Nixpkgs: Create NixOS module for spice-gtk usb redirection

Created on 27 Apr 2018 · 7Comments · Source: NixOS/nixpkgs

Issue description

To use the usb redirection features of virt-manager orvirt-viewer in NixOS, the user currently has to put spice-gtk into environment.SystemPackages, create a setuid wrapper, and activate a polkit action. This is neither obvious nor user-friendly, and currently undocumented except for some code comments.

Creating a little NixOS module to hide these steps behind a single config option will make this much easier to use.

I plan to implement this for 18.09 but anyone feel free to do it earlier...

module (new)

Source

xeji

👍2

Most helpful comment

I have spice_gtk in my systemPackages (not sure if necessary) and security.wrappers.spice-client-glib-usb-acl-helper.source = "${pkgs.spice_gtk}/bin/spice-client-glib-usb-acl-helper"; and it works for me.

lheckemann on 19 Mar 2019

👍2

All 7 comments

Creating setuid wrapper should not be needed with polkit. You just need to enable the polkit policy, which you can do by adding the polkit file to the /var/run/current-system/sw/share/polkit-1/actions, which is co-incidentally a side-effect of adding spice-gtk to environment.systemPackages. We could create services.polkit.enabledActions as an alias of environment.systemPackages for semantically more correct option.

jtojnar on 27 Apr 2018

If I remember correctly, in spice-gtk they have a helper program that needs to run setuid root to set device ACLs but internally uses polkit to authenticate the user's access to the usb devices. Last time I tried, both a setuid wrapper and the polkit action were needed for this to work. And I believe upstream docs mention that somewhere. Don't really understand why they do this...

But I'll try again without wrapper when implementing the module.

xeji on 27 Apr 2018

lheckemann on 19 Mar 2019

👍2

I have spice_gtk in my systemPackages (not sure if necessary)

Just tested this fix locally: it is required.

tmplt on 7 Dec 2019

This issue has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/having-an-issue-with-virt-manager-not-allowing-usb-passthrough/6272/2

nixos-discourse on 16 Mar 2020

Hello, I'm a bot and I thank you in the name of the community for opening this issue.

To help our human contributors focus on the most-relevant reports, I check up on old issues to see if they're still relevant. This issue has had no activity for 180 days, and so I marked it as stale, but you can rest assured it will never be closed by a non-human.

The community would appreciate your effort in checking if the issue is still valid. If it isn't, please close it.

If the issue persists, and you'd like to remove the stale label, you simply need to leave a comment. Your comment can be as simple as "still important to me". If you'd like it to get more attention, you can ask for help by searching for maintainers and people that previously touched related code and @ mention them in a comment. You can use Git blame or GitHub's web interface on the relevant files to find them.

Lastly, you can always ask for help at our Discourse Forum or at #nixos' IRC channel.