forked from pool/usbguard
ce0287e573
resubmit OBS-URL: https://build.opensuse.org/request/show/361252 OBS-URL: https://build.opensuse.org/package/show/hardware/usbguard?expand=0&rev=1
78 lines
2.0 KiB
Plaintext
78 lines
2.0 KiB
Plaintext
#
|
|
# Rule set file path.
|
|
#
|
|
# The USBGuard daemon will use this file to load the policy
|
|
# rule set from it and to write new rules received via the
|
|
# IPC interface.
|
|
#
|
|
# RuleFile=/path/to/rules.conf
|
|
#
|
|
RuleFile=/etc/usbguard/rules.conf
|
|
|
|
#
|
|
# Implicit policy target.
|
|
#
|
|
# How to treat devices that don't match any rule in the
|
|
# policy. One of:
|
|
#
|
|
# * allow - authorize the device
|
|
# * block - block the device
|
|
# * reject - remove the device
|
|
#
|
|
ImplicitPolicyTarget=block
|
|
|
|
#
|
|
# Present device policy.
|
|
#
|
|
# How to treat devices that are already connected when the
|
|
# daemon starts. One of:
|
|
#
|
|
# * allow - authorize every present device
|
|
# * block - deauthorize every present device
|
|
# * reject - remove every present device
|
|
# * keep - just sync the internal state and leave it
|
|
# * apply-policy - evaluate the ruleset for every present
|
|
# device
|
|
#
|
|
PresentDevicePolicy=keep
|
|
|
|
#
|
|
# Present controller policy.
|
|
#
|
|
# How to treat USB controllers that are already connected
|
|
# when the daemon starts. One of:
|
|
#
|
|
# * allow - authorize every present device
|
|
# * block - deauthorize every present device
|
|
# * reject - remove every present device
|
|
# * keep - just sync the internal state and leave it
|
|
# * apply-policy - evaluate the ruleset for every present
|
|
# device
|
|
#
|
|
PresentControllerPolicy=allow
|
|
|
|
#!!! WARNING: It's good practice to set at least one of the !!!
|
|
#!!! two options bellow. If none of them are set, !!!
|
|
#!!! the daemon will accept IPC connections from !!!
|
|
#!!! anyone, thus allowing anyone to modify the !!!
|
|
#!!! rule set and (de)authorize USB devices. !!!
|
|
|
|
#
|
|
# Users allowed to use the IPC interface.
|
|
#
|
|
# A space delimited list of usernames that the daemon will
|
|
# accept IPC connections from.
|
|
#
|
|
# IPCAllowedUsers=username1 username2 ...
|
|
#
|
|
|
|
#
|
|
# Groups allowed to use the IPC interface.
|
|
#
|
|
# A space delimited list of groupnames that the daemon will
|
|
# accept IPC connections from.
|
|
#
|
|
# IPCAllowedGroups=groupname1 groupname2 ...
|
|
#
|
|
IPCAllowedGroups=wheel
|