VirtualBox

source: vbox/trunk/src/VBox/Installer/linux/vboxdrv.sh@ 96679

Last change on this file since 96679 was 96679, checked in by vboxsync, 2 years ago

Linux Host: vboxdrv.sh: Adjust Secure Boot related part of the script, bugref:10287.
  • Property svn:eol-style set to LF
  • Property svn:keywords set to Author Date Id Revision
File size: 27.7 KB
Line 
1#! /bin/sh
2# Oracle VM VirtualBox
3# Linux kernel module init script
4
5#
6# Copyright (C) 2006-2022 Oracle and/or its affiliates.
7#
8# This file is part of VirtualBox base platform packages, as
9# available from https://www.virtualbox.org.
10#
11# This program is free software; you can redistribute it and/or
12# modify it under the terms of the GNU General Public License
13# as published by the Free Software Foundation, in version 3 of the
14# License.
15#
16# This program is distributed in the hope that it will be useful, but
17# WITHOUT ANY WARRANTY; without even the implied warranty of
18# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19# General Public License for more details.
20#
21# You should have received a copy of the GNU General Public License
22# along with this program; if not, see <https://www.gnu.org/licenses>.
23#
24# SPDX-License-Identifier: GPL-3.0-only
25#
26
27# chkconfig: 345 20 80
28# description: VirtualBox Linux kernel module
29#
30### BEGIN INIT INFO
31# Provides: vboxdrv
32# Required-Start: $syslog
33# Required-Stop:
34# Default-Start: 2 3 4 5
35# Default-Stop: 0 1 6
36# Short-Description: VirtualBox Linux kernel module
37### END INIT INFO
38
39## @todo This file duplicates a lot of script with vboxadd.sh. When making
40# changes please try to reduce differences between the two wherever possible.
41
42## @todo Remove the stop_vms target so that this script is only relevant to
43# kernel modules. Nice but not urgent.
44
45PATH=/sbin:/bin:/usr/sbin:/usr/bin:$PATH
46DEVICE=/dev/vboxdrv
47MODPROBE=/sbin/modprobe
48SCRIPTNAME=vboxdrv.sh
49
50# The below is GNU-specific. See VBox.sh for the longer Solaris/OS X version.
51TARGET=`readlink -e -- "${0}"` || exit 1
52SCRIPT_DIR="${TARGET%/[!/]*}"
53
54if $MODPROBE -c | grep -q '^allow_unsupported_modules *0'; then
55 MODPROBE="$MODPROBE --allow-unsupported-modules"
56fi
57
58setup_log()
59{
60 test -n "${LOG}" && return 0
61 # Rotate log files
62 LOG="/var/log/vbox-setup.log"
63 mv "${LOG}.3" "${LOG}.4" 2>/dev/null
64 mv "${LOG}.2" "${LOG}.3" 2>/dev/null
65 mv "${LOG}.1" "${LOG}.2" 2>/dev/null
66 mv "${LOG}" "${LOG}.1" 2>/dev/null
67}
68
69[ -f /etc/vbox/vbox.cfg ] && . /etc/vbox/vbox.cfg
70export VBOX_KBUILD_TYPE
71export USERNAME
72export USER=$USERNAME
73
74if test -n "${INSTALL_DIR}" && test -x "${INSTALL_DIR}/VirtualBox"; then
75 MODULE_SRC="${INSTALL_DIR}/src/vboxhost"
76elif test -x /usr/lib/virtualbox/VirtualBox; then
77 INSTALL_DIR=/usr/lib/virtualbox
78 MODULE_SRC="/usr/share/virtualbox/src/vboxhost"
79elif test -x "${SCRIPT_DIR}/VirtualBox"; then
80 # Executing from the build directory
81 INSTALL_DIR="${SCRIPT_DIR}"
82 MODULE_SRC="${INSTALL_DIR}/src"
83else
84 # Silently exit if the package was uninstalled but not purged.
85 # Applies to Debian packages only (but shouldn't hurt elsewhere)
86 exit 0
87fi
88VIRTUALBOX="${INSTALL_DIR}/VirtualBox"
89VBOXMANAGE="${INSTALL_DIR}/VBoxManage"
90BUILDINTMP="${MODULE_SRC}/build_in_tmp"
91if test -u "${VIRTUALBOX}"; then
92 GROUP=root
93 DEVICE_MODE=0600
94else
95 GROUP=vboxusers
96 DEVICE_MODE=0660
97fi
98
99KERN_VER=`uname -r`
100if test -e "${MODULE_SRC}/vboxpci"; then
101 MODULE_LIST="vboxdrv vboxnetflt vboxnetadp vboxpci"
102else
103 MODULE_LIST="vboxdrv vboxnetflt vboxnetadp"
104fi
105# Secure boot state.
