From nobody@FreeBSD.org  Fri Dec  9 05:26:16 2011
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9981E106564A
	for <freebsd-gnats-submit@FreeBSD.org>; Fri,  9 Dec 2011 05:26:16 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 895608FC0A
	for <freebsd-gnats-submit@FreeBSD.org>; Fri,  9 Dec 2011 05:26:16 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id pB95QGMV039249
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 9 Dec 2011 05:26:16 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id pB95QG9H039248;
	Fri, 9 Dec 2011 05:26:16 GMT
	(envelope-from nobody)
Message-Id: <201112090526.pB95QG9H039248@red.freebsd.org>
Date: Fri, 9 Dec 2011 05:26:16 GMT
From: Kamil Choudhury <kamil.choudhury@anserinae.net>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Virtualbox  doesn't work on nullfs mounted filesystems
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         163142
>Category:       ports
>Synopsis:       emulators/virtualbox-ose: virtualbox doesn't work on nullfs mounted filesystems
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    vbox
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Dec 09 05:30:09 UTC 2011
>Closed-Date:    
>Last-Modified:  Wed Oct  3 21:00:25 UTC 2012
>Originator:     Kamil Choudhury
>Release:        FreeBSD 8.1-RELEASE
>Organization:
>Environment:
FreeBSD serenity.anserinae.net 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:36:49 UTC 2010     root@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64
>Description:
port: emulators/virtualbox-ose

Attempts to launch VBoxHeadless from a nullfs-mounted result in the following error: 

[root@serenity /usr/local/lib/virtualbox]# VBoxHeadless
VBoxHeadless: supR3HardenedExecDir: sysctl failed

Setuid permissions and userids are set correctly for the relevant binaries: 

[root@serenity /usr/local/lib/virtualbox]# ls -al | egrep vboxusers
-rwx--x--x   1 root  vboxusers   178183 Dec  6 19:50 VBoxExtPackHelperApp
-r-s--x--x   1 root  vboxusers    25608 Dec  6 19:50 VBoxHeadless
-rwx--x--x   1 root  vboxusers   798992 Dec  6 19:50 VBoxManage
-r-s--x--x   1 root  vboxusers    25608 Dec  6 19:50 VBoxNetDHCP
-rwx--x--x   1 root  vboxusers  2440992 Dec  6 19:50 VBoxSVC
-rwx--x--x   1 root  vboxusers    27192 Dec  6 19:50 VBoxXPCOMIPCD

Attempting to run them on the raw fs without a nullfs mount works correctly. 

Problem appears to have been identified a while a back: 

http://lists.freebsd.org/pipermail/freebsd-ports/2010-October/064168.html

Use case: attempting to run virtualbox inside a jail using a /usr/local directory mounted via nullfs. 


>How-To-Repeat:
Mount filesystem containing VBox* binaries using nullfs. Attempt to execute VBoxHeadless off nullfs mount. Witness failure. 
>Fix:
Unknown at this time. 

>Release-Note:
>Audit-Trail:

From: Cy Schubert <Cy.Schubert@komquats.com>
To: bug-followup <bug-followup@freebsd.org>
Cc:  
Subject: ports/163142: Virtualbox doesn't work on nullfs mounted filesystems
Date: Sat, 10 Dec 2011 09:14:24 -0800

 Replacing nullfs mounts with NFS mounts works. I'm not sure if unionfs 
 mounts work but you may want to try that as well. That would provide an 
 additional data point to resolving this.
 
 
 -- 
 Cheers,
 Cy Schubert <Cy.Schubert@komquats.com>
 FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  http://www.FreeBSD.org
 
 	The need of the many outweighs the greed of the few.
 
