RE: USB Passthrough Override Script - to ensure usb-policy.conf consistency

@john-c Nice to see progress there, I did not update to that version yet. Did you already check if the shown USB devices are independent of the usb-policy.conf (so that you see really all devices there)? The blogpost did not get specific about this detail. As @stormi stated above, controlling the usb-policy is not available via XAPI for now.

I ran into the same issue (usb-policy.conf overwritten by update) and found this conversation. Sad to see that the script was removed, so I was not able to use/improve it and had to build something new.

You were saying something about cronjob not being ideal, this workaround is using systemd.path as trigger. The script also just re-inserts your change at the top of the file in case the VID/PID combination is missing, so possible security fixes are not un-fixed.

/root/modify-usb-policy.sh (or put it wherever seems reasonable for you):

#!/bin/bash 
USBPOL=/etc/xensource/usb-policy.conf
VID= # insert VendorId in hex
PID= # insert ProductId in hex
if ! grep -q "vid=${VID}.*pid=${PID}" "$USBPOL"; then
  sed -i "1s/^/ALLOW: vid=${VID} pid=${PID} # manually added\n/" "$USBPOL"
fi

/etc/systemd/system/modify-usb-policy.service

[Unit]
Description=Modify usb-policy.conf to restore custom changes

[Service]
Type=oneshot
ExecStart=/root/modify-usb-policy.sh

[Install]
WantedBy=multi-user.target

/etc/systemd/system/modify-usb-policy.path

[Path]
PathChanged=/etc/xensource/usb-policy.conf

[Install]
WantedBy=multi-user.target

Enable the path file:

systemctl enable modify-usb-policy.path
systemctl start modify-usb-policy.path

License CC0