106case "`mokutil --sb-state 2>/dev/null`" in
107 *"disabled in shim"*) unset HAVE_SEC_BOOT;;
108 *"SecureBoot enabled"*) HAVE_SEC_BOOT=true;;
109 *) unset HAVE_SEC_BOOT;;
110esac
111# So far we can only sign modules on Ubuntu and on Debian 10 and later.
112DEB_PUB_KEY=/var/lib/shim-signed/mok/MOK.der
113DEB_PRIV_KEY=/var/lib/shim-signed/mok/MOK.priv
114unset HAVE_DEB_KEY
115case "`mokutil --test-key "$DEB_PUB_KEY" 2>/dev/null`" in
116 *"is already"*) DEB_KEY_ENROLLED=true;;
117 *) unset DEB_KEY_ENROLLED;;
118esac
119
120# Try to find a tool for modules signing.
121SIGN_TOOL=$(which kmodsign 2>/dev/null)
122# Attempt to use in-kernel signing tool if kmodsign not found.
123if test -z "$SIGN_TOOL"; then
124 if test -x "/lib/modules/$KERN_VER/build/scripts/sign-file"; then
125 SIGN_TOOL="/lib/modules/$KERN_VER/build/scripts/sign-file"
126 fi
127fi
128
129if type update-secureboot-policy >/dev/null 2>&1; then
130 HAVE_UPDATE_SECUREBOOT_POLICY_TOOL=true
131fi
132
133[ -r /etc/default/virtualbox ] && . /etc/default/virtualbox
134
135# Preamble for Gentoo
136if [ "`which $0`" = "/sbin/rc" ]; then
137 shift
138fi
139
140begin_msg()
141{
142 test -n "${2}" && echo "${SCRIPTNAME}: ${1}."
143 logger -t "${SCRIPTNAME}" "${1}."
144}
145
146succ_msg()
147{
148 logger -t "${SCRIPTNAME}" "${1}."
149}
150
151fail_msg()
152{
153 echo "${SCRIPTNAME}: failed: ${1}." >&2
154 logger -t "${SCRIPTNAME}" "failed: ${1}."
155}
156
157failure()
158{
159 fail_msg "$1"
160 exit 1
161}
162
163running()
164{
165 lsmod | grep -q "$1[^_-]"
166}
167
168log()
169{
170 setup_log
171 echo "${1}" >> "${LOG}"
172}
173
174module_build_log()
175{
176 setup_log
177 echo "${1}" | egrep -v \
178 "^test -e include/generated/autoconf.h|^echo >&2|^/bin/false\)$" \
179 >> "${LOG}"
180}
181
182# Detect VirtualBox version info or report error.
183VBOX_VERSION="`"$VBOXMANAGE" -v | cut -d r -f1`"
184[ -n "$VBOX_VERSION" ] || failure 'Cannot detect VirtualBox version number'
185VBOX_REVISION="r`"$VBOXMANAGE" -v | cut -d r -f2`"
186[ "$VBOX_REVISION" != "r" ] || failure 'Cannot detect VirtualBox revision number'
187
188## Output the vboxdrv part of our udev rule. This is redirected to the right file.
189udev_write_vboxdrv() {
190 VBOXDRV_GRP="$1"
191 VBOXDRV_MODE="$2"
192
193 echo "KERNEL==\"vboxdrv\", OWNER=\"root\", GROUP=\"$VBOXDRV_GRP\", MODE=\"$VBOXDRV_MODE\""
194 echo "KERNEL==\"vboxdrvu\", OWNER=\"root\", GROUP=\"root\", MODE=\"0666\""
195 echo "KERNEL==\"vboxnetctl\", OWNER=\"root\", GROUP=\"$VBOXDRV_GRP\", MODE=\"$VBOXDRV_MODE\""
196}
197
198## Output the USB part of our udev rule. This is redirected to the right file.
