Hello,When using a GuiVM, several issues appear regarding permission errors. I created a topic on the forum and opened an issue: - https://forum.qubes-os.org/t/grant-full-admin-privileges-to-sys-gui-sys-gui-gpu/24368
- https://github.com/QubesOS/qubes-issues/issues/8934
My message here is more general about what privileges a GuiVM should have. Currently: - dom0 is not accessible from sys-gui, but we can CTRL+ALT+F2 to access tty or login back to XFCE's dom0 session. - there is no way to access dom0 from sys-gui-gpu because the GPU is not attached to it.
Then, we need a way to get full admin privileges from the GuiVM: - Should we grant full admin privileges to the GuiVM? - Should we grand full admin privileges to a dedicated AdminVM?- Should we create multiple adminVMs for different tasks, but all together, give full privileges? - Is it just a question of policies or is there other development needed in order to execute dom0 commands from a domU?
I'm aware that the GuiVM is still highly experimental, I try to gather information in order to clarify the correct path to follow and thus help future contributions.
Thanks! -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/1fb391a3e44ba618e523925ba3b6e2f5%40intellectual.rehab.
0x057475DB.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature