http://bugzilla.rpmfusion.org/show_bug.cgi?id=285
--- Comment #21 from Lubomir Rintel <lkundrak(a)v3.sk> 2009-04-12 18:35:33 ---
(In reply to comment #19)
> 26 rpath issues (you'll need to check kbuild files)
I was under impression rpaths are used here (and we are not having only the
standard rpaths), but I'll check and see what can be done.
/usr/lib/virtualbox/VirtualBox.so uses RPATH to locate other .so-s in
/usr/lib/virtualbox. I'm not going to remove those.
> 03 setuid on binaries (easy fix)
This was upstream decision and I'd be careful to change that. On the other
hand, having the beast completely setuid really doesn't sound much sane to me.
What would you do with that? Use consolehelper? (well, you see, PolicyKit is
probably not going to happen ;)
> VirtualBox-OSE-devel-2.1.4-2.fc11.i586 :
> -----------------------------------------
> 17 executable scripts issues (easy fix)
Will take a look.
Fixed.
> VirtualBox-OSE-guest-2.1.4-2.fc11.i586 :
> -----------------------------------------
> 04 unstripped binary (easy fix)
See above.
> 02 executable files in modules sub-dir /etc/sysconfig/modules
This makes sense to be executable, no?
Yes, other files there are executable as well.
> Package tree and dependencies :
> ------------------------------------
> Currently -guest and main packages provide the same virtual (-kmod-common's)
> which's harmless at first sight but, imply to install main package even on the
> guest system.
> As kmod package requires -kmod-common, that's sound fair enough as kmod package
> is shipped with both main vboxdrv and Guest drivers.
> The current state is when trying to install -guest, it's looking for kmod
> package which's looking for -kmod-common which pull down main package and
> -guest's.
This sounds like a yum (a bug?) glitch to me. I would not expect such behavior,
will need to check.
> Also note that udev's rule (kmod common file) which's required by vboxdrv
is
> shipped by main package.
And only main package makes use of vboxdrv. Makes sense to me.
> Actually, the easiest way to avoid a such thing is to build a
> kmod-VirtualBox-OSE and kmod-VirtualBox-OSE-GuestAddition packages.
> That will also avoid to install vboxdrv on guest which is useless.
Sounds like too much overhead to me and I'd prefer to avoid as much as I can.
So I tried that and I could not reproduce your problem:
[root@localhost vboxrepo]# yum install VirtualBox-OSE-guest
...
Installing:
VirtualBox-OSE-guest i586
2.1.4-2.fc11 vbox
483 k
Installing for dependencies:
kmod-VirtualBox-OSE i586
2.1.4-1.fc11 vbox
2.9 k
kmod-VirtualBox-OSE-2.6.29.1-54.fc11.i586 i586
2.1.4-1.fc11 vbox
134 k
I'm not going to split the 134k package even more, hope you understand that :)
Given you haven't replied on the rest, I'm assuming you don't object. Also,
new
version is out, but I'm not going to update the reviewed package since I've
already wasted too much time doing that four times without a single line of
feedback from you. I hope you understand that.
(In reply to comment #20)
In reply to comment #19
> 03 setuid on binaries (easy fix)
This was upstream decision and I'd be careful to change that. On the other
hand, having the beast completely setuid really doesn't sound much sane to me.
What would you do with that? Use consolehelper? (well, you see, PolicyKit is
probably not going to happen ;)
File capabilities (man setcap) are afaik what should be used instead of suid
binaries if possible.
Finally this. I did nothing here as well :)
I've prepared spec file that would set capabilities on file and got this:
RPM build errors:
File capability support not built in
File capability support not built in
File capability support not built in
What VirtualBox does with the setuid bit is dropping the all the capabilities
besides raw network access for nat and icmp with "all-eip cap_net_raw+ep" and
then drops setuid. I believe filesystem capabilities would be nicer, but this
is not all that bad and I'd prefer to stick with it before our rpm gains
filesystem capabilities support. Not deviating from upstream is a strong
argument as well.
Sooooo... the new package (no big changes, everything explained though)
Main package:
SPEC:
http://v3.sk/~lkundrak/SPECS/VirtualBox-OSE.spec
SRPM:
http://v3.sk/~lkundrak/SRPMS/VirtualBox-OSE-2.1.4-3.fc11.src.rpm
Kernel module (stays the same):
SPEC:
http://v3.sk/~lkundrak/SPECS/VirtualBox-OSE-kmod.spec
SRPM:
http://v3.sk/~lkundrak/SRPMS/VirtualBox-OSE-kmod-2.1.4-1.fc11.src.rpm
--
Configure bugmail:
http://bugzilla.rpmfusion.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.