199udev_write_usb() {
200 INSTALLATION_DIR="$1"
201 USB_GROUP="$2"
202
203 echo "SUBSYSTEM==\"usb_device\", ACTION==\"add\", RUN+=\"$INSTALLATION_DIR/VBoxCreateUSBNode.sh \$major \$minor \$attr{bDeviceClass}${USB_GROUP}\""
204 echo "SUBSYSTEM==\"usb\", ACTION==\"add\", ENV{DEVTYPE}==\"usb_device\", RUN+=\"$INSTALLATION_DIR/VBoxCreateUSBNode.sh \$major \$minor \$attr{bDeviceClass}${USB_GROUP}\""
205 echo "SUBSYSTEM==\"usb_device\", ACTION==\"remove\", RUN+=\"$INSTALLATION_DIR/VBoxCreateUSBNode.sh --remove \$major \$minor\""
206 echo "SUBSYSTEM==\"usb\", ACTION==\"remove\", ENV{DEVTYPE}==\"usb_device\", RUN+=\"$INSTALLATION_DIR/VBoxCreateUSBNode.sh --remove \$major \$minor\""
207}
208
209## Generate our udev rule file. This takes a change in udev rule syntax in
210## version 55 into account. It only creates rules for USB for udev versions
211## recent enough to support USB device nodes.
212generate_udev_rule() {
213 VBOXDRV_GRP="$1" # The group owning the vboxdrv device
214 VBOXDRV_MODE="$2" # The access mode for the vboxdrv device
215 INSTALLATION_DIR="$3" # The directory VirtualBox is installed in
216 USB_GROUP="$4" # The group that has permission to access USB devices
217 NO_INSTALL="$5" # Set this to "1" to remove but not re-install rules
218
219 # Extra space!
220 case "$USB_GROUP" in ?*) USB_GROUP=" $USB_GROUP" ;; esac
221 case "$NO_INSTALL" in "1") return ;; esac
222 udev_write_vboxdrv "$VBOXDRV_GRP" "$VBOXDRV_MODE"
223 udev_write_usb "$INSTALLATION_DIR" "$USB_GROUP"
224}
225
226## Install udev rule (disable with INSTALL_NO_UDEV=1 in
227## /etc/default/virtualbox).
228install_udev() {
229 VBOXDRV_GRP="$1" # The group owning the vboxdrv device
230 VBOXDRV_MODE="$2" # The access mode for the vboxdrv device
231 INSTALLATION_DIR="$3" # The directory VirtualBox is installed in
232 USB_GROUP="$4" # The group that has permission to access USB devices
233 NO_INSTALL="$5" # Set this to "1" to remove but not re-install rules
234
235 if test -d /etc/udev/rules.d; then
236 generate_udev_rule "$VBOXDRV_GRP" "$VBOXDRV_MODE" "$INSTALLATION_DIR" \
237 "$USB_GROUP" "$NO_INSTALL"
238 fi
239 # Remove old udev description file
240 rm -f /etc/udev/rules.d/10-vboxdrv.rules 2> /dev/null
241}
242
243## Create a usb device node for a given sysfs path to a USB device.
244install_create_usb_node_for_sysfs() {
245 path="$1" # sysfs path for the device
246 usb_createnode="$2" # Path to the USB device node creation script
247 usb_group="$3" # The group to give ownership of the node to
248 if test -r "${path}/dev"; then
249 dev="`cat "${path}/dev" 2> /dev/null`"
250 major="`expr "$dev" : '\(.*\):' 2> /dev/null`"
251 minor="`expr "$dev" : '.*:\(.*\)' 2> /dev/null`"
252 class="`cat ${path}/bDeviceClass 2> /dev/null`"
253 sh "${usb_createnode}" "$major" "$minor" "$class" \
254 "${usb_group}" 2>/dev/null
255 fi
256}
257
258udev_rule_file=/etc/udev/rules.d/60-vboxdrv.rules
259sysfs_usb_devices="/sys/bus/usb/devices/*"
260
261## Install udev rules and create device nodes for usb access
262setup_usb() {
263 VBOXDRV_GRP="$1" # The group that should own /dev/vboxdrv
264 VBOXDRV_MODE="$2" # The mode to be used for /dev/vboxdrv
265 INSTALLATION_DIR="$3" # The directory VirtualBox is installed in
266 USB_GROUP="$4" # The group that should own the /dev/vboxusb device
267 # nodes unless INSTALL_NO_GROUP=1 in
268 # /etc/default/virtualbox. Optional.
269 usb_createnode="$INSTALLATION_DIR/VBoxCreateUSBNode.sh"
270 # install udev rule (disable with INSTALL_NO_UDEV=1 in
271 # /etc/default/virtualbox)
272 if [ "$INSTALL_NO_GROUP" != "1" ]; then
273 usb_group=$USB_GROUP
274 vboxdrv_group=$VBOXDRV_GRP
275 else
276 usb_group=root
277 vboxdrv_group=root
278 fi
279 install_udev "${vboxdrv_group}" "$VBOXDRV_MODE" \
280 "$INSTALLATION_DIR" "${usb_group}" \
281 "$INSTALL_NO_UDEV" > ${udev_rule_file}
282 # Build our device tree
283 for i in ${sysfs_usb_devices}; do # This line intentionally without quotes.
