# [Solved] VirtualBox, hardened, USB problem

## Lok

```

Could not load the Host USB Proxy service (VERR_ACCESS_DENIED).

Result Code: 

0x00004005

Component: 

Host

Interface: 

IHost {81729c26-1aec-46f5-b7c0-cc7364738fdb}

Callee: 

IMachine {f95c0793-7737-49a1-85d9-6da81097173b}

```

% groups

wheel floppy audio cdrom cdrw usb scanner vboxusers

%

# mount|grep usb

usbfs on /proc/bus/usb type usbfs (rw,noexec,nosuid,devmode=0664,devgid=85)

#  

% ls /proc/bus

ls: cannot open directory /proc/bus: Permission denied

%

# ls /proc/bus

input  pci  usb

#

# cd /opt/VirtualBox && paxctl -msp *

not result.Last edited by Lok on Thu Feb 26, 2009 9:11 pm; edited 1 time in total

----------

## Sadako

You probably have proc filesystem protection enabled, `grep CONFIG_GRKERNSEC_PROC /usr/src/linux/.config`.

Depending on how you've set it up, you'll probably need to create a new group with the group ID of CONFIG_GRKERNSEC_PROC_GID, and add your user to that group.

----------

## Lok

Thanks

----------

## Lok

I am compiled kernel with:

# grep CONFIG_GRKERNSEC_PROC /usr/src/linux/.config

CONFIG_GRKERNSEC_PROC_MEMMAP=y

CONFIG_GRKERNSEC_PROC=y

CONFIG_GRKERNSEC_PROC_USER=y

CONFIG_GRKERNSEC_PROC_USERGROUP=y

CONFIG_GRKERNSEC_PROC_GID=10

CONFIG_GRKERNSEC_PROC_ADD=y

CONFIG_GRKERNSEC_PROC_IPADDR=y

#

But aslo have

% ls /proc/bus

ls: cannot open directory /proc/bus: Permission denied

%

And Could not load the Host USB Proxy service (VERR_ACCESS_DENIED).

----------

## Sadako

Okay, so check to see if you have any group defined with a GID of 10 within /etc/group, and if not, add a new group with that GID, and then add your user to that group;

```
groupadd -g 10 proc

gpasswd -a Lok proc
```

"10" is a little low, and is actually the GID of the wheel group on my box, so I'd change it to something higher (and unique) before doing the above, which of course will require a kernel re-compile and reboot (as I don't see any option for it under /proc/sys/kernel/grsecurity/ ...).

----------

## Lok

# zcat /proc/config.gz|grep CONFIG_GRKERNSEC_PROC

CONFIG_GRKERNSEC_PROC_MEMMAP=y

CONFIG_GRKERNSEC_PROC=y

CONFIG_GRKERNSEC_PROC_USER=y

CONFIG_GRKERNSEC_PROC_USERGROUP=y

CONFIG_GRKERNSEC_PROC_GID=2057

CONFIG_GRKERNSEC_PROC_ADD=y

CONFIG_GRKERNSEC_PROC_IPADDR=y

#

% getent group proc

proc:x:2057:master

%

% groups

wheel floppy audio cdrom cdrw usb scanner vboxusers proc

%  

% mount|grep usb

none on /proc/bus/usb type usbfs (rw,devgid=2057,devmode=777)

%  

% ls /proc/bus

ls: cannot open directory /proc/bus: Permission denied

%

----------

## Sadako

`ls -ld /proc/bus/`?

----------

## Lok

% ls -ld /proc/bus/ 

dr-x------ 5 root proc 0 Feb 27  2009 /proc/bus/

%

----------

## yabbadabbadont

Just to be sure, are you using virtualbox-bin or virtual-box-ose?  The ose version didn't have USB support the last time that I checked.

----------

## Lok

I use app-emulation/virtualbox-bin-1.6.6

# chmod 660 /proc/bus/

% ls -ld /proc/bus/ 

drw-rw---- 5 root proc 0 Feb 27  2009 /proc/bus/

%   

But

# ls -ld /proc/bus/usb

drwxr-xr-x 6 root root 0 Feb 27  2009 /proc/bus/usb

#

And

% ls -ld /proc/bus/usb

ls: cannot access /proc/bus/usb: Permission denied

%

----------

## Sadako

With `chmod 660 /proc/bus/`, you are removing the executable bit, which you need.

Try `chmod 770 /proc/bus/` instead.

----------

## Lok

Thank you very much, it's work  :Smile: 

----------

## Sadako

Glad I could help, and you shouldn't need to run chmod at all in future.

----------

