From ArchWiki

Move generate policy

I would recommend to move the step of generating policy # usbguard generate-policy > /etc/usbguard/rules.conf to the install or configuration section, like in the Red Hat Documentation: Using USBGuard, since this step is mandatory. Also the default PresentDevicePolicy is to apply-policy so if the you haven't generated rules the present devices will be blocked.

Also the IPCAllowedUsers and IPCAllowedGroups are marked as deprecated/legacy on the USBGuard documentation. It should be used # usbguard add-user <NAME> [OPTIONS] throw the cli.

Joshuac (talk) 9:00, 9 February 2020

As far as I can see the policy generation from the current setup is a mere convenience function. Feel free to change the rest though, it sounds like good advice for users. Fordprefect (talk) 12:31, 10 February 2020 (UTC)