mirror of
https://gitlab.uni-freiburg.de/opensourcevdi/spice-gtk
synced 2026-02-05 05:49:10 +00:00
2161b5464f
spice-client needs to be able to open the device nodes under /dev/bus/usb to be able to redirect a usb device to the guest. Normally opening these nodes is only allowed by root. This patch adds a suid root helper which asks policykit if it is ok to grant raw usb device access, and if policykit says it is ok, opens up the acl so that the spice-client can open the device node. As soon as spice-client closes the stdin of the helper, the helper removes the extra rights. This ensures that the acl gets put back to normal even if the spice client crashes. Normally the spice-client closes stdin directly after opening the device node. Signed-off-by: Hans de Goede <hdegoede@redhat.com>
21 lines
715 B
XML
21 lines
715 B
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE policyconfig PUBLIC
|
|
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
|
|
"http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
|
|
<policyconfig>
|
|
|
|
<vendor>The Spice Project</vendor>
|
|
<vendor_url>http://spice-space.org/</vendor_url>
|
|
<icon_name>spice</icon_name>
|
|
|
|
<action id="org.spice-space.lowlevelusbaccess">
|
|
<description>Low level USB device access</description>
|
|
<message>Privileges are required for low level USB device access (for usb device pass through).</message>
|
|
<defaults>
|
|
<allow_inactive>no</allow_inactive>
|
|
<allow_active>auth_admin_keep</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
</policyconfig>
|