Excellent!
Alright. Let’s change that anyhow please to avoid confusion and maybe just in case?
This is expected. To elaborate, when user user runs “sudo something” the user should be prompted for the password. If the password is correct, the command would run as root.
This might change in future when multiple boot modes for better security: persistent user | live user | persistent secureadmin | persistent superadmin | persistent recovery mode is implemented.
Your screenshot shows that running id that user user is a member of group sudo. This is expected as of now. Same as in Whonix VMs.
Untrusted Root - improve Security by Restricting Root is a development goal but not yet implemented.
Whonix (or Kicksecure) Host for now same as 15.0.0.9.4 gw/ws VMs.
Awesome!
https://phabricator.whonix.org/T914#18825
Makes me wonder if whonix-libvirt is the correct place to implement Whonix calamares settings.
whonix-libvirt.hide currently hides /etc/lightdm/lightdm.conf.d/whonix-autologin.conf. Therefore disables autologin.
- Whonix-Host installed should not have autologin. That’s why above line.
- Whonix-Host iso should have autologin.
These are somewhat conflicting goals. Debian solves that by uninstalling package calamares-settings-debian at the end of calamares. We can’t do that because whonix-libvirt does other things which still need to be done in Whonix-Host installed.
Solution 1) Have a systemd unit file that detects being run from iso that creates the required file to auto login.
Solution 2) a separate package calamares-settings-whonix which is only installed on Whonix-Host iso but not in Whonix-Host installed.
What do you think?
There’s a package whonix-base-files for that already. That’s likely missing in Whonix-Host.
That’s because Whonix-Host does not depend yet on whonix-shared-packages-dependencies-cli
whonix-shared-packages-dependencies-cli:
- Pre-Depends: whonix-legacy
- Depends: whonix-base-files, anon-apt-sources-list, whonix-firewall, whonixsetup,
That’s because:
- whonix-firewall isn’t tested on Whonix-Host yet. → ⚓ T942 Whonix Host Firewall for Whonix Host
- whonixsetup isn’t tested with Whonix-Host yet. (Should be same as workstation.)
Fixed in git master just now:
Yes: