[Spice-devel] [PATCH spice-gtk 4/5] Add a suid root helper to open usb device nodes
Hans de Goede
hdegoede at redhat.com
Tue Nov 15 09:14:56 PST 2011
Hi,
On 11/15/2011 04:56 PM, Alon Levy wrote:
> On Tue, Nov 15, 2011 at 04:31:00PM +0100, Hans de Goede wrote:
>> spice-client needs to be able to open the device nodes under /dev/bus/usb
>> to be able to redirect a usb device to the guest. Normally opening these
>> nodes is only allowed by root. This patch adds a suid root helper which
>> asks policykit if it is ok to grant raw usb device access, and if policykit
>> says it is ok, opens up the acl so that the spice-client can open the device
>> node.
>>
>> As soon as spice-client closes the stdin of the helper, the helper removes
>> the extra rights. This ensures that the acl gets put back to normal even if
>> the spice client crashes. Normally the spice-client closes stdin directly
>> after opening the device node.
>>
>> Signed-off-by: Hans de Goede<hdegoede at redhat.com>
>> ---
>> configure.ac | 15 ++
>> data/Makefile.am | 4 +
>> data/org.spice-space.lowlevelusbaccess.policy | 20 ++
>
> Why spice-space and not spice? because it has to be a domain?
> (and for all other uses of spice-space as a namespace)
> If so no objection.
Because it traditionally is a domain, I did not really think a lot
about this, I just went with spice-space, and I think that makes
sense as just "spice" is a rather overloaded term / name.
Regards,
Hans
More information about the Spice-devel
mailing list