Changeset 58186 in vbox for trunk/src/VBox/Installer/linux

Timestamp:

Oct 12, 2015 1:51:26 PM (9 years ago)

Author:

vboxsync

Message:

Installer/linux: move host udev rule generation to run-time (and SELinux permission setting to routines.sh).

Location:

trunk/src/VBox/Installer/linux

Files:

• debian/postinst (moved) (moved from trunk/src/VBox/Installer/linux/debian/postinst.in ) (2 diffs)
• debian/rules (modified) (2 diffs)
• install.sh (modified) (2 diffs)
• routines.sh (modified) (1 diff)
• rpm/VirtualBox.tmpl.spec (modified) (3 diffs)
• rpm/rules (modified) (1 diff)
• scripts/install.sh (modified) (1 diff)
• uninstall.sh (modified) (1 diff)
• vboxdrv.sh (modified) (4 diffs)

trunk/src/VBox/Installer/linux/debian/postinst

@@ -17 +17 @@
 #  abort-remove:      (our version): removing this package failed
 #  abort-deconfigure: (our version): error during resolving conflicts
-
-#include installer-common.sh
 
 LOG="/var/log/vbox-install.log"
@@ -48 +46 @@
     addgroup --system vboxusers || true
   fi
-
-  # install udev rule (disable with INSTALL_NO_UDEV=1 in
-  # /etc/default/virtualbox) and /dev/vboxdrv and /dev/vboxusb/*/* device nodes
-  install_device_node_setup root 0600 /usr/share/virtualbox "${usb_group}"
 
   # The starters need to be Suid root. They drop the privileges before starting

trunk/src/VBox/Installer/linux/debian/rules

@@ -191 +191 @@
         dh_testroot
         rm -f debian/changelog
-        rm -f debian/preinst debian/postinst debian/prerm
+        rm -f debian/preinst debian/prerm
         rm -f debian/$(package).init debian/vboxdrv.init
         rm -f debian/vboxballoonctrl-service.init debian/vboxautostart-service.init debian/vboxweb-service.init
@@ -265 +265 @@
         sed -e 's|%VER%|$(ver)|g' \
             debian/prerm.in > debian/prerm
-        sed -e 's|%VER%|$(ver)|g' \
-            -e '/#include installer-common.sh/ {' \
-            -e "r $(vboxroot)/src/VBox/Installer/linux/installer-common.sh" \
-            -e 'd' \
-            -e '}' \
-            debian/postinst.in > debian/postinst
         dh_installdebconf
         dh_installchangelogs

trunk/src/VBox/Installer/linux/install.sh

@@ -20 +20 @@
 # Include routines and utilities needed by the installer
 . ./routines.sh
-#include installer-common.sh
 
 LOG="/var/log/vbox-install.log"
@@ -362 +361 @@
     fi
 
-    install_device_node_setup "$VBOXDRV_GRP" "$VBOXDRV_MODE" "$INSTALLATION_DIR"
-
     # Do post-installation common to all installer types, currently service
     # script set-up.

trunk/src/VBox/Installer/linux/routines.sh

@@ -358 +358 @@
     return 0
 }
+
+set_selinux_permissions() {
+    # XXX SELinux: allow text relocation entries
+    local_INSTALLATION_DIR="$1"  # Where the VirtualBox binaries are installed to
+    local_SHARE_DIR="$2"         # Where shared bits are installed to
+    if [ -x /usr/bin/chcon ]; then
+        chcon -t texrel_shlib_t "$local_INSTALLATION_DIR"/*VBox* > /dev/null 2>&1
+        chcon -t texrel_shlib_t "$local_INSTALLATION_DIR"/VBoxAuth.so \
+            > /dev/null 2>&1
+        chcon -t texrel_shlib_t "$local_INSTALLATION_DIR"/VirtualBox.so \
+            > /dev/null 2>&1
+        chcon -t texrel_shlib_t "$local_INSTALLATION_DIR"/components/VBox*.so \
+            > /dev/null 2>&1
+        chcon -t java_exec_t    "$local_INSTALLATION_DIR"/VirtualBox > /dev/null 2>&1
+        chcon -t java_exec_t    "$local_INSTALLATION_DIR"/VBoxSDL > /dev/null 2>&1
+        chcon -t java_exec_t    "$local_INSTALLATION_DIR"/VBoxHeadless \
+            > /dev/null 2>&1
+        chcon -t java_exec_t    "$local_INSTALLATION_DIR"/VBoxNetDHCP \
+            > /dev/null 2>&1
+        chcon -t java_exec_t    "$local_INSTALLATION_DIR"/VBoxNetNAT \
+            > /dev/null 2>&1
+        chcon -t java_exec_t    "$local_INSTALLATION_DIR"/VBoxExtPackHelperApp \
+            > /dev/null 2>&1
+        chcon -t java_exec_t    "$local_INSTALLATION_DIR"/vboxwebsrv > /dev/null 2>&1
+        chcon -t java_exec_t    "$local_INSTALLATION_DIR"/webtest > /dev/null 2>&1
+        chcon -t bin_t          "$local_SHARE_DIR"/src/vboxhost/build_in_tmp \
+             > /dev/null 2>&1
+    fi
+}

