From 08148a746a47bd1a6888485226a5b55bb2754549 Mon Sep 17 00:00:00 2001 From: Nadrieril Date: Sun, 10 Jun 2018 20:30:12 +0100 Subject: [PATCH 1/2] nixos/usbguard: disable debug output --- nixos/modules/services/security/usbguard.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/services/security/usbguard.nix b/nixos/modules/services/security/usbguard.nix index 5d469cabe2cb..48950fe4c227 100644 --- a/nixos/modules/services/security/usbguard.nix +++ b/nixos/modules/services/security/usbguard.nix @@ -192,7 +192,7 @@ in { serviceConfig = { Type = "simple"; - ExecStart = ''${pkgs.usbguard}/bin/usbguard-daemon -P -d -k -c ${daemonConfFile}''; + ExecStart = ''${pkgs.usbguard}/bin/usbguard-daemon -P -k -c ${daemonConfFile}''; Restart = "on-failure"; }; }; From 9b9ba8405bc9ba6965f82f7806b22c31f3514898 Mon Sep 17 00:00:00 2001 From: Nadrieril Date: Thu, 30 Aug 2018 21:50:43 +0100 Subject: [PATCH 2/2] nixos/usbguard: ensure the audit log file can be created Since version 0.7.3, usbguard-daemon won't start if the file cannot be opened. --- nixos/modules/services/security/usbguard.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/security/usbguard.nix b/nixos/modules/services/security/usbguard.nix index 48950fe4c227..88d2f69db572 100644 --- a/nixos/modules/services/security/usbguard.nix +++ b/nixos/modules/services/security/usbguard.nix @@ -188,7 +188,10 @@ in { wants = [ "systemd-udevd.service" "local-fs.target" ]; # make sure an empty rule file and required directories exist - preStart = ''mkdir -p $(dirname "${cfg.ruleFile}") "${cfg.IPCAccessControlFiles}" && ([ -f "${cfg.ruleFile}" ] || touch ${cfg.ruleFile})''; + preStart = '' + mkdir -p $(dirname "${cfg.ruleFile}") $(dirname "${cfg.auditFilePath}") "${cfg.IPCAccessControlFiles}" \ + && ([ -f "${cfg.ruleFile}" ] || touch ${cfg.ruleFile}) + ''; serviceConfig = { Type = "simple";