New release: usbguard-0.7.7, and important projects updates are here!
A new release of USBGuard is available and it brings important bug fixes and new features. See the release page at Github for more information about the release.
- Added readwritepath to service file
- Added match-all keyword to rules language
- Added rules.d feature - daemon can load multiple rule files from rules.d/
- Included with-connect-type in dbus signal
- Add configure flags for optional libraries
- Public API documentation
- Fixed sigwaitinfo handling
- Fixed possible data corruption on stack with appendRule via dbus
- Fixed ENOBUFS errno handling on netlink socket
- Daemon can survive and wait until socket is readable again
- Make: explicitly treat pthread as first level dependency
- Added missing options to manual pages
- Dropped unused PIDFile from service file
- Dropped deprecated dbus-glib dependency
Rules.d feature in more detail
- Users of usbguard can set rules.d folder path in the same way they specify RuleFile.
- The USBGuard daemon will use this folder to load the policy rule set from it and to write new rules received via the IPC interface.
- Usually, we set the option to /etc/usbguard/rules.d/.
- The USBGuard daemon is supposed to behave like any other standard Linux daemon therefore it loads rule files in alpha-numeric order.
- File names inside RuleFolder directory should start with a two-digit number prefix indicating the position, in which the rules are scanned by the daemon.
- Setting up RuleFolder is as easy as the following: RuleFolder=/path/to/rulesfolder/
Many thanks to the following people for contributions to this release and to the USBGuard project:
- Attila Lakatos
- Thiebaud Weksteen
- Zoltan Fridrich
- Birger Schacht
- Marek Tamaskovic
- Sebastian Pipping
- Levente Polyak