samcday
commented
6 months ago I'm building a GUI app that uses usb-gadget to configure a USB gadget and drive some of it via FunctionFS. For the prototype I'm simply running the app as a privileged process, but that's obviously not shippable. I knew I'd need to split the privileged bits that poke ConfigFS into a separate binary which the GUI app spawns and controls via pkexec.
I'm really impressed that the API of this crate already perfectly supports such a use case. The only tricky part was wrapping my brain around how to actually do it. Once I got it working, I figured it might be useful to show an example of that. I imagine many users of this crate would likely benefit from applying principle of least privilege, too.
The only trade-off I see here is that the example is now more complicated and perhaps makes it harder for someone completely uninitiated to grok the basics of building a gadget with a Custom function. If you're concerned about this I'm happy to move it to a separate example file.
surban
By default, the example still works as it previously did.
If run with
REGISTER_ONLY=1, it will pause after registering the gadget, allowing a second process to be run (which can be unprivileged) and configure FunctionFS.