diff --git a/modules/services/hardware/udev.nix b/modules/services/hardware/udev.nix
index 2a75212725a..0b63d7543ea 100644
--- a/modules/services/hardware/udev.nix
+++ b/modules/services/hardware/udev.nix
@@ -15,7 +15,6 @@ let
   };
 
   nixosRules = ''
-
     # Miscellaneous devices.
     KERNEL=="kvm",                  MODE="0666"
     KERNEL=="kqemu",                MODE="0666"
diff --git a/modules/virtualisation/virtualbox-guest.nix b/modules/virtualisation/virtualbox-guest.nix
index 04fca1eb4e9..abfd6371557 100644
--- a/modules/virtualisation/virtualbox-guest.nix
+++ b/modules/virtualisation/virtualbox-guest.nix
@@ -65,6 +65,14 @@ in
         PATH=${makeSearchPath "bin" [ pkgs.gnugrep pkgs.which pkgs.xorg.xorgserver ]}:$PATH \
           ${kernel.virtualboxGuestAdditions}/bin/VBoxClient-all
       '';
+
+    services.udev.extraRules =
+      ''
+        # /dev/vboxuser is necessary for VBoxClient to work.  Maybe we
+        # should restrict this to logged-in users.
+        KERNEL=="vboxuser",  OWNER="root", GROUP="root", MODE="0666"
+      '';
+      
   };
 
 }