From 37b2febcc4e2a726b0a9e6c4deb64409956f842b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Mon, 28 Jul 2025 00:57:28 +0200 Subject: [PATCH 1/2] Remove old-format policy file QubesOS/qubes-issues#4370 --- Makefile | 1 - qubes-rpc/qubes.USB.policy | 1 - rpm_spec/qubes-usb-proxy-dom0.spec.in | 1 - 3 files changed, 3 deletions(-) delete mode 100644 qubes-rpc/qubes.USB.policy diff --git a/Makefile b/Makefile index 9065f75..f3cdfc8 100644 --- a/Makefile +++ b/Makefile @@ -13,5 +13,4 @@ install-vm: install-dom0: python3 setup.py install -O1 --root $(DESTDIR) - install -D -m 0664 qubes-rpc/qubes.USB.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.USB diff --git a/qubes-rpc/qubes.USB.policy b/qubes-rpc/qubes.USB.policy deleted file mode 100644 index b77244c..0000000 --- a/qubes-rpc/qubes.USB.policy +++ /dev/null @@ -1 +0,0 @@ -$anyvm $anyvm deny diff --git a/rpm_spec/qubes-usb-proxy-dom0.spec.in b/rpm_spec/qubes-usb-proxy-dom0.spec.in index 01c54d9..97a5ab3 100644 --- a/rpm_spec/qubes-usb-proxy-dom0.spec.in +++ b/rpm_spec/qubes-usb-proxy-dom0.spec.in @@ -27,7 +27,6 @@ This package also contains tests. make install-dom0 DESTDIR=${RPM_BUILD_ROOT} %files -%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.USB %dir %{python3_sitelib}/qubesusbproxy-*.egg-info %{python3_sitelib}/qubesusbproxy-*.egg-info/* %{python3_sitelib}/qubesusbproxy From 340679d015738c2b774cb6682b2182c0614a02bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Mon, 28 Jul 2025 01:07:47 +0200 Subject: [PATCH 2/2] Use rpc config to run qubes.USB as root Instead of sudo. It makes it work out of the box on a minimal template. And also will work if sudo is not installed. QubesOS/qubes-issues#9599 --- Makefile | 3 +++ qubes-rpc/qubes.USB.config | 1 + rpm_spec/qubes-usb-proxy.spec.in | 1 + 3 files changed, 5 insertions(+) create mode 100644 qubes-rpc/qubes.USB.config diff --git a/Makefile b/Makefile index f3cdfc8..2a9811d 100644 --- a/Makefile +++ b/Makefile @@ -3,6 +3,9 @@ install-vm: install qubes-rpc/qubes.USBAttach $(DESTDIR)/etc/qubes-rpc install qubes-rpc/qubes.USBDetach $(DESTDIR)/etc/qubes-rpc install qubes-rpc/qubes.USB $(DESTDIR)/etc/qubes-rpc + install -d $(DESTDIR)/etc/qubes/rpc-config + install -T -m 0644 qubes-rpc/qubes.USB.config \ + $(DESTDIR)/etc/qubes/rpc-config/qubes.USB install -d $(DESTDIR)/usr/lib/qubes install src/usb-* $(DESTDIR)/usr/lib/qubes install -d $(DESTDIR)/usr/lib/udev/rules.d diff --git a/qubes-rpc/qubes.USB.config b/qubes-rpc/qubes.USB.config new file mode 100644 index 0000000..684ea91 --- /dev/null +++ b/qubes-rpc/qubes.USB.config @@ -0,0 +1 @@ +force-user='root' diff --git a/rpm_spec/qubes-usb-proxy.spec.in b/rpm_spec/qubes-usb-proxy.spec.in index c50d057..d4b357c 100644 --- a/rpm_spec/qubes-usb-proxy.spec.in +++ b/rpm_spec/qubes-usb-proxy.spec.in @@ -31,6 +31,7 @@ make install-vm DESTDIR=${RPM_BUILD_ROOT} /etc/qubes-rpc/qubes.USB /etc/qubes-rpc/qubes.USBAttach /etc/qubes-rpc/qubes.USBDetach +/etc/qubes/rpc-config/qubes.USB /etc/qubes/suspend-pre.d/usb-detach-all.sh /usr/lib/qubes/usb-import /usr/lib/qubes/usb-export