Open stormi opened 1 year ago
In general we do not support users modifying configuration files in Dom0, it is way too easy to end up in a broken state.
(of course modifying some configuration files as a last resort until a bugfix can be made is useful, and having configuration files is useful for developers adding new features)
If there is a situation where a user would need to modify a configuration file the preferred way forward is to make an API call (e.g. Host.set_
So this would mean handing over the generation of /etc/xensource/usb-policy.conf
to XAPI, right?
If it is useful for that file to be modified in the first place, I'm not familiar with what it is, can you give an example of when it is useful to modify it? (I see it is related to USB pass-through but I'm not sure whether anyone still uses that feature in practice). I can see how USB pass-through would be a useful on a desktop/laptop, but less useful on a server.
It is usually for adding ALLOW rules or removing DENY rules, so that a user's specific USB device can be passed through:
I'm not very familiar with how it works myself, but XenServer and XCP-ng forums are full of various discussions of users who ask how to pass-through some device, share "solutions", and in many cases the only "solution" they find is modifying usb-policy.conf
.
One example of why I need USB passthrough is to support a Google Coral USB TPU for improved AI detection speeds inside a VM.
Another example of why a configurable USB passthrough is needed is if your using code signing certificate or other certificate security dongle. As the signing other actions would likely be performed within a VM, that VM would need to successfully be able to pass this device through to it.
I initially created an issue, 4 months ago, on Citrix's JIRA as https://tracker.citrix.com/VAT-9 but issues created in the VAT project there never got reviewed, so I'm now trying where I have a chance to actually reach people. Also, it's not just a packaging issue, as the best solution would involve changes in XAPI (two layers of configuration, the distro one and the user one).
Users may need to modify the configuration in
/etc/xensource/usb-policy.conf
. For USB passthrough, for example.The way the file is packaged currently, the whole file is overwritten each time it is updated in the xapi-core RPM. This happened in a recent XAPI hotfix (was recent when I first wrote this, at least). We had a similar update in XCP-ng which subsequently broke users' USB passthrough configuration.
We could improve this is several ways.
%config
in the spec file. This would not prevent the file from being overwritten, but the customized one would be saved to a .rpmsave file.%config(noreplace)
, but then the file would not be updated once users modify it. Changes would only be written to a .rpmnew file that users would have to check. A header comment could be added to the file to inform the users about this: change anything, lose future updates to the file. The directive would still make the file updated for the vast majority of users who don't modify it./usr
, not in/etc
), and one where they can add their custom configuration.