Comment 59 for bug 156085
Revision history for this message
| TJ (tj) wrote Re: [Bug 156085] Could not open /proc/bus/usb/devices | #59 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
On Fri, 2008-09-05 at 17:23 +0000, Matt Zimmerman wrote:
> I understand, but I'm struggling with how we can grant raw hardware-level
> access to these devices (as needed by VMs) without compromising security on
> the host. USB is used for a wide range of peripherals, some of which should
> not be entrusted to unprivileged users.
>
The way I'm thinking, there is no "we" - leave it to the user to decide
whether to grant that permission through the process of installing the
udev rule.
At the moment they install the rule manually if they want user access
to /dev/bus/usb/*/* so a package to do it as a result of "sudo apt get
install ..." is just ensuring the process is bullet-proof.
I'm not advocating a system-default policy but something that makes it
easy for the user to apply the relaxed permission when they make a
conscious decision.
I like the idea of a package since simply by installing/removing it the
permission for any hypervisor to access the devices would be
enabled/denied.