* Adding PolicyKit actions
@ 2023-05-29 20:27 Robby Zambito
2023-05-29 22:09 ` Felix Lechner via
2023-05-30 18:21 ` Robby Zambito
0 siblings, 2 replies; 4+ messages in thread
From: Robby Zambito @ 2023-05-29 20:27 UTC (permalink / raw)
To: help-guix
Hello,
The root issue I am trying to solve right now is allowing USB
redirection to virtual machines. I've tracked down a promising solution
here: https://serverfault.com/a/1073230 which involves adding a new
PolicyKit action for low level USB access. Digging into the Guix source
I was able to find the definition of polkit-configuration (the manual
merely mentions that it exists; I may be able to help write more
documentation here if I figure this out :) ) and I'm hitting a wall
trying to figure out what I am doing wrong.
Here is the configuration I have added to my polkit-service in my system
configuration:
```
(service polkit-service-type
(polkit-configuration
(actions (list
(plain-file "org.spice-space.lowlevelusbaccess.policy"
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>
<!DOCTYPE policyconfig PUBLIC
\"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN\"
\"http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd\">
<policyconfig>
<vendor>The Spice Project</vendor>
<vendor_url>http://spice-space.org/</vendor_url>
<icon_name>spice</icon_name>
<action id=\"org.spice-space.lowlevelusbaccess\">
<description>Low level USB device access</description>
<message>Privileges are required for low level USB device access (for usb device pass through).</message>
<defaults>
<allow_any>yes</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
</action>
</policyconfig>")))))
```
Looking at the code it looks like `polkit-configuration` has an
`actions` field that should be a list of file-like objects, which I
think is what my code should be doing.
However, I get this error when I build my system:
```
Backtrace:
5 (primitive-load "/gnu/store/avr2qvlgydsvny8dkjl5mvjc0b6?")
In guix/build/union.scm:
192:6 4 (union-of-directories "/gnu/store/dikmqs3qk5x4v5lhz417?" ?)
In srfi/srfi-1.scm:
634:9 3 (for-each #<procedure 7ffff77dc6a0 at guix/build/union?> ?)
In guix/build/union.scm:
194:28 2 (_ "/gnu/store/hvq9rhwkslc9kqhyjaa6mzb61i069jyd-lowleve?")
56:13 1 (files-in-directory "/gnu/store/hvq9rhwkslc9kqhyjaa6mzb?")
In unknown file:
0 (opendir "/gnu/store/hvq9rhwkslc9kqhyjaa6mzb61i069jyd-l?")
ERROR: In procedure opendir:
In procedure opendir: Not a directory
```
Not very helpful to me :/
Any help would be appreciated!
Thanks,
Robby
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Adding PolicyKit actions
2023-05-29 20:27 Adding PolicyKit actions Robby Zambito
@ 2023-05-29 22:09 ` Felix Lechner via
2023-05-29 22:19 ` Robby Zambito
2023-05-30 18:21 ` Robby Zambito
1 sibling, 1 reply; 4+ messages in thread
From: Felix Lechner via @ 2023-05-29 22:09 UTC (permalink / raw)
To: Robby Zambito; +Cc: help-guix
Hi Robby,
On Mon, May 29, 2023 at 1:28 PM Robby Zambito <contact@robbyzambito.me> wrote:
>
> Here is the configuration I have added
>
> (service polkit-service-type
Are you using %desktop-services?
I believe polkit-service-type is already part of that set. [1] You may
have to extend the service instead [2] although I am currently not
sure about the best way to do that in your case.
Kind regards
Felix
[1] https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/services/desktop.scm#n1891
[2] https://guix.gnu.org/manual/devel/en/html_node/Service-Types-and-Services.html
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Adding PolicyKit actions
2023-05-29 22:09 ` Felix Lechner via
@ 2023-05-29 22:19 ` Robby Zambito
0 siblings, 0 replies; 4+ messages in thread
From: Robby Zambito @ 2023-05-29 22:19 UTC (permalink / raw)
To: Felix Lechner; +Cc: help-guix
Hi Felix,
> Are you using %desktop-services?
I am not. I only use %base-services instead. %desktop-services also
contains PulseAudio, which conflicts with my usage of PipeWire, so I've
added things from %desktop-services as I've needed them.
Thanks,
Robby
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Adding PolicyKit actions
2023-05-29 20:27 Adding PolicyKit actions Robby Zambito
2023-05-29 22:09 ` Felix Lechner via
@ 2023-05-30 18:21 ` Robby Zambito
1 sibling, 0 replies; 4+ messages in thread
From: Robby Zambito @ 2023-05-30 18:21 UTC (permalink / raw)
To: Robby Zambito; +Cc: help-guix
Robby Zambito <contact@robbyzambito.me> writes:
> ```
> (service polkit-service-type
> (polkit-configuration
> (actions (list
> (plain-file "org.spice-space.lowlevelusbaccess.policy"
> "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
> <!DOCTYPE policyconfig PUBLIC
> \"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN\"
> \"http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd\">
> <policyconfig>
>
> <vendor>The Spice Project</vendor>
> <vendor_url>http://spice-space.org/</vendor_url>
> <icon_name>spice</icon_name>
>
> <action id=\"org.spice-space.lowlevelusbaccess\">
> <description>Low level USB device access</description>
> <message>Privileges are required for low level USB device access (for usb device pass through).</message>
> <defaults>
> <allow_any>yes</allow_any>
> <allow_inactive>no</allow_inactive>
> <allow_active>yes</allow_active>
> </defaults>
> </action>
>
> </policyconfig>")))))
> ```
Follow up on this: I am able to evaluate this `service` expression in
`guix repl`. I am also able to use `,lower` and `,build` on the
`plain-file` in the REPL. Building the system with an empty list for the
actions works.
Maybe this is a bug? It seems like this is the correct way to configure
polkit actions from what I can find.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-05-31 11:47 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-05-29 20:27 Adding PolicyKit actions Robby Zambito
2023-05-29 22:09 ` Felix Lechner via
2023-05-29 22:19 ` Robby Zambito
2023-05-30 18:21 ` Robby Zambito
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).