Move generate policy
I would recommend to move the step of generating policy
# usbguard generate-policy > /etc/usbguard/rules.conf to the install or configuration section, like in the Red Hat Documentation: Using USBGuard, since this step is mandatory. Also the default
PresentDevicePolicy is to
apply-policy so if the you haven't generated rules the present devices will be blocked.
IPCAllowedGroups are marked as deprecated/legacy on the USBGuard documentation. It should be used
# usbguard add-user <NAME> [OPTIONS] throw the cli.
Joshuac (talk) 9:00, 9 February 2020
- As far as I can see the policy generation from the current setup is a mere convenience function. Feel free to change the rest though, it sounds like good advice for users. Fordprefect (talk) 12:31, 10 February 2020 (UTC)