virtualbox: Remove group check on /nix/store.

This is espacially cruicial when it comes to Nix 1.9, where we even have
a more restrictive /nix/store. In any event, VirtualBox in hardenend
mode doesn't have to check the /nix/store path, because it's read-only
on NixOS systems. So this check would not introduce more security but
more hurdles, thus I'm removing it (of course _only_ for /nix/store).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>

pkgs/applications/virtualization/virtualbox/hardened.patch

@@ -60,19 +60,21 @@ index 2760306..0ce6c92 100644
   *
   * The way this work is that it will spawn a detached / backgrounded /
 diff --git a/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp b/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp
-index c39d2f7..cd19186 100644
+index c39d2f7..896b352 100644
 --- a/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp
 +++ b/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp
-@@ -1415,7 +1415,7 @@ static int supR3HardenedVerifyFsObject(PCSUPR3HARDENEDFSOBJSTATE pFsObjState, bo
+@@ -1415,18 +1415,19 @@ static int supR3HardenedVerifyFsObject(PCSUPR3HARDENEDFSOBJSTATE pFsObjState, bo
          NOREF(fRelaxed);
  #else
          NOREF(fRelaxed);
 -        bool fBad = true;
 +        bool fBad = !(fDir && pFsObjState->Stat.st_mode & S_ISVTX && !suplibHardenedStrCmp(pszPath, "/nix/store"));
  #endif
-         if (fBad)
+-        if (fBad)
++        if (fBad && suplibHardenedStrCmp(pszPath, "/nix/store"))
              return supR3HardenedSetError3(VERR_SUPLIB_WRITE_NON_SYS_GROUP, pErrInfo,
-@@ -1424,9 +1424,10 @@ static int supR3HardenedVerifyFsObject(PCSUPR3HARDENEDFSOBJSTATE pFsObjState, bo
+                                           "An unknown (and thus untrusted) group has write access to '", pszPath,
+                                           "' and we therefore cannot trust the directory content or that of any subdirectory");
      }
  
      /*