12.1 Monterey Code E_ACCESSDENIED (0x8007000) Can't edit Host only vboxnet0 adapter IP address

Discussions related to using VirtualBox on Mac OS X hosts.
Post Reply
TooManyAcronyms
Posts: 3
Joined: 21. Dec 2021, 20:05

12.1 Monterey Code E_ACCESSDENIED (0x8007000) Can't edit Host only vboxnet0 adapter IP address

Post by TooManyAcronyms »

I used to be able to edit the host only network adapter on 12.01 but routing wasn't working properly. the Subnet/interface of vboxnet0 wasn't showing up in the routing table.

After updating to 12.1 Monterey, when trying to edit the host IP address either in vagrant below or even in the gui I get the following error:

Command: ["hostonlyif", "ipconfig", "vboxnet0", "--ip", "10.2.2.1", "--netmask", "255.255.255.0"]

Stderr: VBoxManage: error: Code E_ACCESSDENIED (0x80070005) - Access denied (extended info not available)
VBoxManage: error: Context: "EnableStaticIPConfig(Bstr(pszIp).raw(), Bstr(pszNetmask).raw())" at line 242 of file VBoxManageHostonly.cpp

I have the /etc/vbox/network.conf file set to allow all networks *0.0.0.0/0

Can anyone help? I've searched for this error and tried the solutions found but none are for vbox 6.1.30 and 12.1 Monterey.
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: 12.1 Monterey Code E_ACCESSDENIED (0x8007000) Can't edit Host only vboxnet0 adapter IP address

Post by scottgus1 »

There is a new requirement for Host-Only networks since 6.1.28 that plugs a security hole. See https://www.virtualbox.org/manual/ch06. ... k_hostonly, at the end of the section, starting at "On Linux, Mac OS X and Solaris Oracle VM VirtualBox...".
TooManyAcronyms
Posts: 3
Joined: 21. Dec 2021, 20:05

Re: 12.1 Monterey Code E_ACCESSDENIED (0x8007000) Can't edit Host only vboxnet0 adapter IP address

Post by TooManyAcronyms »

@scottgus1 I have a /etc/vbox/networks.conf file allowing all networks already, as stated in my initial post.
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: 12.1 Monterey Code E_ACCESSDENIED (0x8007000) Can't edit Host only vboxnet0 adapter IP address

Post by scottgus1 »

TooManyAcronyms wrote:*0.0.0.0/0
Ah, yes, I missed that. Sorry.

From the manual: https://www.virtualbox.org/manual/ch06. ... k_hostonly
Next example allows any addresses, effectively disabling range control:

* 0.0.0.0/0 ::/0
There is a space between the asterisk and the first 0, which does not appear to be in your posted file contents.

If this is a typo and your file contains the space, then we'll have to wait for a Mac guru to look into this further.
TooManyAcronyms
Posts: 3
Joined: 21. Dec 2021, 20:05

Re: 12.1 Monterey Code E_ACCESSDENIED (0x8007000) Can't edit Host only vboxnet0 adapter IP address

Post by TooManyAcronyms »

holy moly nice catch! Same file without the space worked before! now with the space it is working! THANK YOU.
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: 12.1 Monterey Code E_ACCESSDENIED (0x8007000) Can't edit Host only vboxnet0 adapter IP address

Post by scottgus1 »

Great! Glad you're up and running.
Keelung
Posts: 22
Joined: 19. Sep 2017, 04:42

Re: 12.1 Monterey Code E_ACCESSDENIED (0x8007000) Can't edit Host only vboxnet0 adapter IP address

Post by Keelung »

scottgus1 wrote: 21. Dec 2021, 20:18 There is a new requirement for Host-Only networks since 6.1.28 that plugs a security hole. See https://www.virtualbox.org/manual/ch06. ... k_hostonly, at the end of the section, starting at "On Linux, Mac OS X and Solaris Oracle VM VirtualBox...".
That's is
On Linux, macOS and Solaris Oracle VM VirtualBox will only allow IP addresses in 192.168.56.0/21 range to be assigned to host-only adapters
So, WHY on Windows, there is no such limitation?
WHY?
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: 12.1 Monterey Code E_ACCESSDENIED (0x8007000) Can't edit Host only vboxnet0 adapter IP address

Post by mpack »

Who is your question aimed at? These are user discussion forums, not a techical relay rant channel.
Keelung
Posts: 22
Joined: 19. Sep 2017, 04:42

Re: 12.1 Monterey Code E_ACCESSDENIED (0x8007000) Can't edit Host only vboxnet0 adapter IP address

Post by Keelung »

mpack wrote: 5. Aug 2023, 09:59 Who is your question aimed at? These are user discussion forums, not a techical relay rant channel.
The official document, as @scottgus1 mentioned.
Martin
Volunteer
Posts: 2560
Joined: 30. May 2007, 18:05
Primary OS: Fedora other
VBox Version: PUEL
Guest OSses: XP, Win7, Win10, Linux, OS/2

Re: 12.1 Monterey Code E_ACCESSDENIED (0x8007000) Can't edit Host only vboxnet0 adapter IP address

Post by Martin »

Please read the manual chapter completely.
This is not a fixed limitation, you just need to configure other network ranges manually.
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: 12.1 Monterey Code E_ACCESSDENIED (0x8007000) Can't edit Host only vboxnet0 adapter IP address

Post by scottgus1 »

As Martin points out, the official manual contains instructions on how to have other Host Only address ranges. You need host OS Admin/root-level access to make these changes.

The security hole was this:

The various host OS's that exist have a way to "bridge" multiple networks in the PC into one network so traffic on one network can access the other network. In Windows, this is called "Internet Connection Sharing" or ICS. In Linux-style OSs it's called "bridging", I think. (Note that Linux-like host "bridging" is not the same as Virtualbox's Bridged.)

Bridging / ICS can be used to attach a Host-Only network to the host's regular LAN, thus getting the VMs attached to Host-Only to have full host LAN access. This method is an unsupported workaround when Virtualbox's Bridged is not possible or blocked by network filtering put in place by the the network bosses. (Normally Host-Only only allows connection in a private network to the host only, not to the rest of the host's network.

On Windows, setting up ICS to make this workaround requires Administrator privileges, if I web-search correctly. As I understand it, setting up a Linux "bridge" does not require root/sudo privileges. So Linux users could set up the workaround using non-Admin permissions.

Oracle's paying customers wanted this ability for standard-permission users to connect Host-Only into the host's LAN on Linux-like hosts stopped. Since changing Linux to block bridging without root/sudo is probably not going to be possible, they prevailed on Oracle to change Virtualbox so admin privileges were required to edit Host-Only IP address ranges. As long as the Oracle customers don't use 192.168.56.# in their office LANs, Host-Only couldn't be plugged into the office LAN. Hole plugged.

For the average admin-level home user, this restriction only requires sudoing into a file on the host and editing the content a bit. The whole restriction can be removed, too, if desired. If you're not an admin, you have to ask an admin to make the changes to the file.
Post Reply