trunk/src/VBox/Installer/linux/rpm/VirtualBox.tmpl.spec

@@ -101 +101 @@
 mv VBox.sh $RPM_BUILD_ROOT/usr/bin/VBox
 mv VBoxSysInfo.sh $RPM_BUILD_ROOT/usr/share/virtualbox
-mv VBoxCreateUSBNode.sh $RPM_BUILD_ROOT/usr/share/virtualbox
+mv VBoxCreateUSBNode.sh $RPM_BUILD_ROOT/usr/lib/virtualbox
 cp icons/128x128/virtualbox.png $RPM_BUILD_ROOT/usr/share/pixmaps/virtualbox.png
 cd icons
@@ -246 +246 @@
 
 %post
-#include installer-common.sh
-
 LOG="/var/log/vbox-install.log"
 
@@ -277 +275 @@
 fi
 
-# install udev rule (disable with INSTALL_NO_UDEV=1 in /etc/default/virtualbox)
-# and /dev/vboxdrv and /dev/vboxusb/*/* device nodes
-install_device_node_setup root 0600 /usr/share/virtualbox "${usb_group}"
 %if %{?rpm_mdv:1}%{!?rpm_mdv:0}
 /sbin/ldconfig

trunk/src/VBox/Installer/linux/rpm/rules

@@ -238 +238 @@
             -e 's|%INITSCRIPTS%|$(if $(filter fedora,$(rpmspec)),initscripts,)|g' \
             -e "s|%WEBSVC%|$(if $(NOWEBSVC),false,true)|g" \
-            -e '/#include installer-common.sh/ {' \
-            -e "r $(vboxroot)/src/VBox/Installer/linux/installer-common.sh" \
-            -e 'd' \
-            -e '}' \
             rpm/VirtualBox.tmpl.spec > $(archdir)/VirtualBox.spec
         cp vboxdrv.sh $(archdir)

trunk/src/VBox/Installer/linux/scripts/install.sh

@@ -237 +237 @@
     install -d -g 0 -o 0 "${PREFIX}/share/${PACKAGE}"
     mv "${INSTALL_SOURCE}/VBoxSysInfo.sh" "${PREFIX}/share/${PACKAGE}"
-    mv "${INSTALL_SOURCE}/VBoxCreateUSBNode.sh" "${PREFIX}/share/${PACKAGE}"
     mv "${INSTALL_SOURCE}/src" "${PREFIX}/share/${PACKAGE}"
     test -z "${NO_QT}" &&

trunk/src/VBox/Installer/linux/uninstall.sh

@@ -102 +102 @@
   2> /dev/null
 
-# Remove udev description file
-if [ -f /etc/udev/rules.d/60-vboxdrv.rules ]; then
-    rm -f /etc/udev/rules.d/60-vboxdrv.rules 2> /dev/null
-fi
-if [ -f /etc/udev/rules.d/10-vboxdrv.rules ]; then
-    rm -f /etc/udev/rules.d/10-vboxdrv.rules 2> /dev/null
-fi
-
-# Remove our USB device tree
-rm -rf /dev/vboxusb 2> /dev/null
-
 cwd=`pwd`
 if [ -f $PREV_INSTALLATION/src/Makefile ]; then

trunk/src/VBox/Installer/linux/vboxdrv.sh

@@ -43 +43 @@
 
 if [ -n "$INSTALL_DIR" ]; then
+    MODULE_SRC="$INSTALL_DIR/src/vboxhost"
+else
+    INSTALL_DIR=/usr/lib/virtualbox
+    MODULE_SRC="/usr/share/virtualbox/src/vboxhost"
+fi
     VIRTUALBOX="$INSTALL_DIR/VirtualBox"
     VBOXMANAGE="$INSTALL_DIR/VBoxManage"
-    MODULE_SRC="$INSTALL_DIR/src/vboxhost"
-else
-    VIRTUALBOX="/usr/lib/virtualbox/VirtualBox"
-    VBOXMANAGE="/usr/lib/virtualbox/VBoxManage"
-    MODULE_SRC="/usr/share/virtualbox/src/vboxhost"
-fi
 BUILDINTMP="$MODULE_SRC/build_in_tmp"
 if test -u "${VIRTUALBOX}"; then
     GROUP=root
+    DEVICE_MODE=0600
 else
     GROUP=vboxusers
+    DEVICE_MODE=0660
 fi
 