284 install_create_usb_node_for_sysfs "$i" "${usb_createnode}" \
285 "${usb_group}"
286 done
287}
288
289cleanup_usb()
290{
291 # Remove udev description file
292 rm -f /etc/udev/rules.d/60-vboxdrv.rules
293 rm -f /etc/udev/rules.d/10-vboxdrv.rules
294
295 # Remove our USB device tree
296 rm -rf /dev/vboxusb
297}
298
299# Returns path to module file as seen by modinfo(8) or empty string.
300module_path()
301{
302 mod="$1"
303 [ -n "$mod" ] || return
304
305 modinfo "$mod" 2>/dev/null | grep -e "^filename:" | tr -s ' ' | cut -d " " -f2
306}
307
308# Returns module version if module is available or empty string.
309module_version()
310{
311 mod="$1"
312 [ -n "$mod" ] || return
313
314 modinfo "$mod" 2>/dev/null | grep -e "^version:" | tr -s ' ' | cut -d " " -f2
315}
316
317# Returns module revision if module is available in the system or empty string.
318module_revision()
319{
320 mod="$1"
321 [ -n "$mod" ] || return
322
323 modinfo "$mod" 2>/dev/null | grep -e "^version:" | tr -s ' ' | cut -d " " -f3
324}
325
326# Reads CONFIG_MODULE_SIG_HASH from kernel config.
327kernel_module_sig_hash()
328{
329 /lib/modules/"$KERN_VER"/build/scripts/config \
330 --file /lib/modules/"$KERN_VER"/build/.config \
331 --state CONFIG_MODULE_SIG_HASH 2>/dev/null
332}
333
334# Returns "1" if kernel module signature hash algorithm
335# is supported by us. Or empty string otherwise.
336module_sig_hash_supported()
337{
338 sig_hashalgo="$1"
339 [ -n "$sig_hashalgo" ] || return
340
341 # Go through supported list.
342 [ "$sig_hashalgo" = "sha1" \
343 -o "$sig_hashalgo" = "sha224" \
344 -o "$sig_hashalgo" = "sha256" \
345 -o "$sig_hashalgo" = "sha384" \
346 -o "$sig_hashalgo" = "sha512" ] || return
347
348 echo "1"
349}
350
351# Returns "1" if module is signed and signature can be verified
352# with public key provided in DEB_PUB_KEY. Or empty string otherwise.
353module_signed()
354{
355 mod="$1"
356 [ -n "$mod" ] || return
357
358 extraction_tool=/lib/modules/"$(uname -r)"/build/scripts/extract-module-sig.pl
359 mod_path=$(module_path "$mod" 2>/dev/null)
360 openssl_tool=$(which openssl 2>/dev/null)
361 # Do not use built-in printf!
362 printf_tool=$(which printf 2>/dev/null)
363
364 # Make sure all the tools required for signature validation are available.
365 [ -x "$extraction_tool" ] || return
366 [ -n "$mod_path" ] || return
367 [ -n "$openssl_tool" ] || return
368 [ -n "$printf_tool" ] || return
369
370 # Make sure openssl can handle hash algorithm.
371 sig_hashalgo=$(modinfo -F sig_hashalgo vboxdrv 2>/dev/null)
372 [ "$(module_sig_hash_supported $sig_hashalgo)" = "1" ] || return
373
374 # Generate file names for temporary stuff.
375 mod_pub_key=$(mktemp -u)
376 mod_signature=$(mktemp -u)
377 mod_unsigned=$(mktemp -u)
378
379 # Convert public key in DER format into X509 certificate form.
380 "$openssl_tool" x509 -pubkey -inform DER -in "$DEB_PUB_KEY" -out "$mod_pub_key" 2>/dev/null
381 # Extract raw module signature and convert it into binary format.
382 "$printf_tool" \\x$(modinfo -F signature "$mod" | sed -z 's/[ \t\n]//g' | sed -e "s/:/\\\x/g") 2>/dev/null > "$mod_signature"
383 # Extract unsigned module for further digest calculation.
384 "$extraction_tool" -0 "$mod_path" 2>/dev/null > "$mod_unsigned"
385
386 # Verify signature.
