Xfce Forum

Sub domains
 

You are not logged in.

#1 2018-08-11 16:18:03

CwF
Member
Registered: 2018-01-28
Posts: 287

Launcher or Verve with root privilege

I like using a panel with a single launcher with all text entries that expand from the carrot to form a simple menu for a few infrequent  operations.  These are virsh, qemu, and guestfs type operation that may include unreachable paths as the typical user. gksu doesn't always help, I'm not fluent in policy kit in case that could help.

I'm aware a call to a shell script that is correctly setup fixes the issue. And that is the correct way I suppose, yet the single command line in the launcher config is just simpler - if it worked.

For instance, gksu virsh detach-disk works fine embedded only in the launcher config but a matching attach-disk fails with an unreachable target. Any way around this like a root user enabled launcher where all sub-entries inherit root privilege?

Offline

#2 2018-08-11 19:11:33

ToZ
Administrator
From: Canada
Registered: 2011-06-02
Posts: 10,948

Re: Launcher or Verve with root privilege

CwF wrote:

I'm not fluent in policy kit in case that could help.

It's shouldn't be that difficult to implement. Have a look at the Arch wiki libvirt page.

First, if you are using libvirt 1.2.16 or greater, simply adding your user to the "libvirt" group will give you passwordless access to the virsh command.

Otherwise, there is a sample policykit file there that you can use that does the same for anyone in the kvm group.

Any way around this like a root user enabled launcher where all sub-entries inherit root privilege?

To be honest, using policykit (or even sudoers) is much easier. There is not way to elevate a panel launcher to root access levels.


Please remember to mark your thread [SOLVED] to make it easier for others to find
--- How To Ask For Help | FAQ | Developer Wiki  |  Community | Contribute ---

Offline

#3 2018-08-11 20:14:17

CwF
Member
Registered: 2018-01-28
Posts: 287

Re: Launcher or Verve with root privilege

ToZ wrote:

simply adding your user to the "libvirt" group will give you passwordless access to the virsh command.

...actually I made those user decisions when I first set it up awhile ago and there isn't a clean line, the dom0 user is enabled to invoke the commands. The paths in the command is what is out of bounds. Example if a command can call on a domain, then it is resolved by libvirt on behalf. If I have to call the file by path, ie. domain sda called out as var/lib/libvirt/images/baby.qcow2 then the command fails.

I built up the scripts and the little simple text tree of options is working fine. Another line here, they can't be in /home for the same issue, in a directory where user goes so far and root starts, they work. /images is the restricted directory. I think I'm leaving my boundaries in place then. It would be interesting to have a root launcher apart from a user launcher for these oddball things.

I've ended up with more use case for the tree of commands, but started out answering anothers question of virtualizing a usb key. Instead of a real key for testing, a qcow2 file is inserted and yanked usb like from the menu...

Verve seems similar, sucessful on everything except with /images in the path. It will yank the usb, not insert.

Thanks though...

Offline

Board footer

Powered by FluxBB