rsturla · p5 · Apr 14, 2023 · Apr 14, 2023 · Apr 14, 2023 · Apr 14, 2023
diff --git a/base/etc/firstboot/config.json b/base/etc/firstboot/config.json
@@ -21,7 +21,5 @@
   "rpms": [
     "1password"
   ],
-  "userGroups": [
-    "libvirt"
-  ]
+  "userGroups": []
 }
diff --git a/base/etc/polkit-1/rules.d/100-libvirt-acl.rules b/base/etc/polkit-1/rules.d/100-libvirt-acl.rules
@@ -0,0 +1,5 @@
+polkit.addRule(function(action, subject) {
+  if (action.id == "org.libvirt.unix.manage" && subject.local && subject.active && subject.isInGroup("wheel")) {
+      return polkit.Result.YES;
+  }
+});
diff --git a/base/usr/libexec/firstboot b/base/usr/libexec/firstboot
@@ -48,13 +48,17 @@ install_rpms() {
   echo "Installing RPMs..."
   # Read list of RPMs from /etc/firstboot/config.json and install them
   rpms=$(jq -r '.rpms[]' /etc/firstboot/config.json)
-  rpm-ostree install --idempotent -y "$rpms"
+
+  if [[ -n "$rpms" ]]; then
+    rpm-ostree install --idempotent -y "$rpms"
+  else
+    echo "No RPMs to install."
+  fi
 }
 
 configure_user_groups() {
   echo "Configuring user groups..."
-  # Read list of groups from /etc/firstboot/config.json and add user to them permanently
-  # This must be done by appending to /etc/group, as usermod -aG doesn't work on firstboot
+  # Read list of user groups from /etc/firstboot/config.json and add them to the current user
   groups=$(jq -r '.userGroups[]' /etc/firstboot/config.json)
   for group in $groups; do
     if ! grep -q "^$group:" /etc/group; then