/etc/qubes-rpc/policy/qubes.InputMouse
I didn’t have this, so I made with nano.
sys-usb dom0 ask,default_target=dom0
And I wrote this.
But when I connect a USB mouse, nothing happens. USB mouse works fine with other OS.
Now, with 4.2, you just have to go in “Qubes Global Config” → “usb Devices” and choose the policy you want for keyboard and mouse.
5 Likes
fyi also the new file is /etc/qubes-rpc/policy/qubes.USB
Uh, NO, in 4.2 at least it’s /etc/qubes/policy.d/50-config-inputs.policy. If you go through the GUI that’s the file it alters. You CAN create a file with (say) a 30- prefix there with the same stuff in it, or /etc/qubes-rpc/policy and override what’s in 50-config-inputs.policy, but the GUI 'Qubes Global Config" will complain that it’s being overridden (without telling you where), so to me it just seems best to stick with 50-config-inputs.policy
I’ve been using /etc/qubes-rpc/policy/qubes.USB fine before learning about the gui, though the 50-config file gives you a bigger picture of the linkages.
The directory you are using was the way to do it in 4.1…it was a holdover from an older way of doing things (I don’t know how much older; I started using QubesOS shortly after 4.1 was released). Most things had shifted to numbered files in /etc/qubes/policy.d but for some reason sys-usb had not. To maintain backward compatibility they had set things up so that /etc/qubes-rpc/policy files would override anything in /etc/qubes/policy.d numbered files.
In other words /etc/qubes-rpc/policy is basically deprecated though I don’t think they’ve actually said it that way. I was happy to stop using it for USB stuff when going to 4.2 It was the one oddball where I had to remember to go look there instead of the usual place, /etc/qubes/policy.d.
If you haven’t already heard, the files in /etc/qubes/policy.d are read in numeric order, and the first setting read that applies to your situation is the one that gets used. So they put a bunch of defaults into files numbered in the 90s (read last), and to override you use a lower-numbered file. the GUI uses 50-* files (for this and other things); if you ever want to manually tinker with things they generally steer you to creating files named 30-*.
People generally allow actions on specific qubes, then write a line forbidding the action on all qubes. That line comes after the specific lines, so that it only gets used for qubes that aren’t mentioned on the specific lines (that’s because the system stops reading when it finds a match).
2 Likes
They have explicitly said it’s deprecated, here:
The old format will be supported at least until 5.0, per that article.
Happy to stand corrected on that point.