10

I've installed VirtualBox inside an lxc container. However, when I try to start a VM I get the message:

kernel driver not accessible (rc=1909)
....permission problem with /dev/vboxdrv.

This obviously looks like a predictable security issue.

Does anyone know how I can grant permission to the container to access this device driver: /dev/vboxdrv?

Any help or pointers greatly appreciated.

Improve this question

4 Answers 4

Reset to default
9

On your LXC host (I'm assuming Ubuntu here):

  1. Install the virtualbox-dkms, linux-headers-generic, build-essential packages and check the kernel modules are loaded:

    myhost$ sudo /etc/init.d/virtualbox status
VirtualBox kernel modules are loaded.

  2. Get the VirtualBox device numbers (10, 55/56/57 in my case):

    myhost$ ls -la /dev | grep vbox
crw-------  1 root root     10,  57 Feb 25 08:22 vboxdrv
crw-------  1 root root     10,  56 Feb 25 08:22 vboxdrvu
crw-------  1 root root     10,  55 Feb 25 08:22 vboxnetctl

  3. Take the node numbers and add to your LXC guest config (/var/lib/lxc/myguest/config):

    ## VirtualBox
lxc.cgroup.devices.allow = c 10:57 rwm
lxc.cgroup.devices.allow = c 10:56 rwm
lxc.cgroup.devices.allow = c 10:55 rwm

  4. Restart your LXC guest, install the virtualbox package, and create the device nodes:

    myguest$ sudo mknod -m 600 /dev/vboxdrv c 10 57
myguest$ sudo mknod -m 600 /dev/vboxdrvu c 10 56
myguest$ sudo mknod -m 600 /dev/vboxnetctl c 10 55

  5. Check that VirtualBox on the guest can see the kernel modules:

    myguest$ sudo /etc/init.d/virtualbox status
VirtualBox kernel modules are loaded.
Improve this answer
1
  • This should be the correct answer. The most important steps that all other answers lack are step 3 and 4.
    – Léo Lam
    Commented May 30, 2015 at 10:09
1

The VirtualBox Linux kernel driver (vboxdrv) is either not loaded or there is a permission problem with /dev/vboxdrv. Re-setup the kernel module by executing

 '/etc/init.d/vboxdrv setup'

as root. Users of Ubuntu or Fedora should install the DKMS package at first. This package keeps track of Linux kernel changes and recompiles the vboxdrv kernel module if necessary.

Improve this answer
1
  • This is just a quote from the error message. The driver is loaded but the container doesn't have permission to access it. As per the error response. My question was: how does one grant permission to processes within a container to access kernel devices?? How do I solve the permissions problem?
    – user108168
    Commented Jul 6, 2013 at 15:59
0

You need to have /dev/vboxdrv owned by group "vboxuser" and user starting the container in that group. Add the user to the group then ensure there's group permissions (i.e chmod 660 /dev/vboxdrv).

Improve this answer
3
  • Hi Nathan C. Thanks for your response. Where am I doing this; in the host environment or the container?
    – user108168
    Commented Jul 6, 2013 at 16:34
  • The host assuming the kernel drivers are installed there (which they should since LXC relies on the host kernel).
    – Nathan C
    Commented Jul 6, 2013 at 16:35
  • Hi Nathan C Thanks for the clarification. The device /dev/vboxdrv is owned by root and I'm starting the container as root. I was running virtualbox as another user within the container but tried running it as root. I also chmoded the device to set the group to vboxusers and the permissions to 660. I'm still getting the error. Everything works fine on the host for both root and non-root users. Do I not have to put a setting in the lxc config file to grant permissions to the container?? That's what I assumed but don't know what they are. Thanks for your help.
    – user108168
    Commented Jul 6, 2013 at 17:32
-1

It should not be necessary to install virtualbox on your host machine, so long as your container an compile the kernel module, you could just load it during a pre-start script on the LXC container. For better security, you could copy the VBox kernel modules to your host before loading.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .