@Patrick do you see any security related issues with the below setup? This is what I do so that I don’t even need root/sudo in user mode to mount my encrypted backup disk.
-
Attach storage to VM on host:
virsh -c qemu:///system attach-disk \ --domain Whonix-Workstation \ --source /dev/disk/by-uuid/107e1edc-0913-4575-a2d9-1d4954e84715 \ --target vdb \ --targetbus virtio \ --driver qemu \ --subdriver raw \ --type disk \ --sourcetype block \ --persistent -
Add polkit rule
/etc/polkit-1/rules.d/10-udisk2.rules. This will requiresudoso it must be done in the sysmaint mode.sudo nano /etc/polkit-1/rules.d/10-udisk2.rulespolkit.addRule(function(action, subject) { if (action.id.match("org.freedesktop.udisks2.") && subject.isInGroup("storage")) { return polkit.Result.YES; } });sudo chown polkitd:root /etc/polkit-1/rules.d/10-udisk2.rules -
Add yourself to the storage and plugdev groups. This will require
sudoso it must be done in the sysmaint mode.sudo addgroup --system storage sudo usermod -aG storage,plugdev user -
Then this should work in user mode.
udiskctl unlock \ --block-device=/dev/disk/by-uuid/107e1edc-0913-4575-a2d9-1d4954e84715Should also be able to click on the volume in Thunar or whatever. Change the uuid to whatever your device is.