| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
This makes usb-redir a lot more userfriendly to use. This has been
discussed with the security team and they are ok with it, rationale:
Since we only set <allow_active> to yes, we only give raw usb access
to users *physically present behind the machine*. This is ok since
they already have full control over usb devices anyways, they can
always just unplug the device and put it in a user controlled machine.
This follows how we already grant a great deal of access to users
*physically present behind the machine* including dangerous things like
/dev/sg access for cd/dvd writers. And raw usb access to all devices which
happen to have a userspace driver rather then an in kernel driver.
Also the opening up is limited compared to the existing opening up of
other devices listed above in that:
1) It will only happen on machines which have spice-glib installed
2) We are not opening up the device nodes rights automatically, as an udev rule
would do. So there is no chance that any random app can start (accidentally)
poking the devices.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
|
|
|
rhbz #787449
Signed-off-by: Yonit Halperin <yhalperi@redhat.com>
|
|
|
|
|
|
spice-client needs to be able to open the device nodes under /dev/bus/usb
to be able to redirect a usb device to the guest. Normally opening these
nodes is only allowed by root. This patch adds a suid root helper which
asks policykit if it is ok to grant raw usb device access, and if policykit
says it is ok, opens up the acl so that the spice-client can open the device
node.
As soon as spice-client closes the stdin of the helper, the helper removes
the extra rights. This ensures that the acl gets put back to normal even if
the spice client crashes. Normally the spice-client closes stdin directly
after opening the device node.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