387 rc=""
388 "$openssl_tool" dgst "-$sig_hashalgo" -binary -verify "$mod_pub_key" -signature "$mod_signature" "$mod_unsigned" 2>&1 >/dev/null && rc="1"
389 # Clean up.
390 rm -f $mod_pub_key $mod_signature $mod_unsigned
391
392 # Check result.
393 [ "$rc" = "1" ] || return
394
395 echo "1"
396}
397
398# Returns "1" if externally built module is available in the system and its
399# version and revision number do match to current VirtualBox installation.
400# Or empty string otherwise.
401module_available()
402{
403 mod="$1"
404 [ -n "$mod" ] || return
405
406 [ "$VBOX_VERSION" = "$(module_version "$mod")" ] || return
407 [ "$VBOX_REVISION" = "$(module_revision "$mod")" ] || return
408
409 # Check if module belongs to VirtualBox installation.
410 #
411 # We have a convention that only modules from /lib/modules/*/misc
412 # belong to us. Modules from other locations are treated as
413 # externally built.
414 mod_path="$(module_path "$mod")"
415
416 # If module path points to a symbolic link, resolve actual file location.
417 [ -L "$mod_path" ] && mod_path="$(readlink -e -- "$mod_path")"
418
419 # File exists?
420 [ -f "$mod_path" ] || return
421
422 # Extract last component of module path and check whether it is located
423 # outside of /lib/modules/*/misc.
424 mod_dir="$(dirname "$mod_path" | sed 's;^.*/;;')"
425 [ "$mod_dir" = "misc" ] || return
426
427 # In case if system is running in Secure Boot mode, check if module is signed.
428 if test -n "$HAVE_SEC_BOOT"; then
429 [ "$(module_signed "$mod")" = "1" ] || return
430 fi
431
432 echo "1"
433}
434
435# Check if required modules are installed in the system and versions match.
436setup_complete()
437{
438 [ "$(module_available vboxdrv)" = "1" ] || return
439 [ "$(module_available vboxnetflt)" = "1" ] || return
440 [ "$(module_available vboxnetadp)" = "1" ] || return
441
442 # All modules are in place.
443 echo "1"
444}
445
446start()
447{
448 begin_msg "Starting VirtualBox services" console
449 if [ -d /proc/xen ]; then
450 failure "Running VirtualBox in a Xen environment is not supported"
451 fi
452 if test -n "$HAVE_SEC_BOOT" && test -z "$DEB_KEY_ENROLLED"; then
453 if test -n "$HAVE_DEB_KEY"; then
454 begin_msg "You must re-start your system to finish Debian secure boot set-up." console
455 else
456 begin_msg "You must sign these kernel modules before using VirtualBox:
457 $MODULE_LIST
458See the documentation for your Linux distribution." console
459 fi
460 fi
461
462 if ! running vboxdrv; then
463
464 # Check if system already has matching modules installed.
465 [ "$(setup_complete)" = "1" ] || setup
466
467 if ! rm -f $DEVICE; then
468 failure "Cannot remove $DEVICE"
469 fi
470 if ! $MODPROBE vboxdrv > /dev/null 2>&1; then
471 failure "modprobe vboxdrv failed. Please use 'dmesg' to find out why"
472 fi
473 sleep .2
474 fi
475 # ensure the character special exists
476 if [ ! -c $DEVICE ]; then
477 MAJOR=`sed -n 's;\([0-9]\+\) vboxdrv$;\1;p' /proc/devices`
478 if [ ! -z "$MAJOR" ]; then
479 MINOR=0
480 else
481 MINOR=`sed -n 's;\([0-9]\+\) vboxdrv$;\1;p' /proc/misc`
482 if [ ! -z "$MINOR" ]; then
483 MAJOR=10
484 fi
485 fi
486 if [ -z "$MAJOR" ]; then
487 rmmod vboxdrv 2>/dev/null
488 failure "Cannot locate the VirtualBox device"
489 fi
490 if ! mknod -m 0660 $DEVICE c $MAJOR $MINOR 2>/dev/null; then
491 rmmod vboxdrv 2>/dev/null
492 failure "Cannot create device $DEVICE with major $MAJOR and minor $MINOR"
493 fi
494 fi
495 # ensure permissions
496 if ! chown :"${GROUP}" $DEVICE 2>/dev/null; then
497 rmmod vboxpci 2>/dev/null
498 rmmod vboxnetadp 2>/dev/null
499 rmmod vboxnetflt 2>/dev/null
500 rmmod vboxdrv 2>/dev/null
501 failure "Cannot change group ${GROUP} for device $DEVICE"
502 fi
503 if ! $MODPROBE vboxnetflt > /dev/null 2>&1; then
504 failure "modprobe vboxnetflt failed. Please use 'dmesg' to find out why"
505 fi
506 if ! $MODPROBE vboxnetadp > /dev/null 2>&1; then
507 failure "modprobe vboxnetadp failed. Please use 'dmesg' to find out why"
508 fi
509 if test -e "${MODULE_SRC}/vboxpci" && ! $MODPROBE vboxpci > /dev/null 2>&1; then
510 failure "modprobe vboxpci failed. Please use 'dmesg' to find out why"
511 fi
512 # Create the /dev/vboxusb directory if the host supports that method
513 # of USB access. The USB code checks for the existance of that path.
