Can't allow usbguard device permanently #347

ibahnasy · 2019-11-22T12:34:18Z

Unable to whitelist device permanently due to filesystem restriction in the systemd unit file.
If "ReadOnlyPaths=-/" is disabled, it works fine

Package version(s): 0.7.5-1

Steps to reproduce:

# usbguard allow-device 15 -p
IPC ERROR: request id=1: FileRuleSet saving: /etc/usbguard/rules.conf: Read-only file system

The text was updated successfully, but these errors were encountered:

c0d3z3r0 · 2019-11-23T20:01:59Z

I had the same problem; workaround:

sudo mkdir /etc/systemd/system/usbguard.service.d
cat <<"EOF" | sudo tee /etc/systemd/system/usbguard.service.d/override.conf
[Service]
ReadWritePaths=-/dev/shm -/var/log/usbguard -/tmp -/etc/usbguard
EOF

Add readwritepath to service file to make changes to rules permanent. [1] '-' before the path means: Paths in ReadWritePaths=, ReadOnlyPaths= and InaccessiblePaths= may be prefixed with "-", in which case they will be ignored when they do not exist. [2] Based on [1] [1] - #347 [2] - https://www.freedesktop.org/software/systemd/man/systemd.exec.html fix

radosroka · 2019-12-06T12:47:02Z

Fixed in : fffd3d3

marektamaskovic mentioned this issue Nov 25, 2019

Add readwritepath to service file #348

Merged

radosroka closed this as completed Dec 6, 2019

LucasParsy mentioned this issue Aug 8, 2020

[PoC] action button to allow a new device from a notification Cropi/usbguard-notifier#62

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Can't allow usbguard device permanently #347

Can't allow usbguard device permanently #347

ibahnasy commented Nov 22, 2019 •

edited

c0d3z3r0 commented Nov 23, 2019

radosroka commented Dec 6, 2019

Can't allow usbguard device permanently #347

Can't allow usbguard device permanently #347

Comments

ibahnasy commented Nov 22, 2019 • edited

c0d3z3r0 commented Nov 23, 2019

radosroka commented Dec 6, 2019

ibahnasy commented Nov 22, 2019 •

edited