From e887c50369d9dcca77b70f71a848d68eb4969e37 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefan=20Gr=C3=B6nke?= <stefan@gronke.net>
Date: Tue, 26 Sep 2017 00:15:55 +0200
Subject: [PATCH] support USB in jails

---
 iocage/lib/Config/Jail/BaseConfig.py | 13 +++++++++++++
 iocage/lib/Config/Jail/Defaults.py   |  2 ++
 iocage/lib/Jail.py                   |  8 +++++++-
 3 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/iocage/lib/Config/Jail/BaseConfig.py b/iocage/lib/Config/Jail/BaseConfig.py
index 795391f3..ebc401ce 100644
--- a/iocage/lib/Config/Jail/BaseConfig.py
+++ b/iocage/lib/Config/Jail/BaseConfig.py
@@ -422,6 +422,19 @@ def _set_login_flags(self, value, **kwargs):
                     logger=self.logger
                 )
 
+    def _get_usb_device(self) -> typing.List[str]:
+        devices = self.data["usb_device"].split()  # type: typing.List[str]
+        return devices
+
+    def _set_usb_device(
+        self,
+        value: typing.Union[typing.List[str], str]
+    ) -> None:
+        if isinstance(value, list):
+            self.data["usb_device"] = " ".join(value)
+        else:
+            self.data["usb_device"] = value
+
     def _get_host_hostuuid(self):
         try:
             return self.data["host_hostuuid"]
diff --git a/iocage/lib/Config/Jail/Defaults.py b/iocage/lib/Config/Jail/Defaults.py
index 64ed95af..2f8db238 100644
--- a/iocage/lib/Config/Jail/Defaults.py
+++ b/iocage/lib/Config/Jail/Defaults.py
@@ -92,6 +92,8 @@ class JailConfigDefaults(iocage.lib.Config.Jail.BaseConfig.BaseConfig):
         "allow_mount_procfs": 0,
         "allow_mount_zfs": 0,
         "allow_mount_tmpfs": 0,
+        "allow_usb": 0,
+        "usb_device": ["ugen*"],
         "allow_quotas": 0,
         "allow_socket_af": 0,
         "rlimits": None,
diff --git a/iocage/lib/Jail.py b/iocage/lib/Jail.py
index b9a3eefd..053381e2 100644
--- a/iocage/lib/Jail.py
+++ b/iocage/lib/Jail.py
@@ -765,9 +765,15 @@ def devfs_ruleset(self) -> iocage.lib.DevfsRules.DevfsRuleset:
         if self._dhcp_enabled is True:
             devfs_ruleset.append("add path 'bpf*' unhide")
 
-        if self._allow_mount_zfs == "1":
+        if self._allow_mount_zfs is True:
             devfs_ruleset.append("add path zfs unhide")
 
+        if self.config["allow_usb"] is True:
+            devfs_ruleset.append("add path 'usb/*' unhide")
+            devfs_ruleset.append("add path 'usbctl' unhide")
+            for usb_device in self.config["usb_device"]:
+                devfs_ruleset.append(f"add path '{usb_device}' unhide")
+
         # create if the final rule combination does not exist as ruleset
         if devfs_ruleset not in self.host.devfs:
             self.logger.verbose("New devfs ruleset combination")