12.1 Monterey Code E_ACCESSDENIED (0x8007000) Can't edit Host only vboxnet0 adapter IP address
-
- Posts: 3
- Joined: 21. Dec 2021, 20:05
12.1 Monterey Code E_ACCESSDENIED (0x8007000) Can't edit Host only vboxnet0 adapter IP address
I used to be able to edit the host only network adapter on 12.01 but routing wasn't working properly. the Subnet/interface of vboxnet0 wasn't showing up in the routing table.
After updating to 12.1 Monterey, when trying to edit the host IP address either in vagrant below or even in the gui I get the following error:
Command: ["hostonlyif", "ipconfig", "vboxnet0", "--ip", "10.2.2.1", "--netmask", "255.255.255.0"]
Stderr: VBoxManage: error: Code E_ACCESSDENIED (0x80070005) - Access denied (extended info not available)
VBoxManage: error: Context: "EnableStaticIPConfig(Bstr(pszIp).raw(), Bstr(pszNetmask).raw())" at line 242 of file VBoxManageHostonly.cpp
I have the /etc/vbox/network.conf file set to allow all networks *0.0.0.0/0
Can anyone help? I've searched for this error and tried the solutions found but none are for vbox 6.1.30 and 12.1 Monterey.
After updating to 12.1 Monterey, when trying to edit the host IP address either in vagrant below or even in the gui I get the following error:
Command: ["hostonlyif", "ipconfig", "vboxnet0", "--ip", "10.2.2.1", "--netmask", "255.255.255.0"]
Stderr: VBoxManage: error: Code E_ACCESSDENIED (0x80070005) - Access denied (extended info not available)
VBoxManage: error: Context: "EnableStaticIPConfig(Bstr(pszIp).raw(), Bstr(pszNetmask).raw())" at line 242 of file VBoxManageHostonly.cpp
I have the /etc/vbox/network.conf file set to allow all networks *0.0.0.0/0
Can anyone help? I've searched for this error and tried the solutions found but none are for vbox 6.1.30 and 12.1 Monterey.
-
- Site Moderator
- Posts: 20945
- Joined: 30. Dec 2009, 20:14
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows, Linux
Re: 12.1 Monterey Code E_ACCESSDENIED (0x8007000) Can't edit Host only vboxnet0 adapter IP address
There is a new requirement for Host-Only networks since 6.1.28 that plugs a security hole. See https://www.virtualbox.org/manual/ch06. ... k_hostonly, at the end of the section, starting at "On Linux, Mac OS X and Solaris Oracle VM VirtualBox...".
-
- Posts: 3
- Joined: 21. Dec 2021, 20:05
Re: 12.1 Monterey Code E_ACCESSDENIED (0x8007000) Can't edit Host only vboxnet0 adapter IP address
@scottgus1 I have a /etc/vbox/networks.conf file allowing all networks already, as stated in my initial post.
-
- Site Moderator
- Posts: 20945
- Joined: 30. Dec 2009, 20:14
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows, Linux
Re: 12.1 Monterey Code E_ACCESSDENIED (0x8007000) Can't edit Host only vboxnet0 adapter IP address
Ah, yes, I missed that. Sorry.TooManyAcronyms wrote:*0.0.0.0/0
From the manual: https://www.virtualbox.org/manual/ch06. ... k_hostonly
There is a space between the asterisk and the first 0, which does not appear to be in your posted file contents.Next example allows any addresses, effectively disabling range control:
* 0.0.0.0/0 ::/0
If this is a typo and your file contains the space, then we'll have to wait for a Mac guru to look into this further.
-
- Posts: 3
- Joined: 21. Dec 2021, 20:05
Re: 12.1 Monterey Code E_ACCESSDENIED (0x8007000) Can't edit Host only vboxnet0 adapter IP address
holy moly nice catch! Same file without the space worked before! now with the space it is working! THANK YOU.
-
- Site Moderator
- Posts: 20945
- Joined: 30. Dec 2009, 20:14
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows, Linux
Re: 12.1 Monterey Code E_ACCESSDENIED (0x8007000) Can't edit Host only vboxnet0 adapter IP address
Great! Glad you're up and running.
Re: 12.1 Monterey Code E_ACCESSDENIED (0x8007000) Can't edit Host only vboxnet0 adapter IP address
That's isscottgus1 wrote: ↑21. Dec 2021, 20:18 There is a new requirement for Host-Only networks since 6.1.28 that plugs a security hole. See https://www.virtualbox.org/manual/ch06. ... k_hostonly, at the end of the section, starting at "On Linux, Mac OS X and Solaris Oracle VM VirtualBox...".