514 if grep -q usb_device /proc/devices; then
515 mkdir -p -m 0750 /dev/vboxusb 2>/dev/null
516 chown root:vboxusers /dev/vboxusb 2>/dev/null
517 fi
518 # Remove any kernel modules left over from previously installed kernels.
519 cleanup only_old
520 succ_msg "VirtualBox services started"
521}
522
523stop()
524{
525 begin_msg "Stopping VirtualBox services" console
526
527 if running vboxpci; then
528 if ! rmmod vboxpci 2>/dev/null; then
529 failure "Cannot unload module vboxpci"
530 fi
531 fi
532 if running vboxnetadp; then
533 if ! rmmod vboxnetadp 2>/dev/null; then
534 failure "Cannot unload module vboxnetadp"
535 fi
536 fi
537 if running vboxdrv; then
538 if running vboxnetflt; then
539 if ! rmmod vboxnetflt 2>/dev/null; then
540 failure "Cannot unload module vboxnetflt"
541 fi
542 fi
543 if ! rmmod vboxdrv 2>/dev/null; then
544 failure "Cannot unload module vboxdrv"
545 fi
546 if ! rm -f $DEVICE; then
547 failure "Cannot unlink $DEVICE"
548 fi
549 fi
550 succ_msg "VirtualBox services stopped"
551}
552
553# enter the following variables in /etc/default/virtualbox:
554# SHUTDOWN_USERS="foo bar"
555# check for running VMs of user foo and user bar
556# SHUTDOWN=poweroff
557# SHUTDOWN=acpibutton
558# SHUTDOWN=savestate
559# select one of these shutdown methods for running VMs
560stop_vms()
561{
562 wait=0
563 for i in $SHUTDOWN_USERS; do
564 # don't create the ipcd directory with wrong permissions!
565 if [ -d /tmp/.vbox-$i-ipc ]; then
566 export VBOX_IPC_SOCKETID="$i"
567 VMS=`$VBOXMANAGE --nologo list runningvms | sed -e 's/^".*".*{\(.*\)}/\1/' 2>/dev/null`
568 if [ -n "$VMS" ]; then
569 if [ "$SHUTDOWN" = "poweroff" ]; then
570 begin_msg "Powering off remaining VMs"
571 for v in $VMS; do
572 $VBOXMANAGE --nologo controlvm $v poweroff
573 done
574 succ_msg "Remaining VMs powered off"
575 elif [ "$SHUTDOWN" = "acpibutton" ]; then
576 begin_msg "Sending ACPI power button event to remaining VMs"
577 for v in $VMS; do
578 $VBOXMANAGE --nologo controlvm $v acpipowerbutton
579 wait=30
580 done
581 succ_msg "ACPI power button event sent to remaining VMs"
582 elif [ "$SHUTDOWN" = "savestate" ]; then
583 begin_msg "Saving state of remaining VMs"
584 for v in $VMS; do
585 $VBOXMANAGE --nologo controlvm $v savestate
586 done
587 succ_msg "State of remaining VMs saved"
588 fi
589 fi
590 fi
591 done
592 # wait for some seconds when doing ACPI shutdown
593 if [ "$wait" -ne 0 ]; then
594 begin_msg "Waiting for $wait seconds for VM shutdown"
595 sleep $wait
596 succ_msg "Waited for $wait seconds for VM shutdown"
597 fi
598}
599
600cleanup()
601{
602 # If this is set, only remove kernel modules for no longer installed
603 # kernels. Note that only generated kernel modules should be placed
604 # in /lib/modules/*/misc. Anything that we should not remove automatically
605 # should go elsewhere.
606 only_old="${1}"
607 for i in /lib/modules/*; do
608 # Check whether we are only cleaning up for uninstalled kernels.
609 test -n "${only_old}" && test -e "${i}/kernel/drivers" && continue
610 # We could just do "rm -f", but we only want to try deleting folders if
611 # we are sure they were ours, i.e. they had our modules in beforehand.
612 if test -e "${i}/misc/vboxdrv.ko" \
613 || test -e "${i}/misc/vboxnetadp.ko" \
614 || test -e "${i}/misc/vboxnetflt.ko" \
615 || test -e "${i}/misc/vboxpci.ko"; then
616 rm -f "${i}/misc/vboxdrv.ko" "${i}/misc/vboxnetadp.ko" \
617 "${i}/misc/vboxnetflt.ko" "${i}/misc/vboxpci.ko"
618 version=`expr "${i}" : "/lib/modules/\(.*\)"`
619 depmod -a "${version}"
620 sync
621 fi
622 # Remove the kernel version folder if it was empty except for us.
623 test "`echo ${i}/misc/* ${i}/misc/.?* ${i}/* ${i}/.?*`" \
624 = "${i}/misc/* ${i}/misc/.. ${i}/misc ${i}/.." &&
625 rmdir "${i}/misc" "${i}" # We used to leave empty folders.
626 done
627}
628
629# setup_script
630setup()
631{
632 begin_msg "Building VirtualBox kernel modules" console
633 log "Building the main VirtualBox module."
634
635 # Detect if kernel was built with clang.
636 unset LLVM
637 vbox_cc_is_clang=$(/lib/modules/"$KERN_VER"/build/scripts/config \
638 --file /lib/modules/"$KERN_VER"/build/.config \
639 --state CONFIG_CC_IS_CLANG 2>/dev/null)
640 if test "${vbox_cc_is_clang}" = "y"; then
641 log "Using clang compiler."
642 export LLVM=1
643 fi
644
645 if ! myerr=`$BUILDINTMP \
646 --save-module-symvers /tmp/vboxdrv-Module.symvers \
647 --module-source "$MODULE_SRC/vboxdrv" \
648 --no-print-directory install 2>&1`; then
649 "${INSTALL_DIR}/check_module_dependencies.sh" || exit 1
650 log "Error building the module:"
651 module_build_log "$myerr"
652 failure "Look at $LOG to find out what went wrong"
653 fi
654 log "Building the net filter module."
655 if ! myerr=`$BUILDINTMP \
656 --use-module-symvers /tmp/vboxdrv-Module.symvers \
657 --module-source "$MODULE_SRC/vboxnetflt" \
658 --no-print-directory install 2>&1`; then
659 log "Error building the module:"
660 module_build_log "$myerr"
661 failure "Look at $LOG to find out what went wrong"
662 fi
663 log "Building the net adaptor module."
664 if ! myerr=`$BUILDINTMP \
665 --use-module-symvers /tmp/vboxdrv-Module.symvers \
666 --module-source "$MODULE_SRC/vboxnetadp" \
667 --no-print-directory install 2>&1`; then
668 log "Error building the module:"
669 module_build_log "$myerr"
670 failure "Look at $LOG to find out what went wrong"
671 fi
672 if test -e "$MODULE_SRC/vboxpci"; then
673 log "Building the PCI pass-through module."
674 if ! myerr=`$BUILDINTMP \
675 --use-module-symvers /tmp/vboxdrv-Module.symvers \
676 --module-source "$MODULE_SRC/vboxpci" \
677 --no-print-directory install 2>&1`; then
678 log "Error building the module:"
679 module_build_log "$myerr"
680 failure "Look at $LOG to find out what went wrong"
681 fi
682 fi
683 rm -f /etc/vbox/module_not_compiled
684 depmod -a
685 sync
686 succ_msg "VirtualBox kernel modules built"
687
688 # Secure boot on Ubuntu, Debian and Oracle Linux.
689 if test -n "$HAVE_SEC_BOOT"; then
690 begin_msg "Signing VirtualBox kernel modules" console
691
692 # Generate new signing key if needed.
693 [ -n "$HAVE_UPDATE_SECUREBOOT_POLICY_TOOL" ] && SHIM_NOTRIGGER=y update-secureboot-policy --new-key
694
695 # Check if signing keys are in place.
696 if test ! -f "$DEB_PUB_KEY" || ! test -f "$DEB_PRIV_KEY"; then
697 # update-secureboot-policy tool present in the system, but keys were not generated.
