Packaging: xapi-core RPM updates overwrite custom user config in usb-policy.conf

[stormi]

I initially created an issue, 4 months ago, on Citrix's JIRA as https://tracker.citrix.com/VAT-9 but issues created in the VAT project there never got reviewed, so I'm now trying where I have a chance to actually reach people. Also, it's not just a packaging issue, as the best solution would involve changes in XAPI (two layers of configuration, the distro one and the user one).

Users may need to modify the configuration in /etc/xensource/usb-policy.conf. For USB passthrough, for example.

The way the file is packaged currently, the whole file is overwritten each time it is updated in the xapi-core RPM. This happened in a recent XAPI hotfix (was recent when I first wrote this, at least). We had a similar update in XCP-ng which subsequently broke users' USB passthrough configuration.

We could improve this is several ways.

• The minimum would be to prefix the filename with %config in the spec file. This would not prevent the file from being overwritten, but the customized one would be saved to a .rpmsave file.
• Another possibility would be to mark it %config(noreplace), but then the file would not be updated once users modify it. Changes would only be written to a .rpmnew file that users would have to check. A header comment could be added to the file to inform the users about this: change anything, lose future updates to the file. The directive would still make the file updated for the vast majority of users who don't modify it.
• In my opinion, a better solution from the user point of view would likely be to have two levels of configuration, in two separate files. One that would never be modified by users (and ideally in /usr, not in /etc), and one where they can add their custom configuration.

[edwintorok]

In general we do not support users modifying configuration files in Dom0, it is way too easy to end up in a broken state. (of course modifying some configuration files as a last resort until a bugfix can be made is useful, and having configuration files is useful for developers adding new features) If there is a situation where a user would need to modify a configuration file the preferred way forward is to make an API call (e.g. Host.set_), and then XAPI can ensure (e.g. on startup) to write out a configuration file based on its database state.

[stormi]

So this would mean handing over the generation of /etc/xensource/usb-policy.conf to XAPI, right?

[edwintorok]

If it is useful for that file to be modified in the first place, I'm not familiar with what it is, can you give an example of when it is useful to modify it? (I see it is related to USB pass-through but I'm not sure whether anyone still uses that feature in practice). I can see how USB pass-through would be a useful on a desktop/laptop, but less useful on a server.

[stormi]

It is usually for adding ALLOW rules or removing DENY rules, so that a user's specific USB device can be passed through:

• keyboards and mice (in home labs where they use a VM running on XCP-ng as their main desktop)
• UPS
• Bluetooth dongle
• Network device
• Weird devices acting as a license for some software
• ... and more...

I'm not very familiar with how it works myself, but XenServer and XCP-ng forums are full of various discussions of users who ask how to pass-through some device, share "solutions", and in many cases the only "solution" they find is modifying usb-policy.conf.

[marleyjaffe]

One example of why I need USB passthrough is to support a Google Coral USB TPU for improved AI detection speeds inside a VM.

[MrGrymReaper]

Another example of why a configurable USB passthrough is needed is if your using code signing certificate or other certificate security dongle. As the signing other actions would likely be performed within a VM, that VM would need to successfully be able to pass this device through to it.

https://shop.certum.eu/open-source-code-signing.html