On Mon, May 28, 2018 at 7:04 AM <[email protected]> wrote: > > I installed qubes-template-fedora-26-minimal, upgraded it to release version > 28 (paid attention to the python2-xcffib bug) and cloned it to make a > network-"for-all-things-networking"-VM-only template. > > So far, as written in qubes documentation->fedora-minimal, I installed the > networking related packages to let the template act as a > minimal-networking-stuff-template. But nm-applet is not authorized to control. > And here we stops, because it seems that qubes-core-agent-passwordless-root > and/or polkit is always necessary. (?) > But because of a choice of design in Qubes 4.0, it is not installed as > default. Whereas qubes-core-agent-systemd and qubes-core-agent-qrexec are > installed by default as written in the documentation. > What is the mind behind this choice? Just asking out of sheer curiosity. > > The package polkit depends on spidermonkey javascript stuff (mozjs52 > package). 6.5MB of not relevant stuff for just an networking VM. Because it > works except the nm-applet authorization thingy. > > "nmcli general permissions" gave me a timeout as fedora-minimal AppVM user. > Can I get around this by adding the user to a specific group to get the > rights to use nm-applet as an user? A search gave me answers to a nm-applet > bug in 2015: > https://mail.gnome.org/archives/networkmanager-list/2015-January/msg00033.html > > There is a hint that NM uses polkit and/or systemd. But only polkit is not > installed (I guess). An advice someone wrote in the link: > "Alternatively, if you don't care about user permissions and want to > allow any user to control networking you can build NM with > --with-session-tracking=none and --with-polkit=no to disable this > functionality." > > I guess, this would be a workaround to get the minimal networking VM to fully > work, am I correct? > This should be the same behavior as qubes' passwordless-root just for NM and > with less packages - or is this way intending that anyone (even nobody-user, > if existing) could handle NM but do not get any other root files like write > to /rw/ in the NetVM and is therefor less "secure" than > user-polkit-passwordless-root installation and interaction!?
Yep, looks like polkit is indeed required :( -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABQWM_AbEDPUST7HA25uW-NpXnoDz5Ya%2B8qVUWPtcENY_z07Dg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
