I’m on unstable. I am trying to allow my USB redirection to work in either gnome-boxes or virt-manager. I’m getting an error in virt-manager “Error setting USB device node ACL: Error setting facl: Operation not permitted”
Relevant sections of my config are below:
security.polkit.enable = true;
security.polkit.debug = true;
security.polkit.adminIdentities = [
"unix-user:mbd777"
"unix-group:wheel"
];
Looking through the journal I see this:
journal/016d08adc1ef428a818ec406be3687f1/system@98b86729580b4b2b869275d5df0de02f-00000000000b3d69-000615ee5328ca1a.journal:SYSLOG_IDENTIFIER=polkitd
journal/016d08adc1ef428a818ec406be3687f1/system@98b86729580b4b2b869275d5df0de02f-00000000000b3d69-000615ee5328ca1a.journal:MESSAGE=Started polkitd version 123
journal/016d08adc1ef428a818ec406be3687f1/system@98b86729580b4b2b869275d5df0de02f-00000000000b3d69-000615ee5328ca1a.journal:_COMM=polkitd
journal/016d08adc1ef428a818ec406be3687f1/system@98b86729580b4b2b869275d5df0de02f-00000000000b3d69-000615ee5328ca1a.journal:_EXE=/nix/store/zrvqzsn2q0101i395igwcxqk9413r0dh-polkit-123/lib/polkit-1/polkitd
journal/016d08adc1ef428a818ec406be3687f1/system@98b86729580b4b2b869275d5df0de02f-00000000000b3d69-000615ee5328ca1a.journal:_CMDLINE=/nix/store/zrvqzsn2q0101i395igwcxqk9413r0dh-polkit-123/lib/polkit-1/polkitd --no-debug
journal/016d08adc1ef428a818ec406be3687f1/system@98b86729580b4b2b869275d5df0de02f-00000000000b3d69-000615ee5328ca1a.journal:_SYSTEMD_CGROUP=/system.slice/polkit.service
journal/016d08adc1ef428a818ec406be3687f1/system@98b86729580b4b2b869275d5df0de02f-00000000000b3d69-000615ee5328ca1a.journal:_SYSTEMD_UNIT=polkit.service
journal/016d08adc1ef428a818ec406be3687f1/system@98b86729580b4b2b869275d5df0de02f-00000000000b3d69-000615ee5328ca1a.journal:MESSAGE=Loading rules from directory /etc/polkit-1/rules.d
journal/016d08adc1ef428a818ec406be3687f1/system@98b86729580b4b2b869275d5df0de02f-00000000000b3d69-000615ee5328ca1a.journal:MESSAGE=Loading rules from directory /run/current-system/sw/share/polkit-1/rules.d
It’s still showing --no-debug being called despite me enabling debug. And the settings I’ve added don’t show in any of the rules in either:
/etc/polkit-1/rules.d
/run/current-system/sw/share/polkit-1/rules.d
I’ve even added a dummy rule to try to allow anything from a local user:
security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
if (subject.local) return "yes";
});
'';
The rebuild reports no errors but I’m not seeing where any changes to polkit (other than enabling it).
Am I missing something?