-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2016-11-28 03:29, Jean-Philippe Ouellet wrote: > If you use `qvm-usb` to assign a particular USB device to a particular > VM, it's probably because you wanted to actually use that device! (or > more likely some program which interfaces with that device) > > Currently, such programs will likely fail due to the `user` account > not having write access to the device node. > > Under Qubes' threat model, we assume there is no meaningful privilege > boundary between user and root[1], so would it make sense to just make > all passed-through USB devs world-writable (or at least user-writable) > to enable software using them to "Just Work" by default? > > Right now things only work if some application provides udev rules > changing ownership/permissions, or if a user observes things failing > and happens to know to go chmod stuff in /dev. > > [1]: https://www.qubes-os.org/doc/vm-sudo/ >
This sounds reasonable to me. Tracking it here: https://github.com/QubesOS/qubes-issues/issues/2465 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJYPDwbAAoJENtN07w5UDAwbXoQAKk0skB46ZIk1LDwSNWlBzON R3s7THaiHPMHPaQaW0EIp1DasUqHIKY+87/cKRrqraEQKRkoiVsPSyl22tqxj5sw JKb2wq7mjBR5DuufISS0G+FSZUGCxehKOhvFY8cfVg9FgGi8b47XNH415JeTDXxQ nlpurAcy2Bta55X2eU3vQBk33BK42uX2mQIjWseWYwsQZ6qmZdOZ7/orMKecWjHg fYSq2F3nHil+qxyG3CIHofTfkwoNWii7dLsn6Yzt0UVnbjKjCP8LRCy1+a8kHGTU BEHlWIYeTkhuUiZEo09zWjR/qLysnYHqjj+A1L43OsNgoS29Pdvzuw3DSoXi7t1C 62rz22uF/wmzAzy6IB1xIxgabiQtjMXRUkpD4OjV8DbpMt4IMbdlRusBXRm9O085 pR59gBUL29q68KpaMv1Ls+OSducwlHr59kO3jbCB1lCl7D2ZNmDch1r9Jwf/cxU9 D/83hvSYsSFiTujGIA/7xI0gwLDYgXL8vOtzPhQe8RphNf9vJ+gUjqv+mScNn+FE aiFHGWyPAtw59QHmQLdhcYJMai52APCAgphzkoBxVve3fT0oBe6oGeq1eQ8T6Sik kRen5Dov7syhUfA4kBGOci7Y5CiwTuSpNQCpQ2hpC8+7Z4RzOzKfUHz0Ce0JeuFo IjC89+Z7jkLhjT6OKbp6 =l6n+ -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/3a9d6f9b-2136-dc03-1593-077b00274a7f%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
