Hello, Excerpts from Michal Suchanek's message of Mon Jul 20 19:10:20 +0200 2015: > Excerpts from Hans de Goede's message of Mon Jul 20 17:46:41 +0200 2015: > > Hi, > > > > On 20-07-15 11:51, Christophe Fergeau wrote: > > > Hey, > > > > > > Looks good te me now. > > > Hans, would you mind taking a quick look at that > > > patch in case you have objections on the change (if > > > spice_usb_acl_helper_open_acl_finish() fails, try to directly open the > > > device node anyway as it may be user-accessible). > > > > I do not think that this is the right thing todo, this means e.g. > > that if policykit / the admin explicitly denies redirection, but > > the usb device node happens to be opened up (which happens with > > e.g. scanners), then we will still redirect, this seems wrong to me. > > > > Instead Michal should fixup his policykit so that the helper works > > for him. > > Hello, > > this policykit thing is spice-specific afaik. > > The standard way to set up permissions which works with anything that > accesses USB devices is udev rules. > > I set up udev rules to access these devices and I cannot redirect them. > > In fact if Debian maintainers did not compile in support for policykit > I could redirect the devices which I can access. > > So effectively compiling in support for policykit denies redirection of > perfectly accessible devices which is in my view wrong. > > If your scanner devices happen to be accessible to you (probably because > you are member of the scanner group) then you can access those devices > with any random software and should be able to redirect them with spice. > > It's system administrator's job to add and remove users from the scanner > group or perform other action to make the scanner devices accessible or > inaccessible to particular users. > > It is not spice's job to 'correct' or 'homogenize' permissions between > policykit and device nodes. If the device is accessible it should be > redirected. If it's inaccessible it cannot be redirected. Policykit > helper is just another means to access the device. > What do I do to get this fixed? Thanks Michal _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel