我得到了一个:
libusb: error [_get_usbfs_fd] libusb couldn't open USB device /dev/bus/usb/001/007: Operation not permitted
尝试将 USB 磁盘传递到虚拟机时出错。传统的“为什么它不起作用”解释是缺乏适当的 udev 规则或 app-armor 拒绝。对于第一个,我创建了一个 udev 规则:
user@hostname:~# cat /etc/udev/rules.d/WD.rules
SUBSYSTEMS=="usb", ATTRS{idVendor}=="1058", ATTRS{idProduct}=="25e2", MODE="0777"
SUBSYSTEMS=="usb_device", ATTRS{idVendor}=="1058", ATTRS{idProduct}=="25e2", MODE="0777"
SUBSYSTEMS=="block", ATTRS{idVendor}=="1058", ATTRS{idProduct}=="25e2", MODE="0777"
只是为了验证 udev 规则是否加载:
root@hostname:/home/user/snap/sosumi/common# ls -l /dev/bus/usb/001/007
crwxrwxrwx 1 root root 189, 6 Apr 19 13:43 /dev/bus/usb/001/007
至于 AppArmor,我已将 sosumi 推入 aa-complain(据我所知,这应该会使其抱怨但不会阻止任何东西):
[ 1470.031181] kauditd_printk_skb: 79 callbacks suppressed
[ 1470.031184] audit: type=1400 audit(1618833664.681:364): apparmor="ALLOWED" operation="open" profile="snap.sosumi.sosumi" name="/sys/bus/usb/devices/" pid=11370 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 1470.031340] audit: type=1400 audit(1618833664.681:365): apparmor="ALLOWED" operation="open" profile="snap.sosumi.sosumi" name="/run/udev/data/c189:512" pid=11370 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 1470.031479] audit: type=1400 audit(1618833664.681:366): apparmor="ALLOWED" operation="open" profile="snap.sosumi.sosumi" name="/run/udev/data/+usb:6-0:1.0" pid=11370 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 1470.031595] audit: type=1400 audit(1618833664.681:367): apparmor="ALLOWED" operation="open" profile="snap.sosumi.sosumi" name="/run/udev/data/c189:256" pid=11370 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 1470.032276] audit: type=1400 audit(1618833664.681:368): apparmor="ALLOWED" operation="open" profile="snap.sosumi.sosumi" name="/run/udev/data/c189:129" pid=11370 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 1470.032442] audit: type=1400 audit(1618833664.681:369): apparmor="ALLOWED" operation="open" profile="snap.sosumi.sosumi" name="/run/udev/data/+usb:1-1.4:1.0" pid=11370 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 1470.032566] audit: type=1400 audit(1618833664.681:370): apparmor="ALLOWED" operation="open" profile="snap.sosumi.sosumi" name="/run/udev/data/+usb:1-2:1.0" pid=11370 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 1470.032683] audit: type=1400 audit(1618833664.681:371): apparmor="ALLOWED" operation="open" profile="snap.sosumi.sosumi" name="/run/udev/data/c189:0" pid=11370 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 1470.032811] audit: type=1400 audit(1618833664.681:372): apparmor="ALLOWED" operation="open" profile="snap.sosumi.sosumi" name="/run/udev/data/+usb:2-1:1.0" pid=11370 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 1470.032937] audit: type=1400 audit(1618833664.681:373): apparmor="ALLOWED" operation="open" profile="snap.sosumi.sosumi" name="/run/udev/data/c189:3" pid=11370 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
我还可以做些什么?