Hello.

usbguard recommends usbguard-notifier as a replacement for their retired QT applet. Unfortunately however, there seems to be no way to actually allow/block/reject added devices.

Would it be possible, to include some functionality in the GUI, that for any new devices a notification stays open for some configurable amount of time (just as the previous QT applet did) allowing to accept/block/reject the device via some buttons, and if no action is taken in the configured time, it should just leave it as is (e.g. whatever usbguard decided, typically blocked)?

Also, it should show these for possibly multiple devices attached at the same time, and waiting for a choice. Just consider e.g. when one plugs a laptop to a docking stations and a handful of new USB devices shows up.

That would tremendously increase the usefulness of the tool.

Regards,
Philippe

For the first part of the request, this has been delivered in #71.

And the second part:
I agree that it's not feasible to see ~15 or more notifications popping up if you connect a laptop to your docking station. However, I have mixed feeling about changing the policy of multiple devices at once based on when these were plugged in. I had an idea(basically 2) of getting this done in the past but did not implement it.

Idea1: Introduce a "metadata" field inside usbguard rule

This should be first implemented in USBGuard, and discussed there.
Each rule could be tagged with some metadata and according to some predefined constant (let's say "notification-block-list"), the device change events and device presence events would not generate notifications when matching this value. To sum up, each usbguard rule could have an additional field, e.g: metadata that could contain some information, and based on that we could filter out some notifications (inside usbguard-notifier). A rule could look like something like this:

allow id 1532:0083 meta-data "notification-block-list"

Idea2: Introduce a rules configuration file similar to what usbguard has (rules.conf)

Have a set of usbguard rules inside a configuration file. If any of these rules matches the rule in the notification, then do not create the notification but silently ignore it. As a use case: this file should contain all the rules associated with your docking station.

Do we need a popup for allowed devices at all?

Maybe it could be made configurable, both, automatically allowed devices and removed devices independently.

Hey.

I've tried the new version, and while the buttons are already a great improvement, I'd see the following things that could be further improved:

1. As mentioned above it would be nice if one could separately disable/enable both, the notifications for allowed (when I just clicked the allow button before, I already know it's now allowed) and removed devices (same here, when I just unplugged the device it's clear that it's gone).

2. The timeout for the notifications to disappear (perhaps even up to not make them disappear at all) should be configurable, right now they vanish quite fast.

3. Handling of simultaneously multiple devices is still problematic. First, this may e.g. happen when you plug in a port replicator or connect to a docking station. My notebook here then adds immediately 6 new USB devices, and a further one that is connected to one of the first 6, once that's allowed.
   
   Right now, these all show up one after another. Some didn't show up at all, possibly because of (2) and the reached timeout.
   Not sure if it was possible to somehow show multiple notifications at the same time? Or extend the existing one to "simply" show more devices and buttons for each of them?

Thanks,
Chris.