USBGuard is a software framework for implementing USB device authorization policies (what kind of USB devices are authorized) as well as method of use policies (how a USB device may interact with the system)
I was wondering if it was possible with the rule language of the USBGuard to check LABELs (ID_FS_LABEL) from USB-sticks. As far as I could find, that's not possible, the closest we can check is if the name matches and that's defined by the vendor itself, not someone who has formatted the device.
I know this may sound specific for USB sticks, but it seems to add an extra layer of check for only accepting USB sticks with defined LABELs.
Is this an idea worth discussing, or was it already discussed and it doesn't fit USBGuard purpose?
The use case I considered was such as one can add an extra layer of security for devices that should only accept USB sticks with a predefined label on it, without being locked-in to the vendor of the drive itself.
I was wondering if it was possible with the rule language of the USBGuard to check LABELs (ID_FS_LABEL) from USB-sticks. As far as I could find, that's not possible, the closest we can check is if the
namematches and that's defined by the vendor itself, not someone who has formatted the device. I know this may sound specific for USB sticks, but it seems to add an extra layer of check for only accepting USB sticks with defined LABELs.Is this an idea worth discussing, or was it already discussed and it doesn't fit USBGuard purpose?
The use case I considered was such as one can add an extra layer of security for devices that should only accept USB sticks with a predefined label on it, without being locked-in to the vendor of the drive itself.