Package: usbguard Version: 0.7.4+ds-1 Severity: important Hello,
Curently, the postinstall script of the package is generating a default policy that allows all USB devices conntected at the time of the installation. The problem is that there is no guarantee that the user has all the needed USB devices connected and even that the package will be installed on the final machine that will be used (VM cloned or chroot) Looking at the other distributions (ie. Fedora) they are not doing that. Not sure what should be done here, as no policy might also cause more issues. Maybe playing with the AuthorizedDefault= option and set it to internal or wired? Kind regards, Laurent Bigonville -- System Information: Debian Release: bullseye/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.9.0-5-amd64 (SMP w/4 CPU threads) Kernel taint flags: TAINT_FIRMWARE_WORKAROUND Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy Versions of packages usbguard depends on: ii dbus 1.12.20-1 ii init-system-helpers 1.60 ii libaudit1 1:3.0-1 ii libc6 2.31-6 ii libcap-ng0 0.7.9-2.2+b1 ii libgcc-s1 10.2.1-3 ii libglib2.0-0 2.66.4-1 ii libseccomp2 2.5.1-1 ii libstdc++6 10.2.1-3 ii libusbguard0 0.7.8+ds-2 usbguard recommends no packages. usbguard suggests no packages. -- Configuration Files: /etc/usbguard/usbguard-daemon.conf [Errno 13] Permission non accordée: '/etc/usbguard/usbguard-daemon.conf' -- no debconf information