 
Responsible-Changed-From-To: freebsd-ports-bugs->vbox 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Sat Dec 10 22:42:18 UTC 2011 
Responsible-Changed-Why:  
Fix synopsis and assign. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=163142 

From: Bernhard Froehlich <decke@FreeBSD.org>
To: <bug-followup@FreeBSD.org>, <kamil.choudhury@anserinae.net>
Cc:  
Subject: Re: ports/163142: emulators/virtualbox-ose: virtualbox doesn't work
 on nullfs mounted filesystems
Date: Tue, 20 Dec 2011 16:55:31 +0100

 int aiName[4];
 aiName[0] = CTL_KERN;
 aiName[1] = KERN_PROC;
 aiName[2] = KERN_PROC_PATHNAME;
 aiName[3] = getpid();
 
 size_t cbPath = sizeof(g_szSupLibHardenedExePath);
 if (sysctl(aiName, RT_ELEMENTS(aiName), g_szSupLibHardenedExePath, 
 &cbPath, NULL, 0) < 0)
      supR3HardenedFatal("supR3HardenedExecDir: sysctl failed\n");
 
 
 https://www.virtualbox.org/browser/trunk/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp?rev=39657#L312
 
 
  From the code above it looks like nullfs isn't able to lookup the path
 of the running binarym and I'm not sure if that makes sense for nullfs
 at all. We should ask some nullfs expert on that.
 
 VirtualBox requires this information only for additional security 
 checks
 but you can disable this by passing "--disable-hardening" to configure
 or some similar kmk variable.
 
 -- 
 Bernhard Froehlich
 http://www.bluelife.at/

From: Kamil Choudhury <Kamil.Choudhury@anserinae.net>
To: Bernhard Froehlich <decke@FreeBSD.org>, "bug-followup@FreeBSD.org"
	<bug-followup@FreeBSD.org>
Cc:  
Subject: RE: ports/163142: emulators/virtualbox-ose: virtualbox doesn't work
 on nullfs mounted filesystems
Date: Tue, 20 Dec 2011 16:23:22 +0000

 PiBodHRwczovL3d3dy52aXJ0dWFsYm94Lm9yZy9icm93c2VyL3RydW5rL3NyYy9WQm94L0hvc3RE
 cml2ZXJzL1N1cHBvcnQvU1VQUjNIYXJkZW5lZE1haW4uY3BwP3Jldj0zOTY1NyNMMzEyDQoNCll1
 cCAtLSBJIGFjdHVhbGx5IGFza2VkIGZyZWVic2QtZnMgYWJvdXQgdGhlIHNuaXBwZXQgaW4gcXVl
 c3Rpb246IA0KDQpodHRwOi8vb3NkaXIuY29tL21sL2ZyZWVic2QtZnMvMjAxMS0xMi9tc2cwMDA2
 Ny5odG1sDQoNCkFwcGFyZW50bHkgdGhlcmUncyBhIGZpeCBpbiB0aGUgd29ya3MsIGJ1dCBub3Qg
 dW50aWwgYWZ0ZXIgOS4wIGlzIHJlbGVhc2VkLiANCg0KPiAuLi4geW91IGNhbiBkaXNhYmxlIHRo
 aXMgYnkgcGFzc2luZyAiLS1kaXNhYmxlLWhhcmRlbmluZyIgdG8gY29uZmlndXJlDQo+IG9yIHNv
 bWUgc2ltaWxhciBrbWsgdmFyaWFibGUuDQoNCldpbGwgbG9vayBpbnRvIHRoaXMuICANCg0KVGhh
 bmtzIGZvciBpbnZlc3RpZ2F0aW5nLiANCg0K

From: =?ISO-8859-1?Q?Bernhard_Fr=F6hlich?= <decke@bluelife.at>
To: bug-followup@FreeBSD.org, kamil.choudhury@anserinae.net
Cc:  
Subject: Re: ports/163142: emulators/virtualbox-ose: virtualbox doesn&#39;t
 work on nullfs mounted filesystems
Date: Wed, 3 Oct 2012 22:54:50 +0200

 Is this fixed in nullfs in 9-stable now or is it still broken?
 
 --=20
 Bernhard Fr=F6hlich
 http://www.bluelife.at/
>Unformatted:
