Good morning, We are running a hardened Gentoo with GRSecurity enabled. We have found out that since VBOX 4.3.16 there is a problem with /usr/lib64/virtualbox/VBoxRT.so which seems to have TEXTREL markings and therefore access to it is blocked by GRSec. We have previously run 4.3.12 and on that version, this problem has not been present. We have upgraded to 4.3.20 by now but the problem still persists. Has anyone ever experienced this before?
I have checked the file with scanelf to see information on TEXTRELs: # scanelf -t -T /usr/lib64/virtualbox/VBoxRT.so TYPE TEXTREL TEXTRELS FILE scanelf: scanelf_file_textrels(): ELF /usr/lib64/virtualbox/VBoxRT.so has TEXTREL markings but doesnt appear to have any real TEXTREL's !? ET_DYN TEXTREL /usr/lib64/virtualbox/VBoxRT.so When I check all VBOX libs, I can see for sure that only VBoxRT.so is broken: # scanelf -t -T /usr/lib64/virtualbox/VBox* TYPE TEXTREL TEXTRELS FILE ET_DYN - /usr/lib64/virtualbox/VBoxAuth.so ET_DYN - /usr/lib64/virtualbox/VBoxAuthSimple.so ET_DYN - /usr/lib64/virtualbox/VBoxDD.so ET_DYN - /usr/lib64/virtualbox/VBoxDD2.so ET_REL - /usr/lib64/virtualbox/VBoxDD2GC.gc ET_REL - /usr/lib64/virtualbox/VBoxDD2R0.r0 ET_REL - /usr/lib64/virtualbox/VBoxDDGC.gc ET_REL - /usr/lib64/virtualbox/VBoxDDR0.r0 ET_DYN - /usr/lib64/virtualbox/VBoxDDU.so ET_DYN - /usr/lib64/virtualbox/VBoxDbg.so ET_DYN - /usr/lib64/virtualbox/VBoxDragAndDropSvc.so ET_DYN - /usr/lib64/virtualbox/VBoxExtPackHelperApp ET_DYN - /usr/lib64/virtualbox/VBoxGuestControlSvc.so ET_DYN - /usr/lib64/virtualbox/VBoxGuestPropSvc.so ET_DYN - /usr/lib64/virtualbox/VBoxHeadless ET_DYN - /usr/lib64/virtualbox/VBoxHeadless.so ET_DYN - /usr/lib64/virtualbox/VBoxHostChannel.so ET_DYN - /usr/lib64/virtualbox/VBoxKeyboard.so ET_DYN - /usr/lib64/virtualbox/VBoxManage ET_DYN - /usr/lib64/virtualbox/VBoxNetAdpCtl ET_DYN - /usr/lib64/virtualbox/VBoxNetDHCP ET_DYN - /usr/lib64/virtualbox/VBoxNetDHCP.so ET_DYN - /usr/lib64/virtualbox/VBoxNetNAT ET_DYN - /usr/lib64/virtualbox/VBoxNetNAT.so ET_DYN - /usr/lib64/virtualbox/VBoxOGLhostcrutil.so ET_DYN - /usr/lib64/virtualbox/VBoxOGLhosterrorspu.so ET_DYN - /usr/lib64/virtualbox/VBoxOGLrenderspu.so ET_DYN - /usr/lib64/virtualbox/VBoxPython.so ET_DYN - /usr/lib64/virtualbox/VBoxPython2_7.so ET_DYN - /usr/lib64/virtualbox/VBoxREM.so scanelf: scanelf_file_textrels(): ELF /usr/lib64/virtualbox/VBoxRT.so has TEXTREL markings but doesnt appear to have any real TEXTREL's !? ET_DYN TEXTREL /usr/lib64/virtualbox/VBoxRT.so ET_DYN - /usr/lib64/virtualbox/VBoxSDL ET_DYN - /usr/lib64/virtualbox/VBoxSDL.so ET_DYN - /usr/lib64/virtualbox/VBoxSVC ET_DYN - /usr/lib64/virtualbox/VBoxSharedClipboard.so ET_DYN - /usr/lib64/virtualbox/VBoxSharedCrOpenGL.so ET_DYN - /usr/lib64/virtualbox/VBoxSharedFolders.so ET_DYN - /usr/lib64/virtualbox/VBoxTestOGL ET_DYN - /usr/lib64/virtualbox/VBoxTunctl ET_DYN - /usr/lib64/virtualbox/VBoxTuraya ET_DYN - /usr/lib64/virtualbox/VBoxTuraya.so ET_DYN - /usr/lib64/virtualbox/VBoxVMM.so ET_DYN - /usr/lib64/virtualbox/VBoxVMMPreload.so ET_DYN - /usr/lib64/virtualbox/VBoxXPCOM.so ET_DYN - /usr/lib64/virtualbox/VBoxXPCOMC.so ET_DYN - /usr/lib64/virtualbox/VBoxXPCOMIPCD Due to this problem, I have to reconfigure my GRSec kernel to allow ELF relocations: -# CONFIG_PAX_ELFRELOCS is not set +CONFIG_PAX_ELFRELOCS=y If I set this kernel configuration option, I can successfully run VBOX. But it is only a workaround, and should really be fixed in VBOX. _______________________________________________ vbox-dev mailing list [email protected] https://www.virtualbox.org/mailman/listinfo/vbox-dev