@@ -97 +98 @@
 }
 
+## Output the vboxdrv part of our udev rule.  This is redirected to the right file.
+udev_write_vboxdrv() {
+    VBOXDRV_GRP="$1"
+    VBOXDRV_MODE="$2"
+
+    echo "KERNEL==\"vboxdrv\", NAME=\"vboxdrv\", OWNER=\"root\", GROUP=\"$VBOXDRV_GRP\", MODE=\"$VBOXDRV_MODE\""
+    echo "KERNEL==\"vboxdrvu\", NAME=\"vboxdrvu\", OWNER=\"root\", GROUP=\"root\", MODE=\"0666\""
+    echo "KERNEL==\"vboxnetctl\", NAME=\"vboxnetctl\", OWNER=\"root\", GROUP=\"$VBOXDRV_GRP\", MODE=\"$VBOXDRV_MODE\""
+}
+
+## Output the USB part of our udev rule.  This is redirected to the right file.
+udev_write_usb() {
+    INSTALLATION_DIR="$1"
+    USB_GROUP="$2"
+
+    echo "SUBSYSTEM==\"usb_device\", ACTION==\"add\", RUN+=\"$INSTALLATION_DIR/VBoxCreateUSBNode.sh \$major \$minor \$attr{bDeviceClass}${USB_GROUP}\""
+    echo "SUBSYSTEM==\"usb\", ACTION==\"add\", ENV{DEVTYPE}==\"usb_device\", RUN+=\"$INSTALLATION_DIR/VBoxCreateUSBNode.sh \$major \$minor \$attr{bDeviceClass}${USB_GROUP}\""
+    echo "SUBSYSTEM==\"usb_device\", ACTION==\"remove\", RUN+=\"$INSTALLATION_DIR/VBoxCreateUSBNode.sh --remove \$major \$minor\""
+    echo "SUBSYSTEM==\"usb\", ACTION==\"remove\", ENV{DEVTYPE}==\"usb_device\", RUN+=\"$INSTALLATION_DIR/VBoxCreateUSBNode.sh --remove \$major \$minor\""
+}
+
+## Generate our udev rule file.  This takes a change in udev rule syntax in
+## version 55 into account.  It only creates rules for USB for udev versions
+## recent enough to support USB device nodes.
+generate_udev_rule() {
+    VBOXDRV_GRP="$1"      # The group owning the vboxdrv device
+    VBOXDRV_MODE="$2"     # The access mode for the vboxdrv device
+    INSTALLATION_DIR="$3" # The directory VirtualBox is installed in
+    USB_GROUP="$4"        # The group that has permission to access USB devices
+    NO_INSTALL="$5"       # Set this to "1" to remove but not re-install rules
+    UDEV_STRING="$6"      # The output of the udev version command
+
+    # Extra space!
+    case "$USB_GROUP" in ?*) USB_GROUP=" $USB_GROUP" ;; esac
+    case "$NO_INSTALL" in
+    "1") ;;
+    *)
+        udev_ver=`expr "$UDEV_STRING" : '[^0-9]*\([0-9]*\)'`
+        udev_fix=""
+        test "$udev_ver" = "" -o "$udev_ver" -lt 55 &&
+            udev_fix="1"
+        udev_do_usb=""
+        test "$udev_ver" -ge 59 &&
+            udev_do_usb="1"
+        case "$udev_fix" in
+        "1")
+            udev_write_vboxdrv "$VBOXDRV_GRP" "$VBOXDRV_MODE" |
+                sed 's/\([^+=]*\)[+=]*\([^"]*"[^"]*"\)/\1=\2/g'
+            ;;
+        *)
+            udev_write_vboxdrv "$VBOXDRV_GRP" "$VBOXDRV_MODE"
+            case "$udev_do_usb" in "1")
+                udev_write_usb "$INSTALLATION_DIR" "$USB_GROUP" ;;
+            esac
+            ;;
+        esac
+        ;;
+    esac
+}
+
+## Install udev rule (disable with INSTALL_NO_UDEV=1 in
+## /etc/default/virtualbox).
+install_udev() {
+    VBOXDRV_GRP="$1"      # The group owning the vboxdrv device
+    VBOXDRV_MODE="$2"     # The access mode for the vboxdrv device
+    INSTALLATION_DIR="$3" # The directory VirtualBox is installed in
+    USB_GROUP="$4"        # The group that has permission to access USB devices
+    NO_INSTALL="$5"       # Set this to "1" to remove but not re-install rules
+
+    if test -d /etc/udev/rules.d; then
+        udev_out="`udevadm version 2>/dev/null ||  udevinfo -V 2>/dev/null`"
+        generate_udev_rule "$VBOXDRV_GRP" "$VBOXDRV_MODE" "$INSTALLATION_DIR" \
+                           "$USB_GROUP" "$NO_INSTALL" "$udev_out"
