New release: usbguard-0.7.7, and important projects updates are here!

A new release of USBGuard is available and it brings important bug fixes and new features. See the release page at Github for more information about the release.

Change Log

Added

• Added readwritepath to service file
• Added match-all keyword to rules language
• Added rules.d feature - daemon can load multiple rule files from rules.d/
• Included with-connect-type in dbus signal
• Add configure flags for optional libraries
• Public API documentation

Fixed/Changed

• Fixed sigwaitinfo handling
• Fixed possible data corruption on stack with appendRule via dbus
• Fixed ENOBUFS errno handling on netlink socket
• Daemon can survive and wait until socket is readable again
• Make: explicitly treat pthread as first level dependency
• Added missing options to manual pages

Removed

• Dropped unused PIDFile from service file
• Dropped deprecated dbus-glib dependency

Rules.d feature in more detail

• Users of usbguard can set rules.d folder path in the same way they specify RuleFile.
• The USBGuard daemon will use this folder to load the policy rule set from it and to write new rules received via the IPC interface.
• Usually, we set the option to /etc/usbguard/rules.d/.
• The USBGuard daemon is supposed to behave like any other standard Linux daemon therefore it loads rule files in alpha-numeric order.
• File names inside RuleFolder directory should start with a two-digit number prefix indicating the position, in which the rules are scanned by the daemon.
• Setting up RuleFolder is as easy as the following: RuleFolder=/path/to/rulesfolder/

Thanks

Many thanks to the following people for contributions to this release and to the USBGuard project:

• Allen-Webb
• Attila Lakatos
• Thiebaud Weksteen
• userWayneCampbell
• Zoltan Fridrich
• Birger Schacht
• Marek Tamaskovic
• muelli
• Sebastian Pipping
• Levente Polyak

Regards, Radovan