You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Feel free to push back on this, but there are a number of rpm-ostree commands that can be run w/o sudo access. rpm-ostree status is what comes to mind. I believe we have policykit (or something like that!) to enable certain commands from non-privileged users. It would be nice if we could do the same for bootc.
I think we want any user w/ shell access to be able to querry:
$ bootc status
ERROR Status: Querying root privilege: This command requires root privileges
Thoughts?
The text was updated successfully, but these errors were encountered:
Yeah, this one is a bit harder as it heavily intersects with #2 which is a big change.
An issue with rpm-ostree in general is I think not all use cases will want to necessarily make the system state accessible to unprivileged users - especially as we're likely to expand what data is there.
My offhand instinct here is the easiest thing would be:
Add a bootc-readonly-unprivileged.{path,service} unit that, when enabled, monitors for changes in e.g. /ostree (for which we bump the mtime on changes) and basically just does bootc status --json > /run/bootc/status.json that is world-readable
Teach bootc status when run unprivileged to just parse that JSON
Obviously whether it's enabled by default would be an important property. I could get behind it being on by default upstream.
Feel free to push back on this, but there are a number of rpm-ostree commands that can be run w/o sudo access.
rpm-ostree status
is what comes to mind. I believe we have policykit (or something like that!) to enable certain commands from non-privileged users. It would be nice if we could do the same for bootc.I think we want any user w/ shell access to be able to querry:
Thoughts?
The text was updated successfully, but these errors were encountered: