Skip to content

Add sidecar process for performing privileged operations#36

Merged
ethanjli merged 9 commits intomainfrom
privileged-sidecar
Mar 19, 2026
Merged

Add sidecar process for performing privileged operations#36
ethanjli merged 9 commits intomainfrom
privileged-sidecar

Conversation

@ethanjli
Copy link
Collaborator

@ethanjli ethanjli commented Mar 19, 2026
edited
Loading

When device-admin is run as the unprivileged pi user (instead of the root user) so that it can mount USB drives with pi user permissions (instead of root user permissions), then the advanced connection profile editor can’t make NetworkManager reload connection profiles (because that operation requires root permissions and has no available PolicyKit workaround). This PR adds a separate operating mode for device-admin (as a sidecar process) which is meant to be run as the root user and expose a varlink IPC interface for the unprivileged device-admin web server to trigger privileged operations.

This work is tracked on Notion at https://www.notion.so/device-admin-can-t-trigger-a-reload-of-NetworkManager-connection-profiles-3134e612c78a8098a2b6cfbeb609505b?source=copy_link and https://www.notion.so/TASK-FR014-Bug-ImSwitch-is-unable-to-shut-down-the-RPi-30a4e612c78a808db81efe5f053fcc93?source=copy_link

@ethanjli ethanjli enabled auto-merge March 19, 2026 10:12
@ethanjli ethanjli changed the title Add privileged sidecar process to reload NetworkManager conn profiles Add sidecar process for performing privileged operations Mar 19, 2026
@ethanjli ethanjli added this pull request to the merge queue Mar 19, 2026
@ethanjli ethanjli removed this pull request from the merge queue due to a manual request Mar 19, 2026
@ethanjli ethanjli enabled auto-merge March 19, 2026 10:21
@ethanjli ethanjli added this pull request to the merge queue Mar 19, 2026
Merged via the queue into main with commit 9cbc00a Mar 19, 2026
2 checks passed
@ethanjli ethanjli deleted the privileged-sidecar branch March 19, 2026 10:28
@ethanjli ethanjli mentioned this pull request Mar 19, 2026
Merged
github-merge-queue bot pushed a commit to openUC2/os-rpi that referenced this pull request Mar 19, 2026
@ethanjli
Bump device admin ctr img (#172)
dbd9e51 
This PR integrates openUC2/device-admin#36 .

This work is tracked on Notion at
https://www.notion.so/device-admin-can-t-trigger-a-reload-of-NetworkManager-connection-profiles-3134e612c78a8098a2b6cfbeb609505b?source=copy_link
@ethanjli ethanjli mentioned this pull request Mar 19, 2026
Merged
github-merge-queue bot pushed a commit to openUC2/device-portal that referenced this pull request Mar 19, 2026
@ethanjli
Use urfave/cli for some env vars (#3)
c9626cd 
This PR replicates some refactoring done in
openUC2/device-admin#36 .
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ethanjli