VirtualBox security: heavily restricting the operations non-root users can execute

[mrw273]

Our non-root users, who all share computing resources, want VirtualBox to be able to create their own VMs. But we don't want to give them the ability to use it on our hardware for rampant VM usage unless we can enforce rigid restrictions at the VirtualBox level. Here are some examples of things we want to restrict:

* A single VM should not use up more than, say, 15% of a hosts cores and RAM
* A single VM's disk should be less than, say, 50 GB, and should be fixed.
* NAT should be the only allowed Network mode (no Bridged!).

Setting resource usage on an OS level (e.g. /etc/security/limits.conf in Linux) is not feasible because users should be able to use more resources for other non-VirtualBox operations.

I can't find clear documentation on how to do these things. There is a section in the manual about " Locking down the VirtualBox manager GUI", and it vaguely mentions that you can lock down "Network", so there's that I guess. But why wouldn't someone just be able to create a VM using VBoxManage on the command line, bypassing GUI restrictions?

[frank]

What you desire is currently not possible. If the user is able to create VMs then he is free to assign all the resources he is allowed to use to virtual machines. From this perspective VirtualBox does not behave differently from a normal user level application.

[mrw273]

Okay, so it's not possible to limit via resources. But is there a way to disallow Bridged network specifically?

[BillG]

You can elect to not install bridged networking (among other things) as install time, but if the user has the right to install VirtualBox he can enable bridged networking.

[mrw273]

Hmm, we're using VirtualBox for Linux. I'm root installing VirtualBox so that non-root users can use it to create/start/shutdown their own VMs. There was no installation process in Linux which allowed me to customize the installation in any way --- the RPM package just gets installed and magically /usr/bin/VirtualBox is available.

[BillG]

Not in the installation of the guest OS - in the installation of VirtualBox itself. That is why I added the proviso that if the user has the right to install (or reinstall) VirtualBox it can be reversed.

[Perryg]

The Linux version does not have the same install features Bill. I don't know of any way to not install the bridged portion with the default version. There may be a way to block or stop it but I have not looked into that since I have not needed to work through the network code in a long time. If I find some time I will see what I can find or you can ask the DEVs on ICR or the mailing list.

[BillG]

Thanks, Perry.

Sorry for misleading the OP. (In the Windows version you can elect to not install USB support, host only and\or bridged networking and Python).