Open meden opened 11 months ago
I think this issue is caused by this commit. Not sure about its motive, though.
About the motive, I thick the actual motive is this one, so I'm not sure anymore whether this bug is valid or not.
Same issue, tried multiple variations of usbguard config.
After the last config test I just left the screen to auto-lock, on resume all USB devices awoke as expected by policy. Whenever I manually lock the screen by enabling suspend the "USB 2.1 Hub" is forgotten and must be re-enabled manually.
One test I do which demonstrates the faulty event is systemctl restart usbguard
which then disables the devices as if the systems resumed from suspend in the same erroneous way. Regardless, the system correctly resumed just before i wrote this post.
apt show usbguard Package: usbguard Version: 1.1.1+ds-3
usbguard get-parameter ImplicitPolicyTarget block
usbguard get-parameter InsertedDevicePolicy apply-policy
@commandline-be, this may actually not be an USBGuard's issue.
I currently solved the bad behavior by disabling Gnome's USB "security":
$ gsettings set org.gnome.desktop.privacy usb-protection false
Please check my comment on the gnome-setting-daemon bug tracker for further details.
Hope it helps.
@meden With prior experiences I've also tried disabling usb-protection eventually to no avail. This time it did work, thanks for reminding us.
@meden forget what i said, this works only 50% of the time, it seems deeper suspend states (or something, speculating) are working against this (as noted before)
How is your experience by now ?
@commandline-be, as far as I can tell, things are working properly now (with Gnome's USB security disabled). When resuming the laptop, now GDM suggests that I can use the fingerprint to access (although it looks that sometimes it does it only on the second attempt, as I need to hit e.g. ESC a couple of times to "open-close-open" the password box).
Also, I'm not flooded anymore by the notifications coming from all my USB3 HUB's sub-devices.
facing this issue again i can tell it is not working reliably
Hello, I'm facing the following issue: when resuming the system from suspend, one of the internal devices (a Synaptics fingerprint reader, with USB id
06cb:00f9
) gets blocked, despite the rules allow it.I'm using USBguard 1.1.2 in Debian 12.
Here the log, where I (1) restart the service, (2) suspend&resume, (3) restart the service again:
In Gnome, I get notified about a new USB peripheral attached during suspend, which gets blocked (another annoying thing, as actually there are no new peripherals).
Restarting the service after resume makes the fingerprint reader available again, and I can use it until the next suspension, even if I lock the session, so I would tend to exclude some intervention by Gnome (although I cannot be sure, as I don't really know how it works).
These are my rules (initially generated with
usbguard generate-policy
, then manually refined):Personal information have been partially obfuscated in all shared snippets.
There is a similar report (#543), but my issue happens regardless the computer being docked or not, so I'm opening a new one.
Thank you for your work!