Virtualbox guest additions: enable by default the display management service (#5730) · Issues · tails / tails

Virtualbox guest additions: enable by default the display management service

Originally created by Tails on #5730 (Redmine)

When running tails as a Virtualbox guest, the display management service is disabled by default. Thus the "auto-resize guest display" option in Virtualbox doesn’t work. It can be enabled by the following command:

sudo VBoxClient —display

This could be made default if there is no security risk involved.

/etc/X11/Xsession.d/98vboxadd-xclient already tries to start this service, but fails: Failed to connect to the VirtualBox kernel service in ~/.xsession-errors. Giving the default user read/write access to /dev/vboxuser allows her to run VBoxClient --display without being root.

The virtualbox-guest-dkms Debian package ships the udev rules that should fix these permissions, but we intentionally remove this package at build time after having built the modules.

One should change config/chroot_local-hooks/50-virtualbox to duplicate the udev rules file installed by virtualbox-guest-dkms.

I’m not convinced we want to do this. First, auto-resize guest display results in super weird resolutions that are essentially unique identifiers. The only application I’m aware of leaking the resolution is Iceweasel. Torbutton does stuff here which maybe is good enough (setting desktop resolution to window size rounded to multiples of 50, I believe). OTOH a VirtualBox host with guest additions installed has a pretty ok selection of resolutions, and user-set resolutions will be remembered and re-set by the guest additions. Isn’t that good enough?

Second, if we give the amnesia user permission to /dev/vboxuser it can also enable clipboard sharing at will. Of course, since the amnesia user is a passwordless sudoer it currently can do that any way, but when tails-greeter is released it won’t. Tthe default when creating a VirtualBox appliance is bi-directional clipboard sharing, and hence a compromised Tails session results in the Tails session always having access to the host’s clipboard. The user could of course disable clipboard sharing in the VirtualBox guest appliance settings when not needed, but I don’t expect users to think about this.

Conslusion: If we think auto-resizing is important and safe, we should enable it by default without giving the user access to /dev/vboxuser. I suppose we could also activate clipboard sharing, but only in the Tails -> host direction.

Until someone gives us convincing arguments for the above this bug is marked wontfix => .

Feature Branch: feature/5730-enable-virtualbox-guest-additions

Related issues

Related to #7728 (closed)

_Originally created by Tails on [#5730 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/5730)_

When running tails as a Virtualbox guest, the display management service
is disabled by default. Thus the "auto-resize guest display\&quot;
option in Virtualbox doesn’t work. It can be enabled by the following
command:

sudo VBoxClient —display

This could be made default if there is no security risk involved.

`/etc/X11/Xsession.d/98vboxadd-xclient` already tries to start this
service, but fails: `Failed to connect to the VirtualBox kernel service`
in `~/.xsession-errors`. Giving the default user read/write access to
`/dev/vboxuser` allows her to run `VBoxClient --display` without being
root.

The `virtualbox-guest-dkms` Debian package ships the udev rules that
should fix these permissions, *but* we intentionally remove this package
at build time after having built the modules.

One should change `config/chroot_local-hooks/50-virtualbox` to duplicate
the udev rules file installed by `virtualbox-guest-dkms`.

I’m not convinced we want to do this. First, auto-resize guest display
results in super weird resolutions that are essentially unique
identifiers. The only application I’m aware of leaking the resolution is
Iceweasel. Torbutton does stuff here which maybe is good enough (setting
desktop resolution to window size rounded to multiples of 50, I
believe). OTOH a VirtualBox host with guest additions installed has a
pretty ok selection of resolutions, and user-set resolutions will be
remembered and re-set by the guest additions. Isn’t that good enough?

Second, if we give the amnesia user permission to `/dev/vboxuser` it can
also enable clipboard sharing at will. Of course, since the amnesia user
is a passwordless sudoer it currently can do that any way, but when
tails-greeter is released it won’t. Tthe default when creating a
VirtualBox appliance is bi-directional clipboard sharing, and hence a
compromised Tails session results in the Tails session always having
access to the host’s clipboard. The user could of course disable
clipboard sharing in the VirtualBox guest appliance settings when not
needed, but I don’t expect users to think about this.

Conslusion: If we think auto-resizing is important and safe, we should
enable it by default without giving the user access to `/dev/vboxuser`.
I suppose we could also activate clipboard sharing, but only in the
Tails -> host direction.

> Until someone gives us convincing arguments for the above this bug is
> marked wontfix => .

</blockquote>

Feature Branch: feature/5730-enable-virtualbox-guest-additions

### Related issues

- **Related to** tails/tails#7728

Discussion
Designs

The one place for your designs

To enable design management, you'll need to meet the requirements. If you need help, reach out to our support team for assistance.