nixpkgs/pkgs/applications/virtualization
aszlig 63fb845fcf
virtualbox: Rebase hardened.patch on top of 5.1.22
The merge of the version bump in
6fb9f892382b4b091fc9edcae00e2eb4c0729bda didn't take care of our patch
for the hardening mode and thus enabling VirtualBox without also
force-disabling hardening mode will result in a build error.

While the patch is largely identical with the old version, I've removed
one particular change around the following code:

    if (pFsObjState->Stat.st_mode & S_IWOTH)
        return supR3HardenedSetError3(VERR_SUPLIB_WORLD_WRITABLE, pErrInfo,
                                      "World writable: '", pszPath, "'");

In the old version of the patch we have checked whether the path is
within the Nix store and suppressed the error return if that's the case.

The reason why I did that in the first place was because we had a bunch
of symlinks which were writable.

In VirtualBox 5.1.22 the code specifically checks whether the file is a
symlink, so we can safely drop our change.

Tested via all of the "virtualbox" NixOS VM subtests and they now all
succeed.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-06-23 05:48:54 +02:00
..
8086tiny Small style fixups 2014-09-10 21:34:50 -03:00
aqemu aqemu: init at 0.9.2 2017-02-10 12:48:29 +01:00
bochs treewide: explicitly specify gtk and related package versions 2016-09-12 18:26:06 +03:00
cbfstool cbfstool: git-2015-07-09 -> 4.5 2016-10-22 21:07:33 +03:00
containerd containerd: use removeReferencesTo 2017-03-11 15:17:32 +01:00
docker docker-proxy: remove go references 2017-05-17 22:14:34 +01:00
docker-distribution docker-distribution: 2.5.1 -> 2.6.0 2017-04-04 21:01:27 -04:00
driver Virtualization: add XEN/KVM related drivers for Windows 2015-07-04 00:14:05 +02:00
ecs-agent ecs-agent: init at 1.14.0 2017-02-10 04:33:48 +00:00
lkl lkl: split outputs 2017-05-24 01:07:26 +02:00
open-vm-tools open-vm-tools: fixup build with glibc-2.25 2017-02-22 16:54:07 +01:00
openstack Python: replace requests2 with requests tree-wide 2017-05-07 12:56:09 +02:00
OVMF OVMF: fix build 2017-05-29 12:21:17 +02:00
qboot qboot: turn off stackprotector and pic hardening 2016-04-03 11:41:30 +00:00
qemu qemu: 2.8.1 -> 2.9.0 2017-04-23 14:20:48 +02:00
rancher-compose rancher-compose: set version during build 2016-10-22 14:40:30 +02:00
remotebox remotebox: 2.1 -> 2.2 2016-11-09 02:24:46 +01:00
rkt rkt: 1.25.0 -> 1.26.0 2017-05-25 18:13:54 -04:00
runc Update runc to 1.0.0-rc3 2017-06-10 18:05:57 +02:00
seabios Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-03 13:34:44 +00:00
singularity singularity: init 2.2 2016-11-15 09:11:53 +11:00
spice-vdagent spice-vdagent: 0.16.0 -> 0.17.0 2016-09-26 08:20:04 -04:00
tini docker: 1.12.6 -> 1.13.0 2017-01-18 21:33:37 +01:00
virt-manager virtmanager-qt: 0.43.70.2 -> 0.43.72 2017-06-19 19:26:19 +08:00
virt-top virt-top: init at 1.0.8 (#21536) 2017-02-04 16:07:45 +01:00
virt-viewer libvirt packages: fix & clean up dependencies 2017-03-28 19:45:01 +02:00
virtinst virtinst: do not depend on glanceclient 2017-05-07 10:02:33 +02:00
virtualbox virtualbox: Rebase hardened.patch on top of 5.1.22 2017-06-23 05:48:54 +02:00
xen Merge pull request #26489 from michalpalka/xen-security 2017-06-09 09:31:42 -04:00
xhyve xhyve: update and fix to use our Hypervisor framework 2017-03-14 22:38:35 -04:00