Hi,
I recently adopted spice-gtk and usbredir so I looked into this. In v0.39,
upstream removed setuid root from usb-acl-helper and replaced it with the
CAP_FOWNER permission. The merge request was here for reference. I'm going to
see if I can remove some of the custom debian/rules logic for us
Is it possible that libspice-client-glib-2.0-8 should merely Recommend:
spice-client-glib-usb-acl-helper, rather than Depend: ing on it?
spice-client-glib-usb-acl-helper is one of the few setuid binaries on
debian systems, and if it isn't installed, it seems like the attack
surface would be reduce
Package: libspice-client-glib-2.0-8
Version: 0.28-1
Followup-For: Bug #765017
Hello,
This problem is no longer present with current version of
libspice-client-glib-2.0-8
This is probably due to a change in the policykit and/or the helper
included with the library.
Either way, I cannot access de
reopen 765017
stop
Hi Liung.
(keeping Guido CCed at his request)
I just cloned this bug from virt-manager to
spice-client-glib-usb-acl-helper.
As you can see from the previous discussion, there was an issue (the one
I usually named (1)) that virt-manager automatically redirected USB
devices ful
4 matches
Mail list logo
