On 3 Nov 2023 14:13 +0100, from b.laessig@xxxxxxxxxxxxxx (Björn Lässig):
> I had 2 smartcard readers for 10 years connected to different virtual
> machines. This worked for me all these years:
>
> <hostdev mode='subsystem' type='usb' managed='yes'>
> <source>
> <vendor id='0x08e6'/>
> <product id='0x3478'/>
> </source>
> <address type='usb' bus='0' port='4'/>
> </hostdev>
Thank you! This looks _very_ promising, although I'm not really in a
position to fully test it right now, and I might not be able to do
that until some time next week. Reading at [1] I eventually ended up
with:
<domain>
<devices>
<hostdev mode='subsystem' type='usb' managed='no'>
<source startupPolicy='optional'>
<vendor id='0x0000'/>
<product id='0x0000'/>
</source>
<address type='usb' bus='0' port='N'/>
</hostdev>
</devices>
</domain>
plus of course everything else to describe the VM and with actual
values for vendor and product ID and port number, to match the setup
of the VM in which I was able to briefly test this.
At the very least, as far as I could tell with a quick test, this lets
me hot plug and hot unplug the YubiKey without virt-manager yelling at
me; makes starting the VM not dependent on the YubiKey being plugged
in; and makes the guest OS recognize it for what it is rather than as
a generic HID keyboard device. Icing on the cake would have been if I
could also restrict redirection based on USB device serial number as
well, but it looks like that's not possible, or at least not readily
so.
[1] https://libvirt.org/formatdomain.html#usb-pci-scsi-devices
--
Michael Kjörling 🔗 https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”
_______________________________________________
Users mailing list -- users@xxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxx
