8 pax/grsec kernels, 9 linux kernel vmalloc pool exhausted – Sun Microsystems VIRTUALBOX 3.0.0 User Manual

Page 153

Advertising
background image

11 Troubleshooting

Replace 85 with the group ID that matches your system (search /etc/group for “usb”
or similar). Alternatively, if you don’t mind the security hole, give all users access to
USB by changing “664” to “666”.

The various distributions are very creative from which script the usbfs filesys-

tem is mounted.

Sometimes the command is hidden in unexpected places.

For SuSE 10.0 the mount command is part of the udev configuration file
/etc/udev/rules.d/50-udev.rules

. As this distribution has no user group

called usb, you may e.g.

use the vboxusers group which was created by the

VirtualBox installer. Since group numbers are allocated dynamically, the following
example uses 85 as a placeholder. Modify the line containing (a linebreak has been
inserted to improve readability)

DEVPATH="/module/usbcore", ACTION=="add",

RUN+="/bin/mount -t usbfs usbfs /proc/bus/usb"

and add the necessary options (make sure that everything is in a single line):

DEVPATH="/module/usbcore", ACTION=="add",

RUN+="/bin/mount -t usbfs usbfs /proc/bus/usb -o devgid=85,devmode=664"

Debian Etch has the mount command in /etc/init.d/mountkernfs.sh. Since

that distribution has no group usb, it is also the easiest solution to allow all members
of the group vboxusers to access the USB subsystem. Modify the line

domount usbfs usbdevfs /proc/bus/usb -onoexec,nosuid,nodev

so that it contains

domount usbfs usbdevfs /proc/bus/usb -onoexec,nosuid,nodev,devgid=85,devmode=664

As usual, replace the 85 with the actual group number which should get access to

USB devices.

Other distributions do similar operations in scripts stored in the /etc/init.d di-

rectory.

11.5.8 PAX/grsec kernels

Linux kernels including the grsec patch (see

http://www.grsecurity.net/

) and

derivates have to disable PAX_MPROTECT for the VBox binaries to be able to start a
VM. The reason is that VBox has to create executable code on anonymous memory.

11.5.9 Linux kernel vmalloc pool exhausted

When running a large number of VMs with a lot of RAM on a Linux system (say 20
VMs with 1GB of RAM each), additional VMs might fail to start with a kernel error
saying that the vmalloc pool is exhausted and should be extended. The error message
also tells you to specify vmalloc=256MB in your kernel parameter list. If adding this
parameter to your GRUB or LILO configuration makes the kernel fail to boot (with

153

Advertising
Popular Brands
Popular manuals