VirtualBox
VirtualBox 4.2.6 start window
Vendor: Oracle
License: GPL, PUEL
Web: virtualbox.org
About
VirtualBox is a virtualization product originally made by innotek, and now owned by Oracle. Current versions of VirtualBox can be used on 64-bit Intel and AMD CPUs. Version 6.0.14 of VirtualBox is the last version that builds on a 32-bit host. The base package was released as free and open source software (GPLv2) in January of 2007. An add-on package which contains some features missing from the open-source version, such as USB 2.0/3.0 support, is licensed under a proprietary use that allows free use for personal and educational users. As this license does not meet the openSUSE requirements, we do not build and distribute this software. The necessary ...extpack file for the current version can be downloaded from https://www.oracle.com/virtualization/technologies/vm/downloads/virtualbox-downloads.html, and installed using the GUI under the Tools/Extensions tabs.
VirtualBox comes with openSUSE and should work out-of-the-box. Since openSUSE 11.4, USB devices attached to the host can be used in guest operating systems if the resulting security risk is acceptable. See below for more details.
Installing the latest Version of the Guest Additions
Modern versions of VirtualBox (7.0..X and later) will not need to run the guest additions for Linux guests as the drivers contained in that ISO from Oracle are already part of the standard kernel. For non-Linux guests, you will likely need to install this software. If you have downloaded the version of VirtualBoxGuestAddition...iso that is appropriate for your host's version of VirtualBox, then use the Devices tab to attach the file to the virtual optical drive, otherwise, select the Upgrade Guest Additions option under the Devices tab, which will download and mount the virtual CD. Your guest machine may start the installation automatically, otherwise use a file browser to find the installation file appropriate for your guest, and start it. On Linux, that step will need to be done as root.
By default only the root user will be able to access Shared Folders mounted from the host system (usually these appear under /media). To allow ordinary users access to these folders:
- Open the User and Group Management module in YaST and add each user you want to grant permission to the vboxsf group
- Have the affected users logout and log back in, they should now be able to access Shared Folders.
- You might have a permission error when opening the directory /media. A quick fix is to change the permission of that directory.
- chmod o+rx /media
That should suffice and the sf_SHARENAME directory under /media should be accessible now.
Note: A lot of forum posts and guides on the Web advise you to fiddle around with /etc/fstab settings or manually mount Shared Folders using scripts. This simpler method removes the need for hacks like that.
USB passthrough (rpm package from the distro)
Note that this is a security risk, see the bug 664520.
Because of the security risk, openSUSE's version maintains files ~/.config/VirtualBox/enable and ~/.config/VirtualBox/disable. If neither of these files exist when the VirtualBox GUI is started, a separate program asking the user's preference will be run. According to the preferences, either ../enable or ../disable will be created. Only if ../enable is created will USB passthrough be enabled.
If you downloaded and installed the package from virtualbox.org, there will not be any protection against USB operations.
Troubleshooting
Rebuild host kernel module
Problem
After a kernel update, it is possible that VirtualBox throw an error before starting virtual machines:
Solution
Likely, some required packages are missing.
su zypper install virtualbox-host-source kernel-devel kernel-default-devel systemctl stop vboxdrv vboxconfig
Tested on openSUSE Tumbleweed 20221016
If you cannot find prepackaged you have to sign them yourself.
UEFI/Secure Boot: If /sbin/vboxconfig fails for signing issues (`Key was rejected...`) although all relevant packages from repo are installed you have to sign the modules manually (this happens e.g. because an unusual version).
See the following 'ERROR' message:
Building kernel modules... Kernel modules built correctly. They will now be installed. insmod /usr/lib/modules/6.12.0-160000.5-default/updates/vboxdrv.ko modprobe: ERROR: could not insert 'vboxnetflt': Key was rejected by service
Manually signing kernel modules requires three steps, whereas the following assumes that you haven't done it before (or the key/certificate is not available). Please note the parameter `-addext` which is, as to my knowledge, specific for openSUSE.
1. Create your personal key and certificate (replace `<FULL_NAME>`):
openssl req -new -x509 -newkey rsa:2048 -keyout MOK.key -out MOK.crt -nodes -days 3650 -subj "/CN=<FULL_NAME>/" -addext "extendedKeyUsage=codeSigning" openssl x509 -in MOK.crt -out MOK.der -outform DER chmod 600 MOK.*
This results in the files `MOK.crt`, `MOK.key` and `MOK.der`.
2. Make the key known to UEFI by shim:
mokutil --import MOK.der
Remember the passphrase. Reboot and you will be greeted by MOK Management, select Enroll key, confirm all questions and retype the passphrase.
3. Sign the required kernel modules:
You need to find the signing-tool in the linux kernel sources See the following command, to find the right version. E.g. for `6.12.0-160000.5-default` the <VERSION> is `6.12.0-160000.5`...
uname -r
Now use sign-file in your kernel sources, please replace <VERSION>:
/usr/src/linux-<VERSION>-obj/x86_64/default/scripts/sign-file sha256 MOK.key MOK.der /lib/modules/`uname -r`/updates/vboxdrv.ko /usr/src/linux-<VERSION>-obj/x86_64/default/scripts/sign-file sha256 MOK.key MOK.der /lib/modules/`uname -r`/updates/vboxnetadp.ko /usr/src/linux-<VERSION>-obj/x86_64/default/scripts/sign-file sha256 MOK.key MOK.der /lib/modules/`uname -r`/updates/vboxnetflt.ko
Keep the MOK-files at a save place. You can reuse them to sign other modules later (as the key remains in UEFI).
Tested on openSUSE Leap 16.0
After that you need to reboot system.