Install `qubes-core-agent-passwordless-root` by default in minimal templates

[peakunshift]

Commitment

I confirm that I have read the following resources:

• [x] How to ask questions The Smart Way

• [x] Writing the perfect question

• [x] Question checklist

• [x] Could you please make my preference the defafault?

Current problem (if any)

Minimal templates does not have qubes-core-agent-passwordless-root installed. This makes more difficult to update them when necessary (install new packages in templates, temporary add configurations in a dispVM for testing purpose, etc).

Is there a specific reason why it has not been done?

Proposed solution

As explained in the official QubesOS documentation, install qubes-core-agent-passwordless-root by default in debian-minimal and fedora-minimal.

The value to a user, and who that user might be

Easier control of VMs by having sudo privileges.

[ben-grande]

The reasoning is: only install when strictly needed,

I am trying to harden against a machine with root having trying to attack Xen. A Qrexec dialog for sudo authorization does not help anything, only gives false sense of security. This is why I opted for no unprivileged user with superuser rights.

Easier control of VMs by having sudo privileges.

I understand the usability issues:

• GUI: Qube in System Tray / Applet: doesn't have an option to open root terminal
• CLI: long command with qvm-run: qvm-run -u root --service QUBE qubes.StartApp+qubes-run-terminal

For the GUI, you can solve with a desktop shortcut (I don't provide any).

For the CLI, I provide the qvm-terminal script: qvm-terminal -u root tpl-media. You can make it shorter: alias qtr="qvm-terminal -u root", qtr tpl-media.

[peakunshift]

Okay I understand, the command is annoying to type but with your CLI it makes it easier, and better to have non-privileged user this way!

[ben-grande]

https://github.com/ben-grande/qusal/issues/18#issuecomment-1959891160 Nice, can this be moved to the project? So no need to install something new, and limiting the amount of dom0 modifications is better to respect QubesOS security philosophy.

I will do the same here, move qvm-terminal to Qusal /usr/bin.

[ben-grande]

Okay I understand, the command is annoying to type but with your CLI it makes it easier, and better to have non-privileged user this way!

If you want to have passwordless root, install in the minimal templates debian-12-minimal and fedora-39-minimal before applying the other formulas, as the other templates are clone of these, they will have passwordless root also.

[ben-grande]

To be sure you don't have the dotfiles scripts in your way, remove them from $HOME/.local/bin/dom0 on dom0:

rm -f ~/.local/bin/dom0/qvm-{terminal,file-manager,copy-to-dom0}

and fetch the new commits before applying the states.

I won't provide migration guides for breaking changes such as this in this stage, as they may happen frequently in this stage of development.