So, WHY on Windows, there is no such limitation?On Linux, macOS and Solaris Oracle VM VirtualBox will only allow IP addresses in 192.168.56.0/21 range to be assigned to host-only adapters
WHY?
-
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: 12.1 Monterey Code E_ACCESSDENIED (0x8007000) Can't edit Host only vboxnet0 adapter IP address
Who is your question aimed at? These are user discussion forums, not a techical relay rant channel.
-
- Volunteer
- Posts: 2561
- Joined: 30. May 2007, 18:05
- Primary OS: Fedora other
- VBox Version: PUEL
- Guest OSses: XP, Win7, Win10, Linux, OS/2
Re: 12.1 Monterey Code E_ACCESSDENIED (0x8007000) Can't edit Host only vboxnet0 adapter IP address
Please read the manual chapter completely.
This is not a fixed limitation, you just need to configure other network ranges manually.
This is not a fixed limitation, you just need to configure other network ranges manually.
-
- Site Moderator
- Posts: 20945
- Joined: 30. Dec 2009, 20:14
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows, Linux
Re: 12.1 Monterey Code E_ACCESSDENIED (0x8007000) Can't edit Host only vboxnet0 adapter IP address
As Martin points out, the official manual contains instructions on how to have other Host Only address ranges. You need host OS Admin/root-level access to make these changes.
The security hole was this:
The various host OS's that exist have a way to "bridge" multiple networks in the PC into one network so traffic on one network can access the other network. In Windows, this is called "Internet Connection Sharing" or ICS. In Linux-style OSs it's called "bridging", I think. (Note that Linux-like host "bridging" is not the same as Virtualbox's Bridged.)
Bridging / ICS can be used to attach a Host-Only network to the host's regular LAN, thus getting the VMs attached to Host-Only to have full host LAN access. This method is an unsupported workaround when Virtualbox's Bridged is not possible or blocked by network filtering put in place by the the network bosses. (Normally Host-Only only allows connection in a private network to the host only, not to the rest of the host's network.
On Windows, setting up ICS to make this workaround requires Administrator privileges, if I web-search correctly. As I understand it, setting up a Linux "bridge" does not require root/sudo privileges. So Linux users could set up the workaround using non-Admin permissions.
Oracle's paying customers wanted this ability for standard-permission users to connect Host-Only into the host's LAN on Linux-like hosts stopped. Since changing Linux to block bridging without root/sudo is probably not going to be possible, they prevailed on Oracle to change Virtualbox so admin privileges were required to edit Host-Only IP address ranges. As long as the Oracle customers don't use 192.168.56.# in their office LANs, Host-Only couldn't be plugged into the office LAN. Hole plugged.
For the average admin-level home user, this restriction only requires sudoing into a file on the host and editing the content a bit. The whole restriction can be removed, too, if desired. If you're not an admin, you have to ask an admin to make the changes to the file.
The security hole was this:
The various host OS's that exist have a way to "bridge" multiple networks in the PC into one network so traffic on one network can access the other network. In Windows, this is called "Internet Connection Sharing" or ICS. In Linux-style OSs it's called "bridging", I think. (Note that Linux-like host "bridging" is not the same as Virtualbox's Bridged.)
Bridging / ICS can be used to attach a Host-Only network to the host's regular LAN, thus getting the VMs attached to Host-Only to have full host LAN access. This method is an unsupported workaround when Virtualbox's Bridged is not possible or blocked by network filtering put in place by the the network bosses. (Normally Host-Only only allows connection in a private network to the host only, not to the rest of the host's network.
On Windows, setting up ICS to make this workaround requires Administrator privileges, if I web-search correctly. As I understand it, setting up a Linux "bridge" does not require root/sudo privileges. So Linux users could set up the workaround using non-Admin permissions.
Oracle's paying customers wanted this ability for standard-permission users to connect Host-Only into the host's LAN on Linux-like hosts stopped. Since changing Linux to block bridging without root/sudo is probably not going to be possible, they prevailed on Oracle to change Virtualbox so admin privileges were required to edit Host-Only IP address ranges. As long as the Oracle customers don't use 192.168.56.# in their office LANs, Host-Only couldn't be plugged into the office LAN. Hole plugged.
For the average admin-level home user, this restriction only requires sudoing into a file on the host and editing the content a bit. The whole restriction can be removed, too, if desired. If you're not an admin, you have to ask an admin to make the changes to the file.