On Thu, Feb 24, 2011 at 06:36:19PM +0200, Vilius Benetis wrote:
> On Thu, Feb 24, 2011 at 5:46 PM, Greg KH <greg@xxxxxxxxx> wrote:
> >>[vilius]
> >> we tried to disable USB storage sticks with the following command:
> >>
> >> SUBSYSTEMS=="usb" DRIVERS=="usb-storage" OPTIONS:="ignore_device"
> >>
> >> but we failed to make it work.
> >
> > Ignoring the device still makes it "active" in the system, especially as
> > you just tested that the usb-storage device was bound to your device
> > (which wouldn't be true that early in the process, which is one reason
> > why this failed).
> >
> > you need to write a 0 to the "authorized" file in sysfs which will
> > disable the whole USB device entirely if it meets your "list of devices
> > to reject". You also need to test not for driver binding, which again
> > will not have happened, and you don't want to have happen, but that it
> > is a usb storage device type (by virtue of the correct class config
> > options as shown by sysfs) and that it doesn't pass your list of valid
> > serial numbers.
> >
> > Note, all of that might be easier to do in a script than in a udev rule
> > alone, but it should be possible.
>
> I can follow the logic, but I think I am not able to convert the
> guidance to the actions.
>
> do you mean (am not sure what is this "authorised" file in sysfs):
>
> KERNEL!="sd[a-z][0-9]", GOTO="end_usb_key_filter"
Nope, way too late, you want to catch things _before_ the usb-storage
driver binds to it, right?
So match on a usb interfaces, and look at the class values to match the
usb storage ones. If they are a match, then go up a level and disable
the device by writing a 0 to the "authorized" file.
> SUBSYSTEM=="usb", ATTRS{serial}=="xx1", GOTO="end_usb_key_filter"
> SUBSYSTEM=="usb", ATTRS{serial}=="xx2", GOTO="end_usb_key_filter"
> SUBSYSTEM=="usb", RUN="echo 0 >/sys/xxx"
>
> or just:
>
> SUBSYSTEM=="usb", ATTRS{serial}=="xx1|xx2|xx3", GOTO="end_usb_key_filter"
> SUBSYSTEM=="usb", RUN="echo 0 >/sys/xxx"
> LABEL="end_usb_key_filter"
That might work, but watch out that you don't deactivate your USB
keyboards :)
thanks,
greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-hotplug" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
