[Spice-devel] usbredir and rights management
Hans de Goede
hdegoede at redhat.com
Wed Feb 8 00:39:38 PST 2012
Hi,
On 02/07/2012 09:40 PM, Dominique Rodrigues wrote:
> Hi,
>
> I have compiled spice-gtk (version 0.9) to support usbredir (version 3.3 compiled and installed) on 2 type of OS : Mageia and Debian (wheezy).
>
> I appears that usb redirection involves root in different ways for these OS. For mageaia, you have to give root password to access to USB drives in a virtual machine,
Yes, this is expected behavior redirecting usb devices requires direct/raw access to the usb device. If we were
to open up the usb device nodes far enough that this would work without requiring root rights any user
could do *anything* to *any* usb device, which seems a very poor default.
So we have a suid root helper which opens up the usb devices for spice-gtk based clients, after it has
gotten permission to do so from policykit, you can change the policy so that a root password is no
longer required, see: http://hansdegoede.livejournal.com/11936.html
Note that if you change the policy away from needing admin rights, that once more any user can do
*anything* to *any* usb device!
> while in debian root does not give any possibility (access is not allowed).
Then your spice-gtk is likely compiled without policykit support, re-run ./configure
and checks its outpu, you are likely missing some -dev packages needed for the acl helper.
Regards,
Hans
More information about the Spice-devel
mailing list