If you use `qvm-usb` to assign a particular USB device to a particular VM, it's probably because you wanted to actually use that device! (or more likely some program which interfaces with that device)
Currently, such programs will likely fail due to the `user` account not having write access to the device node. Under Qubes' threat model, we assume there is no meaningful privilege boundary between user and root[1], so would it make sense to just make all passed-through USB devs world-writable (or at least user-writable) to enable software using them to "Just Work" by default? Right now things only work if some application provides udev rules changing ownership/permissions, or if a user observes things failing and happens to know to go chmod stuff in /dev. [1]: https://www.qubes-os.org/doc/vm-sudo/ -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/CABQWM_CwxCv%3DqxqAKFMW%3DSWdLbwDuqaY8k7R7%3DOezKQNaEHBAw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