698 [ -n "$HAVE_UPDATE_SECUREBOOT_POLICY_TOOL" ] && failure "Unable to find signing keys, aborting"
699 # update-secureboot-policy not present in the system, recommend generate keys manually.
700 failure "
701
702System is running in Secure Boot mode, however your distribution
703does not provide tools for automatic generation of keys needed for
704modules signing. Please consider to generate and enroll them manually:
705
706 sudo mkdir -p /var/lib/shim-signed/mok
707 sudo openssl req -nodes -new -x509 -newkey rsa:2048 -outform DER -keyout $DEB_PRIV_KEY -out $DEB_PUB_KEY
708 sudo sudo mokutil --import $DEB_PUB_KEY
709 sudo reboot
710
711Restart \"rcvboxdrv setup\" after system is rebooted.
712"
713 fi
714
715 # Check if signing tool is available.
716 [ -n "$SIGN_TOOL" ] || failure "Unable to find signing tool"
717
718 # Get kernel signature hash algorithm from kernel config and validate it.
719 sig_hashalgo=$(kernel_module_sig_hash)
720 [ "$(module_sig_hash_supported $sig_hashalgo)" = "1" ] \
721 || failure "Unsupported kernel signature hash algorithm $sig_hashalgo"
722
723 # Sign modules.
724 for i in $MODULE_LIST; do
725 "$SIGN_TOOL" "$sig_hashalgo" "$DEB_PRIV_KEY" "$DEB_PUB_KEY" \
726 /lib/modules/"$KERN_VER"/misc/"$i".ko 2>/dev/null || failure "Unable to sign $i.ko"
727 done
728
729 # Enroll signing key if needed.
730 if test -n "$HAVE_UPDATE_SECUREBOOT_POLICY_TOOL"; then
731 # update-secureboot-policy "expects" DKMS modules.
732 # Work around this and talk to the authors as soon
733 # as possible to fix it.
734 mkdir -p /var/lib/dkms/vbox-temp
735 update-secureboot-policy --enroll-key 2>/dev/null ||
736 begin_msg "Failed to enroll secure boot key." console
737 rmdir -p /var/lib/dkms/vbox-temp 2>/dev/null
738
739 # Indicate that key has been enrolled and reboot is needed.
740 HAVE_DEB_KEY=true
741 fi
742 succ_msg "Signing completed"
743 fi
744}
745
746dmnstatus()
747{
748 if running vboxdrv; then
749 str="vboxdrv"
750 if running vboxnetflt; then
751 str="$str, vboxnetflt"
752 if running vboxnetadp; then
753 str="$str, vboxnetadp"
754 fi
755 fi
756 if running vboxpci; then
757 str="$str, vboxpci"
758 fi
759 echo "VirtualBox kernel modules ($str) are loaded."
760 for i in $SHUTDOWN_USERS; do
761 # don't create the ipcd directory with wrong permissions!
762 if [ -d /tmp/.vbox-$i-ipc ]; then
763 export VBOX_IPC_SOCKETID="$i"
764 VMS=`$VBOXMANAGE --nologo list runningvms | sed -e 's/^".*".*{\(.*\)}/\1/' 2>/dev/null`
765 if [ -n "$VMS" ]; then
766 echo "The following VMs are currently running:"
767 for v in $VMS; do
768 echo " $v"
769 done
770 fi
771 fi
772 done
773 else
774 echo "VirtualBox kernel module is not loaded."
775 fi
776}
777
778case "$1" in
779start)
780 start
781 ;;
782stop)
783 stop_vms
784 stop
785 ;;
786stop_vms)
787 stop_vms
788 ;;
789restart)
790 stop && start
791 ;;
792setup)
793 test -n "${2}" && export KERN_VER="${2}"
794 # Create udev rule and USB device nodes.
795 ## todo Wouldn't it make more sense to install the rule to /lib/udev? This
796 ## is not a user-created configuration file after all.
797 ## todo Do we need a udev rule to create /dev/vboxdrv[u] at all? We have
798 ## working fall-back code here anyway, and the "right" code is more complex
799 ## than the fall-back. Unnecessary duplication?
800 stop && cleanup
801 setup_usb "$GROUP" "$DEVICE_MODE" "$INSTALL_DIR"
802 start
803 ;;
804cleanup)
805 stop && cleanup
806 cleanup_usb
807 ;;
808force-reload)
809 stop
810 start
811 ;;
812status)
813 dmnstatus
814 ;;
815*)
816 echo "Usage: $0 {start|stop|stop_vms|restart|setup|cleanup|force-reload|status}"
817 exit 1
818esac
819
820exit 0
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette