[Spice-devel] [PATCH spice-gtk] acl-helper policykit policy: Allow redir by default for console users

[Hans de Goede]

This makes usb-redir a lot more userfriendly to use. This  has been
discussed with the security team and they are ok with it, rationale:

Since we only set <allow_active> to yes, we only give raw usb access
to users *physically present behind the machine*. This is ok since
they already have full control over usb devices anyways, they can
always just unplug the device and put it in a user controlled machine.

This follows how we already grant a great deal of access to users
*physically present behind the machine* including dangerous things like
/dev/sg access for cd/dvd writers. And raw usb access to all devices which
happen to have a userspace driver rather then an in kernel driver.

Also the opening up is limited compared to the existing opening up of
other devices listed above in that:

1) It will only happen on machines which have spice-glib installed
2) We are not opening up the device nodes rights automatically, as an udev rule
would do. So there is no chance that any random app can start (accidentally)
poking the devices.

Signed-off-by: Hans de Goede <hdegoede at redhat.com>
---
 data/org.spice-space.lowlevelusbaccess.policy | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/org.spice-space.lowlevelusbaccess.policy b/data/org.spice-space.lowlevelusbaccess.policy
index 170f5ff..535ee31 100644
--- a/data/org.spice-space.lowlevelusbaccess.policy
+++ b/data/org.spice-space.lowlevelusbaccess.policy
@@ -13,7 +13,7 @@
     <message>Privileges are required for low level USB device access (for usb device pass through).</message>
     <defaults>
       <allow_inactive>no</allow_inactive>
-      <allow_active>auth_admin_keep</allow_active>
+      <allow_active>yes</allow_active>
     </defaults>
   </action>
 
-- 
1.8.0.2