Kay Sievers wrote: > >> Certain classes of USB devices like printers, fingerprint readers, > >> scanners, webcams, ... get ACLs assigned for locally logged-in users > >> only. Which is good, but I think things could be even better. > The commonly used groups are device-class based matches only. The > udev-managed user ACLs are also class-based only, and not bus based. > They are no unpredictable match like 'all pci devices'. For example, > we must never grant access to a USB device which contains a > usb-storage blockdevice. Of course not. I don't think that was the intent of the request. I do see value in special treatment for "usbfs-capable" interfaces; ie. those that have either usbfs or no driver at all bound. > You can just add such a udev rule to systems you administrate, if > that's the behavior you expect and can be sure its not a security > issue. The default udev installation does not > suggest/recommend/support anything like this. I think it could make sense for it to do so, not for all USB devices, but for those that have no driver. I'm not sure if it can actually be done reliably though. Maybe it's enough to react on when an interface appears and/or loses it's driver. //Peter -- To unsubscribe from this list: send the line "unsubscribe linux-hotplug" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
