feature request: a rule property that makes the rule match only on daemon startup

[calestyo]

Hey.

I know there is usbguard-daemon.conf’s keep value for options like PresentDevicePolicy, but this just generally keeps every device (respectively host controller) present when the daemon starts.

What I would like being able to do is using apply-policy in those options and requiring specific rules for such devices to be added to rules.conf but still have a way to have them only match when the daemon starts.

The idea is that this would allow to harden things a bit more, should any future (other) device that is attached after the daemon has started match those rules, which are only intended for when the daemon starts.

Thanks, Chris.