usbguard policy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



hi

I could not find a usbguard policy altough the service runs as root.

I've created an initial policy to confine the usbguard daemon:
https://github.com/fedora-selinux/selinux-policy-contrib/pull/26/files

I encountered some problems:

* the daemon wants to manage it's usbguard-daemon.conf file. If the
usbguard-daemon process has no write access to /etc/usbguard-daemon.conf
it will quit immediately on service start. At least for servers I wan't
to manage the config with a config mgmt tool and not let usbguard itself
change it's config.

* server vs. desktop: the daemon provides an interface for desktop
applets or the usbuard cli to manipulate the rules and config. This is
desirable for a desktop but IMHO not for servers. what should be the
default? should the daemon be allowed to change its config/rules or not?


- Thomas


https://dkopecek.github.io/usbguard/
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux