wrf1
Contributor
Contributor

ubuntu linux kernel lockdown mode prevents vmplayer clients from starting

This follows on  VMware Knowledge Base "Cannot open /dev/vmmon: No such file or directory" error when powering on a VM (2146460).

Linux has a new security feature called kernel lockdown that prevents processed from directly accessing /dev/mem etc.  This applies even to root processes except via signed modules.  

So I signed vmmon and vmnet following the cited article.   However I still get the error when trying to open a vm:

Aug  2 12:49:44 p73 kernel: [412584.941998] Lockdown: vmplayer: /dev/mem,kmem,port is restricted; see man kernel_lockdown.7

I suppose I could completely disable lockdown, but I don't want to, especially given the recently announced linux kernel security holes.

Is there a way to give vmplayer more power but still keep some security?

I'm running p73 5.4.0-42-generic.

I'm sympathetic to the comments in some other recent postings that the linux kernel is changing so fast that it's hard for vmware to keep up.  I'm also aware of Linus's longstanding hostility to proprietary commercial SW interfacing to the kernel.

However all that leaves me unable to use vmplayer, which I wanted to use to run MS windows under linux to use a real MS office and not some buggy partial knockoff.

Thanks.

1 Reply
phydroxide
Contributor
Contributor

Having the same issue since upgrading to Mint 20. I was able to successfully import keys for the signed kernel modules, and it doesn't throw that error anymore. The error is:

Jan 5 14:10:03 phydroxide kernel: [ 608.186375] Lockdown: vmware-vmx: /dev/mem,kmem,port is restricted; see man kernel_lockdown.7

 

And then vmware player (VMware-Player-16.1.0-17198959.x86_64.bundle) immediately crashes. I tried adding my user to the kmem group. I will logout and see if some permission is stale. 

Tags (1)
0 Kudos