|
|
|
|
From dbc20d4c4aae7302e9a714d1f1f7abdaa3583ef2 Mon Sep 17 00:00:00 2001
|
|
|
|
|
From: =?UTF-8?q?Daniel=20Kope=C4=8Dek?= <dkopecek@redhat.com>
|
|
|
|
|
Date: Fri, 12 May 2017 13:15:30 +0200
|
|
|
|
|
Subject: [PATCH 1/2] Fixed usbguard-daemon.conf man page
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
doc/usbguard-daemon.conf.5 | 22 +++++++++++++++-------
|
|
|
|
|
doc/usbguard-daemon.conf.5.md | 6 +++---
|
|
|
|
|
2 files changed, 18 insertions(+), 10 deletions(-)
|
|
|
|
|
|
|
|
|
|
diff --git a/doc/usbguard-daemon.conf.5 b/doc/usbguard-daemon.conf.5
|
|
|
|
|
index f7434b1..476a31e 100644
|
|
|
|
|
--- a/doc/usbguard-daemon.conf.5
|
|
|
|
|
+++ b/doc/usbguard-daemon.conf.5
|
|
|
|
|
@@ -1,4 +1,7 @@
|
|
|
|
|
+.\" Automatically generated by Pandoc 1.17.0.3
|
|
|
|
|
+.\"
|
|
|
|
|
.TH "USBGUARD\-DAEMON.CONF" "5" "April 2017" "" ""
|
|
|
|
|
+.hy
|
|
|
|
|
.SH NAME
|
|
|
|
|
.PP
|
|
|
|
|
\f[B]usbguard\-daemon.conf\f[] \-\- USBGuard daemon configuration file
|
|
|
|
|
@@ -52,8 +55,8 @@ One of \f[C]block\f[], \f[C]reject\f[], \f[C]apply\-policy\f[].
|
|
|
|
|
.B \f[B]RestoreControllerDeviceState\f[]=<\f[I]boolean\f[]>
|
|
|
|
|
The USBGuard daemon modifies some attributes of controller devices like
|
|
|
|
|
the default authorization state of new child device instances.
|
|
|
|
|
-Using this setting, you can controll whether the daemon will try to
|
|
|
|
|
-restore the attribute values to the state before modificaton on
|
|
|
|
|
+Using this setting, you can control whether the daemon will try to
|
|
|
|
|
+restore the attribute values to the state before modification on
|
|
|
|
|
shutdown.
|
|
|
|
|
.RS
|
|
|
|
|
.RE
|
|
|
|
|
@@ -70,11 +73,6 @@ connections from.
|
|
|
|
|
.RS
|
|
|
|
|
.RE
|
|
|
|
|
.TP
|
|
|
|
|
-.B \f[B]IPCAccessControlFiles\f[]=<\f[I]path\f[]>
|
|
|
|
|
-Path to a directory holding the IPC access control files.
|
|
|
|
|
-.RS
|
|
|
|
|
-.RE
|
|
|
|
|
-.TP
|
|
|
|
|
.B \f[B]DeviceManagerBackend\f[]=<\f[I]backend\f[]>
|
|
|
|
|
Which device manager backend implementation to use.
|
|
|
|
|
Backend should be one of \f[C]uevent\f[] (default) or \f[C]dummy\f[].
|
|
|
|
|
@@ -88,6 +86,16 @@ See the \f[B]IPC ACCESS CONTROL\f[] section for more details.
|
|
|
|
|
.RS
|
|
|
|
|
.RE
|
|
|
|
|
.TP
|
|
|
|
|
+.B \f[B]DeviceRulesWithPort\f[]=<\f[I]boolean\f[]>
|
|
|
|
|
+Generate device specific rules including the "via\-port" attribute.
|
|
|
|
|
+This option modifies the behavior of the allowDevice action.
|
|
|
|
|
+When instructed to generate a permanent rule, the action can generate a
|
|
|
|
|
+port specific rule.
|
|
|
|
|
+Because some systems have unstable port numbering, the generated rule
|
|
|
|
|
+might not match the device after rebooting the system.
|
|
|
|
|
+.RS
|
|
|
|
|
+.RE
|
|
|
|
|
+.TP
|
|
|
|
|
.B \f[B]AuditFilePath\f[]=<\f[I]filepath\f[]>
|
|
|
|
|
USBGuard audit events log file path.
|
|
|
|
|
.RS
|
|
|
|
|
diff --git a/doc/usbguard-daemon.conf.5.md b/doc/usbguard-daemon.conf.5.md
|
|
|
|
|
index ea86ad1..58ca0ba 100644
|
|
|
|
|
--- a/doc/usbguard-daemon.conf.5.md
|
|
|
|
|
+++ b/doc/usbguard-daemon.conf.5.md
|
|
|
|
|
@@ -36,15 +36,15 @@ The **usbguard-daemon.conf** file is loaded by the USBGuard daemon after it pars
|
|
|
|
|
**IPCAllowedGroups**=<*groupname*> [<*groupname*> ...]
|
|
|
|
|
: A space delimited list of groupnames that the daemon will accept IPC connections from.
|
|
|
|
|
|
|
|
|
|
-**IPCAccessControlFiles**=<*path*>
|
|
|
|
|
-: Path to a directory holding the IPC access control files.
|
|
|
|
|
-
|
|
|
|
|
**DeviceManagerBackend**=<*backend*>
|
|
|
|
|
: Which device manager backend implementation to use. Backend should be one of `uevent` (default) or `dummy`.
|
|
|
|
|
|
|
|
|
|
**IPCAccessControlFiles**=<*path*>
|
|
|
|
|
: The files at this location will be interpreted by the daemon as IPC access control definition files. See the **IPC ACCESS CONTROL** section for more details.
|
|
|
|
|
|
|
|
|
|
+**DeviceRulesWithPort**=<*boolean*>
|
|
|
|
|
+: Generate device specific rules including the "via-port" attribute. This option modifies the behavior of the allowDevice action. When instructed to generate a permanent rule, the action can generate a port specific rule. Because some systems have unstable port numbering, the generated rule might not match the device after rebooting the system.
|
|
|
|
|
+
|
|
|
|
|
**AuditFilePath**=<*filepath*>
|
|
|
|
|
: USBGuard audit events log file path.
|
|
|
|
|
|
|
|
|
|
--
|
|
|
|
|
2.9.3
|
|
|
|
|
|