install.sh: expand the pre-sudo summary beyond just networking
The previous one-liner ("banger needs permission to manage network
access for the VMs you launch") was honest but understated; banger
also needs sudo for storage (rootfs snapshots, loop devices, image
files), launching/stopping firecracker under jailer isolation, and
installing binaries + systemd units. Spell those out as a short
bulleted list at the moment of decision so the user is authorising
a known scope rather than a euphemism.
Wording stays plain-language — no capability names, no jargon —
since the target audience may not know networking or container
terminology.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
1be90a7af5
commit
596dc67556
1 changed files with 10 additions and 3 deletions
|
|
@ -168,9 +168,16 @@ About to install banger $TARGET_VERSION (requires sudo):
|
|||
/etc/systemd/system/bangerd.service (background daemon)
|
||||
/etc/systemd/system/bangerd-root.service (privileged helper)
|
||||
|
||||
Why sudo: banger needs permission to automatically manage network
|
||||
access for the VMs you launch. The privileged work runs in a small
|
||||
helper service; the rest runs as you.
|
||||
banger needs your permission to:
|
||||
|
||||
• set up VM networking (bridges, NAT, DNS routing for <vm>.vm)
|
||||
• manage VM storage (rootfs snapshots, loop devices, image files)
|
||||
• launch and stop firecracker processes under jailer isolation
|
||||
• install the binaries to /usr/local and the systemd units above
|
||||
|
||||
Once installed, day-to-day commands like 'banger vm run' and
|
||||
'banger image pull' run as you. Only the narrow set of operations
|
||||
above goes through the privileged helper service.
|
||||
|
||||
For details, see: $TRUST_DOC_URL
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue