[FR] Add Multi-User Mode Support about kernelsu HOT 12 CLOSED

Please describe your issue clearly.
KernelSU supports to grant root to work profile app out of box.

from kernelsu.

Yes but as far as I'm aware, there's no option to unmount it and not allow root over there, that's what we need to access picky applications. And that functionality to deny root to certain profiles is already available in magisk.

from kernelsu.

KernelSU is not Magisk, it uses white list by default, so if you don't grant root an app, it has no root, you don't need to disallow it.

from kernelsu.

But instead of having to individually unmount every application that one adds to their workspace and work profile, is there not a way to look at how magisk does this by profile to make it easier on the end users? And that way they won't have to go in every time they add an application to their work profile and white/black list things? As it stands, because root exists by default on workspace, it's being detected and applications that can otherwise be hidden with that feature are not being hidden and being detected the same as being on the main profile when it would be otherwise if it could be denied for that whole user.

If you pick something like 8 ball pool or even doordash application for example, KSU even with shamiko is going to fail on both sides. Now take it to magisk and it will do the same. Up until you move it to your work profile with multi user mode turned off, then you can actually access these things again.

from kernelsu.

root doesn't exist by default on workspace, it doesn't exist by default anywhere.

from kernelsu.

root doesn't exist by default on workspace, it doesn't exist by default anywhere.

To be as precise as possible, for whatever reason it may be, one of the only resorts we have right now is a rooted user to get into certain applications is to go into magisk and disable multi-user mode, this has proven to be a reliable and working method for getting into some of our applications. Also, adding this feature would serve to make it easier on the users, that would otherwise have to be white listing in Black listing every application they add to their workspace. Also I see a third benefit, users that have children or multiple users on a device like a tablet, you don't need their children having root access and messing things up. This has proven to be a reliable and almost necessary feature on ksu's alternative, and I'm asking if we could Port this functionality to deny root access to everybody but the main user, the administrator, to ksu?

from kernelsu.

root doesn't exist by default on workspace, it doesn't exist by default anywhere.

To be as precise as possible, for whatever reason it may be, one of the only resorts we have right now as a rooted user to get into certain applications is to go into magisk and disable multi-user mode, this has proven to be a reliable and working method for getting into some of our applications. Also, adding this feature would serve to make it easier on the users, that would otherwise have to be white listing and black listing every application they add to their workspace. Also I see a third benefit, users that have children or multiple users on a device like a tablet, don't need their children having root access and messing things up. This has proven to be a reliable and almost necessary feature on ksu's alternative, and I'm asking if we could Port this functionality to deny root access to everybody but the main user, the administrator, to ksu?

Having VPN drama apparently

from kernelsu.

I didn't intend to argue logistics just requesting feature if you don't see any need for it, I'm, out, I just hope you consider it for users that have children and other benefits besides the one that is obviously in the way, super user access being detected, for whatever the reason.

from kernelsu.

Some people use chopsticks to eat, and some people use forks to eat. Why do you want to make the chopsticks into forks?

from kernelsu.

.So your kids don't destroy your device, and you can use applications that you otherwise can't right now with a simple feature addition that can be implemented most likely just as easy as it uses overlays and mirrors to do what it does systemlessly the same way as your counterpart that can achieve these applications this way, which also benefits end users in various ways as described. Now you guys have the best hiding method as it's not detectable in user space up until you go the route of its predecessor, and you start using modules that can be traced back as coming from user data versus actually system where it's claiming to be. Maybe if with rw, these modules were directly applied, the right props hiding modifications and stuff, everything would be easier and not require so much out of zygisk, but since we're having to use that and everything is detecting it and you guys are using the same method if it works why fix it kind of situation. Multi-user mode was added for various reasons, kids, a sandbox environment, or just basic being able to get away with not seeing zygisk over there like you can do right now. I mean PCS have this function super user access should not be global, the administrator assigns specific roles and whether or not it's sub users should have certain access. The solution you're suggesting is let's hope my secretary doesn't white list my bank account and run off with all my money type situation, how about we don't give her access to these things at all and we don't have to worry about it.

from kernelsu.

Hidden root aside, KernelSU still doesn't support managing ROOT permissions for applications in another user.
It does support grant root to work profile apps, but not apps in another user.

from kernelsu.

I tried installing the KernelSU manager to another user, but it doesn't recognize the KernelSU installation.

from kernelsu.