unofficial mirror of help-guix@gnu.org 
 help / color / mirror / Atom feed
* Adding PolicyKit actions
@ 2023-05-29 20:27 Robby Zambito
  2023-05-29 22:09 ` Felix Lechner via
  2023-05-30 18:21 ` Robby Zambito
  0 siblings, 2 replies; 4+ messages in thread
From: Robby Zambito @ 2023-05-29 20:27 UTC (permalink / raw)
  To: help-guix

Hello,

The root issue I am trying to solve right now is allowing USB
redirection to virtual machines. I've tracked down a promising solution
here: https://serverfault.com/a/1073230 which involves adding a new
PolicyKit action for low level USB access. Digging into the Guix source
I was able to find the definition of polkit-configuration (the manual
merely mentions that it exists; I may be able to help write more
documentation here if I figure this out :) ) and I'm hitting a wall
trying to figure out what I am doing wrong.

Here is the configuration I have added to my polkit-service in my system
configuration:

```
(service polkit-service-type
	 (polkit-configuration
	  (actions (list
		    (plain-file "org.spice-space.lowlevelusbaccess.policy"
				     "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
<!DOCTYPE policyconfig PUBLIC
          \"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN\"
          \"http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd\">
<policyconfig>

  <vendor>The Spice Project</vendor>
  <vendor_url>http://spice-space.org/</vendor_url>
  <icon_name>spice</icon_name>

  <action id=\"org.spice-space.lowlevelusbaccess\">
    <description>Low level USB device access</description>
    <message>Privileges are required for low level USB device access (for usb device pass through).</message>
    <defaults>
      <allow_any>yes</allow_any>
      <allow_inactive>no</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>
  </action>

</policyconfig>")))))
```

Looking at the code it looks like `polkit-configuration` has an
`actions` field that should be a list of file-like objects, which I
think is what my code should be doing.

However, I get this error when I build my system:

```
Backtrace:
           5 (primitive-load "/gnu/store/avr2qvlgydsvny8dkjl5mvjc0b6?")
In guix/build/union.scm:
    192:6  4 (union-of-directories "/gnu/store/dikmqs3qk5x4v5lhz417?" ?)
In srfi/srfi-1.scm:
    634:9  3 (for-each #<procedure 7ffff77dc6a0 at guix/build/union?> ?)
In guix/build/union.scm:
   194:28  2 (_ "/gnu/store/hvq9rhwkslc9kqhyjaa6mzb61i069jyd-lowleve?")
    56:13  1 (files-in-directory "/gnu/store/hvq9rhwkslc9kqhyjaa6mzb?")
In unknown file:
           0 (opendir "/gnu/store/hvq9rhwkslc9kqhyjaa6mzb61i069jyd-l?")

ERROR: In procedure opendir:
In procedure opendir: Not a directory
```

Not very helpful to me :/

Any help would be appreciated!

Thanks,
Robby


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Adding PolicyKit actions
  2023-05-29 20:27 Adding PolicyKit actions Robby Zambito
@ 2023-05-29 22:09 ` Felix Lechner via
  2023-05-29 22:19   ` Robby Zambito
  2023-05-30 18:21 ` Robby Zambito
  1 sibling, 1 reply; 4+ messages in thread
From: Felix Lechner via @ 2023-05-29 22:09 UTC (permalink / raw)
  To: Robby Zambito; +Cc: help-guix

Hi Robby,

On Mon, May 29, 2023 at 1:28 PM Robby Zambito <contact@robbyzambito.me> wrote:
>
> Here is the configuration I have added
>
> (service polkit-service-type

Are you using %desktop-services?

I believe polkit-service-type is already part of that set. [1] You may
have to extend the service instead [2] although I am currently not
sure about the best way to do that in your case.

Kind regards
Felix

[1] https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/services/desktop.scm#n1891
[2] https://guix.gnu.org/manual/devel/en/html_node/Service-Types-and-Services.html


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Adding PolicyKit actions
  2023-05-29 22:09 ` Felix Lechner via
@ 2023-05-29 22:19   ` Robby Zambito
  0 siblings, 0 replies; 4+ messages in thread
From: Robby Zambito @ 2023-05-29 22:19 UTC (permalink / raw)
  To: Felix Lechner; +Cc: help-guix

Hi Felix,

> Are you using %desktop-services?

I am not. I only use %base-services instead. %desktop-services also
contains PulseAudio, which conflicts with my usage of PipeWire, so I've
added things from %desktop-services as I've needed them.

Thanks,
Robby


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Adding PolicyKit actions
  2023-05-29 20:27 Adding PolicyKit actions Robby Zambito
  2023-05-29 22:09 ` Felix Lechner via
@ 2023-05-30 18:21 ` Robby Zambito
  1 sibling, 0 replies; 4+ messages in thread
From: Robby Zambito @ 2023-05-30 18:21 UTC (permalink / raw)
  To: Robby Zambito; +Cc: help-guix


Robby Zambito <contact@robbyzambito.me> writes:

> ```
> (service polkit-service-type
> 	 (polkit-configuration
> 	  (actions (list
> 		    (plain-file "org.spice-space.lowlevelusbaccess.policy"
> 				     "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
> <!DOCTYPE policyconfig PUBLIC
>           \"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN\"
>           \"http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd\">
> <policyconfig>
>
>   <vendor>The Spice Project</vendor>
>   <vendor_url>http://spice-space.org/</vendor_url>
>   <icon_name>spice</icon_name>
>
>   <action id=\"org.spice-space.lowlevelusbaccess\">
>     <description>Low level USB device access</description>
>     <message>Privileges are required for low level USB device access (for usb device pass through).</message>
>     <defaults>
>       <allow_any>yes</allow_any>
>       <allow_inactive>no</allow_inactive>
>       <allow_active>yes</allow_active>
>     </defaults>
>   </action>
>
> </policyconfig>")))))
> ```

Follow up on this: I am able to evaluate this `service` expression in
`guix repl`. I am also able to use `,lower` and `,build` on the
`plain-file` in the REPL. Building the system with an empty list for the
actions works.

Maybe this is a bug? It seems like this is the correct way to configure
polkit actions from what I can find.


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2023-05-31 11:47 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-05-29 20:27 Adding PolicyKit actions Robby Zambito
2023-05-29 22:09 ` Felix Lechner via
2023-05-29 22:19   ` Robby Zambito
2023-05-30 18:21 ` Robby Zambito

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).