Run the live session as an unprivileged user (Hyprland won't run as root)

The live medium autologged root on tty1 and exec'd Hyprland, but Hyprland refuses to start with superuser privileges ("launched with superuser privileges, but the privileges check is not omitted") and exited before even creating a log — leaving tty1 at a blank blinking cursor. (Boot, switch-root, firstboot suppression and the bos login on other ttys were all already working.) Adopt the standard live-ISO pattern: - bos-live-setup.service (oneshot, gated on the archisobasedir cmdline so it only runs on the live medium) creates an unprivileged `liveuser`, adds it to the usual hardware groups, clears its password, and drops in a minimal live Hyprland config that auto-launches the installer. - tty1 autologin now targets liveuser instead of root. - Calamares needs root, so bos-launch-calamares runs it via passwordless sudo (/etc/sudoers.d/99-bos-live) with the Wayland env preserved, so the root installer renders on the live user's compositor. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-14 04:13:10 +08:00 · 2026-06-14 04:13:10 +08:00 · 6c3c33e4ae
commit 6c3c33e4ae
parent a7b3f70930
7 changed files with 83 additions and 1 deletions
--- a/iso/airootfs/etc/sudoers.d/99-bos-live
+++ b/iso/airootfs/etc/sudoers.d/99-bos-live
@ -0,0 +1,3 @@
+# Live medium only: the unprivileged live user may escalate without a password
+# so the installer (Calamares) can run as root from the Wayland session.
+liveuser ALL=(ALL) NOPASSWD: ALL
--- a/iso/airootfs/etc/systemd/system/bos-live-setup.service
+++ b/iso/airootfs/etc/systemd/system/bos-live-setup.service
@ -0,0 +1,14 @@
+[Unit]
+Description=Set up the BOS live user and session
+# Only on the live medium — the installed system has no archisobasedir cmdline.
+ConditionKernelCommandLine=archisobasedir
+Before=getty@tty1.service
+After=systemd-tmpfiles-setup.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/local/bin/bos-live-setup
+
+[Install]
+WantedBy=multi-user.target
--- a/iso/airootfs/etc/systemd/system/getty@tty1.service.d/autologin.conf
+++ b/iso/airootfs/etc/systemd/system/getty@tty1.service.d/autologin.conf
@ -1,3 +1,3 @@
 [Service]
 ExecStart=
-ExecStart=-/sbin/agetty -o '-p -f -- \\u' --noclear --autologin root - $TERM
+ExecStart=-/sbin/agetty -o '-p -f -- \\u' --noclear --autologin liveuser - $TERM
--- a/iso/airootfs/etc/systemd/system/multi-user.target.wants/bos-live-setup.service
+++ b/iso/airootfs/etc/systemd/system/multi-user.target.wants/bos-live-setup.service
@ -0,0 +1 @@
+../bos-live-setup.service