From 596dc67556bda966f2a4351e2dd458a3b0d271d0 Mon Sep 17 00:00:00 2001 From: Thales Maciel Date: Wed, 29 Apr 2026 17:25:16 -0300 Subject: [PATCH] install.sh: expand the pre-sudo summary beyond just networking MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The previous one-liner ("banger needs permission to manage network access for the VMs you launch") was honest but understated; banger also needs sudo for storage (rootfs snapshots, loop devices, image files), launching/stopping firecracker under jailer isolation, and installing binaries + systemd units. Spell those out as a short bulleted list at the moment of decision so the user is authorising a known scope rather than a euphemism. Wording stays plain-language — no capability names, no jargon — since the target audience may not know networking or container terminology. Co-Authored-By: Claude Opus 4.7 (1M context) --- scripts/install.sh | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/scripts/install.sh b/scripts/install.sh index a19edd5..d16e13b 100755 --- a/scripts/install.sh +++ b/scripts/install.sh @@ -168,9 +168,16 @@ About to install banger $TARGET_VERSION (requires sudo): /etc/systemd/system/bangerd.service (background daemon) /etc/systemd/system/bangerd-root.service (privileged helper) -Why sudo: banger needs permission to automatically manage network -access for the VMs you launch. The privileged work runs in a small -helper service; the rest runs as you. +banger needs your permission to: + + • set up VM networking (bridges, NAT, DNS routing for .vm) + • manage VM storage (rootfs snapshots, loop devices, image files) + • launch and stop firecracker processes under jailer isolation + • install the binaries to /usr/local and the systemd units above + +Once installed, day-to-day commands like 'banger vm run' and +'banger image pull' run as you. Only the narrow set of operations +above goes through the privileged helper service. For details, see: $TRUST_DOC_URL