Skip to content

GNOME Extension

The intuneme GNOME Shell extension adds a Quick Settings toggle for starting and stopping the container, along with buttons to launch Edge and Intune Portal — all without opening a terminal.

Note

The extension is entirely optional. All intuneme functionality is available through the CLI, which works on any desktop environment.

Requirements

  • GNOME Shell 47 or later
  • intuneme must be initialized (intuneme init completed)

Install

intuneme extension install

Log out and back in to activate the extension. After logging back in, the intuneme toggle appears in the Quick Settings panel (the panel that opens from the top-right corner of the screen).

Uninstall

The extension is removed when you run a full uninstall:

intuneme destroy --all

This also removes the polkit policy action that enables the extension's passwordless operations. See Upgrading — Re-enrollment for details on what destroy --all removes.

What the extension provides

  • Quick Settings toggle — Displays the current container state. Clicking it starts or stops the container.
  • Status details — The popup menu shows whether the container is running and enrollment status.
  • App shortcuts — Buttons to open a shell, launch Microsoft Edge, or launch Intune Portal directly from Quick Settings.

The extension monitors container state via D-Bus signals from systemd-machined for instant updates, with periodic polling as a fallback.

Supported terminal emulators

The shell shortcut in the extension opens an interactive terminal inside the container. The extension checks $TERMINAL first, then tries the following terminals in order: Ghostty, Ptyxis, GNOME Console (kgx), GNOME Terminal, and xterm.

Set the TERMINAL environment variable to override the default search order — for example, if you prefer a terminal that is not in the built-in list.

Passwordless app launch

intuneme init installs a sudoers rule at /etc/sudoers.d/intuneme-exec that allows the host user to run nsenter into the container without a password prompt. This is what enables the extension (and desktop shortcuts) to launch Edge and Intune Portal without a terminal window appearing to ask for a sudo password.

The rule is narrowly scoped:

  • It only permits the specific nsenter flag pattern used by intuneme open.
  • It only allows su to the host user (not arbitrary users).
  • It persists across intuneme start and intuneme stop cycles.
  • It is removed when you run intuneme destroy.

Tip

If the rule goes missing (for example, after upgrading from an older version), running intuneme start will reinstall it automatically.