What is VirtualBox Hardening?

Question

We use Oracle VirtualBox OSE as a part of our custom virtualization infrastructure, and compile it on our CI servers. One of numerous compilation parameters you can add into LocalConfig.kmk, custom configuration file, is VBOX_WITH_HARDENING = 0, which obviously means compiling VirtualBox without Hardening. Also, you could not turn it on, if you compile it yourself.

I could not find in official build instructions, what in "hardening" on the "low-level", as far as I understood it's a some security patch, increasing guest OS-es protection against exploits. However, it still leaves a lot of questions. What is it physically, a driver, a patch, an application? Why Hardening sources are not included in VirtualBox OSE, an open-source product? I mean, how is it possible with the open-source license, which was derived from Sun Microsystems? And the main question, is it possible to compile VirtualBox OSE with Hardening?

Answer 1

I got it. VirtualBox Hardening enables additional checks for compiled application. For example, you have to specify during the build where exactly your built application is going to be located in the filesystem, and its exact name. If the app does not meet the requirements, as defined during the build process, the app won't run. That's why you cannot relocate VirtualBox.app, and that includes renaming it! "VirtualBox-5.2.18.app" won't run, "VirtualBox.app" will.

Another thing is that you cannot run VirtualBox from its build output location (Debug or Release directory). If you're building a hardened build, you'll see a "Hardening error"