usbguard
usbguard copied to clipboard
feature request: a rule property that makes the rule match only on daemon startup
Hey.
I know there is usbguard-daemon.conf
’s keep
value for options like PresentDevicePolicy
, but this just generally keeps every device (respectively host controller) present when the daemon starts.
What I would like being able to do is using apply-policy
in those options and requiring specific rules for such devices to be added to rules.conf
but still have a way to have them only match when the daemon starts.
The idea is that this would allow to harden things a bit more, should any future (other) device that is attached after the daemon has started match those rules, which are only intended for when the daemon starts.
Thanks, Chris.