE2
# Get default policy
VW_POLICY=`${SCRIPT_PATH}/smf-vboxautostart-policy.sh $TMPFILE1`
# Get all users
# for VW_USER in `logins -g $VW_VBOXGROUP | cut -d' ' -f1`
for VW_USER in $(echo `logins -g $VW_VBOXGROUP | cut -d' ' -f1` `getent group $VW_VBOXGROUP | cut -d: -f4 | tr , ' '` | xargs -n1 | sort -u)
do
if [[ `${SCRIPT_PATH}/smf-vboxautostart-user.sh $TMPFILE1 $TMPFILE2 $VW_USER` == "true" ]] || \
( [[ "$VW_POLICY" == "allow" ]] && [[ `${SCRIPT_PATH}/smf-vboxautostart-user.sh $TMPFILE1 $TMPFILE2 $VW_USER` != "false" ]] ); then
su - "$VW_USER" -c "/opt/VirtualBox/VBoxAutostart --stop --config \"$VW_CONFIG\" --logrotate \"$VW_ROTATE\" --logsize \"$VW_LOGSIZE\" --loginterval \"$VW_LOGINTERVAL\""
VW_EXIT=$?
if [ $VW_EXIT != 0 ]; then
echo "VBoxAutostart failed with $VW_EXIT."
VW_EXIT=1
break
fi
fi
done
...
And here are the additional shell scripts for the fix:
/opt/VirtualBox/smf-vboxautostart-tokenize.sh
Code: Select all
#!/bin/sh
#
# Parse and tokenize the VirtualBox Autostart configuration file.
# $1 should be the configuration file.
# $2 should be the output file name to use.
#
if [[ -n "$1" ]] && [[ -n "$2" ]]; then
cat "$1" |tr -d '[:blank:]' |sed -e 's/#.*//' -e 's/{/{=/' -e 's/}/=}/' |tr '=' '\n' |sed -e '/^$/ d' >"$2"
fi
/opt/VirtualBox/smf-vboxautostart-allow-entries.sh
Code: Select all
#!/bin/sh
#
# Report an user's allow rule value in VirtualBox Autostart policy.
# $1 should be the output file name to use.
#
if [[ -n "$1" ]]; then
cat <<"EOF" >$1
BEGIN {
policy = "unknown"
users = 0
}
/^[A-Za-z0-9._-]+/ {
#
if ( $0 == "default_policy" ) {
getline
if ( $0 == "allow" || $0 == "deny" ) {
policy = $0
} else {
print "Invalid policy!"
exit 1
}
} else {
if ( $0 == "allow" ) {
getline
allow[u] = $0
} else if ( $0 == "startup_delay" ) {
getline
startup_delay[u] = $0
} else {
# Got an user!
u = users++
user[u] = $0
}
}
}
END {
for (i in user) {
printf( "%s:%s\n", user[i], allow[i] )
}
}
EOF
fi
/opt/VirtualBox/smf-vboxautostart-policy.sh
Code: Select all
#!/bin/sh
#
# Report the current VirtualBox Autostart policy.
# $1 should the tokenized configuration file.
#
if [[ -n "$1" ]]; then
cat "$1" |awk '/^default_policy$/ {getline; if ($0=="allow"||$0=="deny") print $0}'
fi
/opt/VirtualBox/smf-vboxautostart-user.sh
Code: Select all
#!/bin/sh
#
# Report an user's allow rule value in VirtualBox Autostart policy.
# $1 should be the tokenized configuration file.
# $2 should be the auxiliary awk script.
# $3 should be the user to query.
#
if [[ -n "$1" ]] && [[ -n "$2" ]] && [[ -n "$3" ]]; then
cat "$1" |awk -f $2 |grep "$3:" |sed "s/$3://"
fi
Regards.