I installed qubes-template-fedora-26-minimal, upgraded it to release version 28 (paid attention to the python2-xcffib bug) and cloned it to make a network-"for-all-things-networking"-VM-only template.
So far, as written in qubes documentation->fedora-minimal, I installed the networking related packages to let the template act as a minimal-networking-stuff-template. But nm-applet is not authorized to control. And here we stops, because it seems that qubes-core-agent-passwordless-root and/or polkit is always necessary. (?) But because of a choice of design in Qubes 4.0, it is not installed as default. Whereas qubes-core-agent-systemd and qubes-core-agent-qrexec are installed by default as written in the documentation. What is the mind behind this choice? Just asking out of sheer curiosity. The package polkit depends on spidermonkey javascript stuff (mozjs52 package). 6.5MB of not relevant stuff for just an networking VM. Because it works except the nm-applet authorization thingy. "nmcli general permissions" gave me a timeout as fedora-minimal AppVM user. Can I get around this by adding the user to a specific group to get the rights to use nm-applet as an user? A search gave me answers to a nm-applet bug in 2015: https://mail.gnome.org/archives/networkmanager-list/2015-January/msg00033.html There is a hint that NM uses polkit and/or systemd. But only polkit is not installed (I guess). An advice someone wrote in the link: "Alternatively, if you don't care about user permissions and want to allow any user to control networking you can build NM with --with-session-tracking=none and --with-polkit=no to disable this functionality." I guess, this would be a workaround to get the minimal networking VM to fully work, am I correct? This should be the same behavior as qubes' passwordless-root just for NM and with less packages - or is this way intending that anyone (even nobody-user, if existing) could handle NM but do not get any other root files like write to /rw/ in the NetVM and is therefor less "secure" than user-polkit-passwordless-root installation and interaction!? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8db3b6c8-ebd2-497e-ac57-26f3459c2078%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