+    fi
+    # Remove old udev description file
+    rm -f /etc/udev/rules.d/10-vboxdrv.rules 2> /dev/null
+}
+
+## Create a usb device node for a given sysfs path to a USB device.
+install_create_usb_node_for_sysfs() {
+    path="$1"           # sysfs path for the device
+    usb_createnode="$2" # Path to the USB device node creation script
+    usb_group="$3"      # The group to give ownership of the node to
+    if test -r "${path}/dev"; then
+        dev="`cat "${path}/dev" 2> /dev/null`"
+        major="`expr "$dev" : '\(.*\):' 2> /dev/null`"
+        minor="`expr "$dev" : '.*:\(.*\)' 2> /dev/null`"
+        class="`cat ${path}/bDeviceClass 2> /dev/null`"
+        sh "${usb_createnode}" "$major" "$minor" "$class" \
+              "${usb_group}" 2>/dev/null
+    fi
+}
+
+udev_rule_file=/etc/udev/rules.d/60-vboxdrv.rules
+sysfs_usb_devices="/sys/bus/usb/devices/*"
+
+## Install udev rules and create device nodes for usb access
+install_device_node_setup() {
+    VBOXDRV_GRP="$1"      # The group that should own /dev/vboxdrv
+    VBOXDRV_MODE="$2"     # The mode to be used for /dev/vboxdrv
+    INSTALLATION_DIR="$3" # The directory VirtualBox is installed in
+    USB_GROUP="$4"        # The group that should own the /dev/vboxusb device
+                          # nodes unless INSTALL_NO_GROUP=1 in
+                          # /etc/default/virtualbox.  Optional.
+    usb_createnode="$INSTALLATION_DIR/VBoxCreateUSBNode.sh"
+    # install udev rule (disable with INSTALL_NO_UDEV=1 in
+    # /etc/default/virtualbox)
+    if [ "$INSTALL_NO_GROUP" != "1" ]; then
+        usb_group=$USB_GROUP
+        vboxdrv_group=$VBOXDRV_GRP
+    else
+        usb_group=root
+        vboxdrv_group=root
+    fi
+    install_udev "${vboxdrv_group}" "$VBOXDRV_MODE" \
+                 "$INSTALLATION_DIR" "${usb_group}" \
+                 "$INSTALL_NO_UDEV" > ${udev_rule_file}
+    # Build our device tree
+    for i in ${sysfs_usb_devices}; do  # This line intentionally without quotes.
+        install_create_usb_node_for_sysfs "$i" "${usb_createnode}" \
+                                          "${usb_group}"
+    done
+}
+
 start()
 {
-    begin_msg "Starting VirtualBox kernel modules" console
+    begin_msg "Starting VirtualBox services" console
+    # Create udev rule and USB device nodes.
+    ## todo Wouldn't it make more sense to install the rule to /lib/udev?  This
+    ## is not a user-created configuration file after all.
+    ## todo Do we need a udev rule to create /dev/vboxdrv[u] at all?  We have
+    ## working fall-back code here anyway, and the "right" code is more complex
+    ## than the fall-back.  Unnecessary duplication?
+    install_device_node_setup "$GROUP" "$DEVICE_MODE" "$INSTALL_DIR"
     if [ -d /proc/xen ]; then
         failure "Running VirtualBox in a Xen environment is not supported"
@@ -163 +295 @@
 stop()
 {
-    begin_msg "Stopping VirtualBox kernel modules" console
+    begin_msg "Stopping VirtualBox services" console
+    # Remove udev description file
+    rm -f /etc/udev/rules.d/60-vboxdrv.rules
+    rm -f /etc/udev/rules.d/10-vboxdrv.rules
+
+    # Remove our USB device tree
+    rm -rf /dev/vboxusb
+
     if running vboxpci; then
         if ! rmmod vboxpci 2>/dev/null; then
@@ -241 +380 @@
 {
     begin_msg "Building VirtualBox kernel modules" console
-    stop >/dev/null
     if find /lib/modules/`uname -r` -name "vboxpci\.*" 2>/dev/null|grep -q vboxpci; then
         begin_msg "Removing old VirtualBox pci kernel module"