@john-c Nice to see progress there, I did not update to that version yet. Did you already check if the shown USB devices are independent of the usb-policy.conf (so that you see really all devices there)? The blogpost did not get specific about this detail. As @stormi stated above, controlling the usb-policy is not available via XAPI for now.
Z
Posts
-
RE: USB Passthrough Override Script - to ensure usb-policy.conf consistency
-
RE: USB Passthrough Override Script - to ensure usb-policy.conf consistency
I ran into the same issue (usb-policy.conf overwritten by update) and found this conversation. Sad to see that the script was removed, so I was not able to use/improve it and had to build something new.
You were saying something about cronjob not being ideal, this workaround is using systemd.path as trigger. The script also just re-inserts your change at the top of the file in case the VID/PID combination is missing, so possible security fixes are not un-fixed.
/root/modify-usb-policy.sh
(or put it wherever seems reasonable for you):#!/bin/bash USBPOL=/etc/xensource/usb-policy.conf VID= # insert VendorId in hex PID= # insert ProductId in hex if ! grep -q "vid=${VID}.*pid=${PID}" "$USBPOL"; then sed -i "1s/^/ALLOW: vid=${VID} pid=${PID} # manually added\n/" "$USBPOL" fi
/etc/systemd/system/modify-usb-policy.service
[Unit] Description=Modify usb-policy.conf to restore custom changes [Service] Type=oneshot ExecStart=/root/modify-usb-policy.sh [Install] WantedBy=multi-user.target
/etc/systemd/system/modify-usb-policy.path
[Path] PathChanged=/etc/xensource/usb-policy.conf [Install] WantedBy=multi-user.target
Enable the path file:
systemctl enable modify-usb-policy.path systemctl start modify-usb-policy.path
License CC0