Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#64609 - [usbguard]Can't allow usbguard device permanently
Attached to Project:
Arch Linux
Opened by Islam Bahnasy (ice-9) - Friday, 22 November 2019, 12:29 GMT
Last edited by freswa (frederik) - Friday, 21 February 2020, 21:27 GMT
Opened by Islam Bahnasy (ice-9) - Friday, 22 November 2019, 12:29 GMT
Last edited by freswa (frederik) - Friday, 21 February 2020, 21:27 GMT
|
DetailsDescription:
Unable to whitelist device permanently due to filesystem restriction in the systemd unit file. If "ReadOnlyPaths=-/" is disabled, it works fine Additional info: * package version(s): 0.7.5-1 Steps to reproduce: # usbguard allow-device 15 -p IPC ERROR: request id=1: FileRuleSet saving: /etc/usbguard/rules.conf: Read-only file system |
This task depends upon
Closed by freswa (frederik)
Friday, 21 February 2020, 21:27 GMT
Reason for closing: Upstream
Additional comments about closing: https://github.com/USBGuard/usbguard/iss ues/347
Friday, 21 February 2020, 21:27 GMT
Reason for closing: Upstream
Additional comments about closing: https://github.com/USBGuard/usbguard/iss ues/347
$ systemctl edit usbguard.service
[Service]
ReadWritePaths=-/dev/shm -/var/log/usbguard -/tmp -/etc/usbguard
$ systemctl daemon-reload
$ systemctl restart usbguard.service
Changing the ReadWritePaths for usbguard.service to include /etc/usbguard or maybe even only
-/etc/usbguard/IPCAccessControl.d -/etc/usbguard/rules.conf
would fix the issue