VirtualBox v5.2.x to access BootCamp-ed Windows-10 as macOS-Guest via RawDisk

[Tesla1856]

Maybe this will help someone.
Here is the macOS script I use. I have it setup as a macOS Alias (with a nice Windows icon).

win10b.command

Code: Select all

#!/bin/bash
# Required to get this VM to always start properly
# macOS High-Sierra v10.13.x, BootCamped Windows-10 64bit (via RawDisk), VirtualBox v5.2.x
# Script v2.3

# After rebooting macOS, it's Mounted again
diskutil unmount /Volumes/BOOTCAMP
sleep 2s
mount

printf "\n"
read -p "Press Enter, then enter your Admin password (to set permissions)"
sudo chmod 777 /dev/disk0s3

# VBoxManage list vms
VBoxManage startvm Windows-10_BootCamp

[socratis]

Just a couple of really minor points. I'll change slightly your script, and comment on the changes:

diskutil unmount /Volumes/<Your_Windows_Volume>
sleep 2s
mount

printf "\n"
read -p "Press Enter, then enter your Admin password (to set permissions)"
sudo chmod og+rw /dev/<Your_Bootcamp_Partition>

VBoxManage startvm <Your_Windows_VM>

I've marked the parameters that could change, depending on each user's setup, with "blue". The names are not set in stone.

But the most important change, is the permissions setting. You should never be explicit about the permissions, i.e. set them numerically to 777 ("rwxrwxrwx"). You should always allow/deny specific permissions to specific groups. Why? Well, I'll give you a couple of examples; first, VirtualBox itself:

$ ls -ale /Applications/VirtualBox.app/Contents/MacOS/VirtualBox
-rwSr-xr-x  1 root  admin  157328 14 Aug 15:04 /Applications/VirtualBox.app/Contents/MacOS/VirtualBox

Do you see that "s" in there? (you'd better, I made it big, red, capital and bold ).

Well, that "s" is the "s"etguid, or else "set the group user id", or else, when this program will be executed, it will have the permissions of the "group", and not of the user that started that program. If you simply "chmod 777" you just lost that "s" part. I made a copy of VirtualBox and here's what happens:

$ ls -ale VirtualBox
-rwsr-xr-x  1 socratis  staff  157328 14 Aug 15:04 VirtualBox
$ chmod 777 VirtualBox
$ ls -ale VirtualBox
-rwxrwxrwx  1 socratis  staff  157328 14 Aug 15:04 VirtualBox

If on the other hand if you do a "chmod og+rw", you give the "o"thers and the "g"roup additional read/write permissions ("+rw"), without affecting the existing ones. BTW, if you remove the "s" part of VirtualBox, it won't run, you just broke it.

I'll finish this with another favorite example, which if permissions are performed with a simple numeric, things can go really wrong:

$ ls -ld /private/tmp/
drwxrwxrwt    9 root  wheel   306 20 Aug 05:48 tmp

If you use a numeric chmod, you might lose the "t" bit, or else the s"t"icky bit, or else, you're allowing everyone to see each other's temp files. With the sticky bit set, only the owner and root can change the contents of the created files in /tmp.

Of course, the above two examples do not apply to devices (by default), but it's a good habit to get into...