VirtualBox

Version 65 (modified by Christian Pötzsch, 13 years ago) ( diff )

Hardening update

Mac OS X build instructions

Prerequisites on Mac OS X

  • Mac OS X 10.4.x (Tiger), 10.5.x (Leopard), 10.6.x (Snow Leopard) or 10.7 (Lion) running on Intel hardware (PowerPC hardware is not supported). Please note that Tiger support was dropped with the 3.1 release.
  • Some things from MacPorts (http://www.macports.org/).
    After installing MacPorts, do not forget to add the following two lines to your ~/.profile
    export PATH=/opt/local/bin:/opt/local/sbin:$PATH
    export MANPATH=/opt/local/share/man:$MANPATH
    

Then perform the following command:
for < Snow Leopard

sudo port install libidl doxygen texlive texlive-latex-extra texlive-fonts-extra

for >= Snow Leopard (32 Bit)

sudo port install libidl +universal doxygen texlive texlive-latex-extra texlive-fonts-extra

Doxygen and texlive* are optional. On 10.5 you may need a newer OpenSSL version than the one provided by the system. If so, perform:

sudo port install openssl
  • LaTeX ("sudo port install texlive texlive-fonts-extra texlive-latex-extra texlive-latex-recommended") for building the documentation

Building VirtualBox

  1. Change to the root directory of the sources and execute the configure script:
    ./configure --disable-hardening
    
    You can manually set the target architecture with --target-arch=x86 or amd64, if some architecture related problems occur.

If it finds everything it needs, it will create a file called 'AutoConfig.kmk' containing paths to the various tools on your system. Also, it will create an environment setup script called env.sh. This step only has to be done once (if something changes in your build tool setup, you might have to repeat it but keep in mind that both output files will be overwritten). For additional options like providing a path to the OpenSSL library see './configure --help'.

  1. Whenever you want to build VirtualBox, you have to open a shell and source the generated environment setup script 'env.sh', i.e. do
    . ./env.sh
    
  1. To build type
    kmk
    
    The default is to a release build, should you wish to do a debug or profile build add BUILD_TYPE=debug or BUILD_TYPE=profile as argument to kmk or export it as an environment variable in your shell.

Tips for building VirtualBox on Snow Leopard 32bit

For backward compatibility (that is Leopard) VirtualBox is build against the 10.5 SDK even on Snow Leopard (32bit). This can be problematic if you are using e.g. OpenSSL from MacPorts which is build against the 10.6 SDK. You have two possibilities to solve this problem:

  1. Build all dependencies yourself and point them to the 10.5 SDK. Use e.g. ./configure --with-openssl-dir=/path/to/self/build/OpenSSL' before building VirtualBox.
  1. If you don't care about backwards compatibility, you can force VirtualBox to be build against the 10.6 SDK. For this include the following into a file called LocalConfig.kmk, which should be located in the top level directory of the VirtualBox build tree:
    VBOX_DEF_MACOSX_VERSION_MIN = 10.6
    VBOX_DARWIN_NO_COMPACT_LINKEDIT =
    VBOX_MACOS_10_5_WORKAROUND =
    

Running VirtualBox

  1. Load all the kernel extension modules. These can be found in out/darwin.x86/release/dist along with a small script (loadall.sh) to load them. Execute and make sure the modules loads successfully.
  2. Enter out/darwin.x86/release/dist/VirtualBox.app/Contents/MacOS/.
  3. Run ./VirtualBox

Building OSE packages for distribution

Never disable hardening (see previous section) when creating packages for redistribution.

Hardening needs some additional configuration and post-build steps. The default install directory of VirtualBox is /Applications/VirtualBox.app/. If you like to change that, say into /Applications/OpenSource/VirtualBox.app/, you need to add the following to the LocalConfig.kmk:

VBOX_PATH_APP_PRIVATE      = "/Applications/OpenSource/VirtualBox.app/Contents/MacOS"
VBOX_PATH_APP_PRIVATE_ARCH = "/Applications/OpenSource/VirtualBox.app/Contents/MacOS"
VBOX_PATH_SHARED_LIBS      = "/Applications/OpenSource/VirtualBox.app/Contents/MacOS"
VBOX_PATH_APP_DOCS         = "/Applications/OpenSource/VirtualBox.app/Contents/MacOS"

It may also make sense to disable some of the development only stuff, like test cases. Add the following to LocalConfig.kmk:

VBOX_WITH_TESTSUITE=
VBOX_WITH_TESTCASES=

Next rebuild VirtualBox and install it into /Applications/OpenSource/. Now make sure that the setuid stubs have the correct permissions:

sudo chown -R root:admin /Applications/OpenSource/VirtualBox.app/
sudo chmod u+s /Applications/OpenSource/VirtualBox.app/Contents/MacOS/VirtualBox
sudo chmod u+s /Applications/OpenSource/VirtualBox.app/Contents/MacOS/VirtualBoxVM
sudo chmod u+s /Applications/OpenSource/VirtualBox.app/Contents/MacOS/VBoxHeadless
sudo chmod u+s /Applications/OpenSource/VirtualBox.app/Contents/MacOS/VBoxNetAdpCtl
sudo chmod u+s /Applications/OpenSource/VirtualBox.app/Contents/MacOS/VBoxNetDHCP

Another requirement of hardening is that every path component of the parent directory of VirtualBox.app/ is owned by root and not world writable. Make sure this is the case.

Note: See TracWiki for help on using the wiki.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette