Hardened VirtualBox is broken

[abbradar]

Issue description

1. We need to wrap Qt 5 applications for them to work correctly (for example to have working file dialogs when GTK3 integration is used) -- so we wrap VirtualBox;
2. Wrappers are currently implemented as shell scripts (see wrapProgram & friends depend on linux kernel shebang feature #11133);
3. Hardened VirtualBox requires its binaries to be suid -- we achieve this using our setuid wrappers.

We need to save all uids in our wrapper intact and Linux doesn't allow us to run shell scripts that way. So we can't currently fully use hardened VirtualBox (especially in GTK environments, but other bugs may surface).

Steps to reproduce

1. Install and run hardened VirtualBox;
2. Attempt to open a file in a GTK environment.

Technical details

• System: (NixOS: nixos-version, Ubuntu/Fedora: lsb_release -a, ...) 186cc51

A proper way out of this is to fix #11133 however we also need to somehow fix this on release channel without introducing such groundbreaking changes. I propose to disable hardening in VirtualBox on 17.03 unless anyone has a better idea.

EDIT: clarified that VirtualBox works somewhat, but not ideally.

[IreneKnapp]

I am also experiencing this. The workaround, in case it's not obvious to somebody, is virtualisation.virtualbox.host.enableHardening = false. And for the benefit of people coming here from a web search, this can manifest as "Failed to open a session for the virtual machine ____" with details like:

The virtual machine 'Steam' has terminated unexpectedly during startup with exit code 1 (0x1).

Result Code:
NS_ERROR_FAILURE (0x80004005)
Component:
MachineWrap
Interface:
IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0}

Or at least, I'm reasonably sure the error I'm experiencing is caused by this issue; it occurs when clicking to open a GTK file box to choose a boot disk while setting up a never-booted VM.

[fpletz]

Is this the same issue as #5283?