USBGuard on Arch Linux continues to identify usb devices plugged into laptop as blocked even when added in rules.conf

I've noticed there are numerous open bugs on usbguard project where all of a sudden allowed USB devices which are defined in the rules.conf file are being ignored and blocked. I have tried reaching out to the upstream project via (text) but there has been no response to myself or several bugs all open in 2024. I don't know if this project has been closed down, so I am reaching out via Arch Project, just in case this package should go through a review process on whether it should be in the Arch Repository.

Below is a description of the bug I filed:

Hi,

I've noticed recently that USB devices like my "Turtle Beach P11 Headset" or Logitech "USB Receiver" will get blocked on a cold boot or after a restart even though they are listed in the /etc/usbguard/rules.conf.

When I manually start the usbguard.service I will see the following item show as blocked:

❯ sudo usbguard list-devices | grep block
31: block id 10f5:0231 serial "0000000001" name "Turtle Beach P11 Headset" hash "LV6IMISEpfcN52MtFVJNcp+Dv88RpzAbHz0NOpQ52Hw=" parent-hash "zC/l1hLcFOg5CzEKcyZMP/h1xmdZLnH5ssvafoV6pj0=" via-port "1-4.4.2" with-interface { 01:01:00 01:02:00 01:02:00 01:02:00 01:02:00 03:00:00 } with-connect-type "unknown"

Troubleshoot:

  1. I can use the "sudo usbguard allow-device" command to manually add the devices and they are fully functional.

  2. The problem shows in both kernels Linux-LTS 6.6.65-1 and Linux ZEN 6.12.4.zen1-1.

  3. I did rename the rules.conf file. Then used the "usbguard generate-policy > /etc/usbguard/rules.conf" command as root to generate the file below. Still the "Turtle Beach P11 Headset" is blocked after I restart the T470.

  4. Original laptop displaying this issue was a Thinkpad T470s (only Turtle beach headphones blocked). On Thinkpad T450 the "USB Receiver" was blocked.

  5. This USBguard 1.1.3-8 Arch Linux Native package has also displayed a symptom where the rules.conf file will all of a sudden lose all its contents. I have seen this twice so far. But not repeatable.

System information:

System:

Kernel: 6.12.4-zen1-1-zen arch: x86_64 bits: 64
Desktop: GNOME v: 47.2 Distro: EndeavourOS

Machine:
  Type: Laptop System: LENOVO ThinkPad T470s

USB Guard Version:

 usbguard --version
usbguard 1.1.3 compiled with:
  Linux audit support:    enabled
  Libcapng support:       enabled
  Seccomp support:        enabled
  Systemd support:        enabled
  Umockdev support:       disabled
  Crypto backend library: libsodium

USB Guard Directory:

 ls -al
total 36
drwxr-x---   4 root root  4096 Dec 13 00:26 .
drwxr-xr-x 106 root root 12288 Dec 13 00:33 ..
drwxr-xr-x   2 root root  4096 Jun 20  2021 IPCAccessControl.d
-rw-r--r--   1 root root  2500 Dec 13 00:26 rules.conf
drwx------   2 root root  4096 Jun 22 19:33 rules.d
-rw-------   1 root root  6648 Jun 22 19:35 usbguard-daemon.conf

Contents of rules.conf

allow id 1d6b:0002 serial "0000:00:14.0" name "xHCI Host Controller" hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" parent-hash "rV9bfLq7c2eA4tYjVjwO4bxhm+y6GgZpl9J60L0fBkY=" with-interface 09:00:00 with-connect-type ""
allow id 1d6b:0003 serial "0000:00:14.0" name "xHCI Host Controller" hash "3Wo3XWDgen1hD5xM3PSNl3P98kLp1RUTgGQ5HSxtf8k=" parent-hash "rV9bfLq7c2eA4tYjVjwO4bxhm+y6GgZpl9J60L0fBkY=" with-interface 09:00:00 with-connect-type ""
allow id 17ef:1010 serial "" name "Lenovo ThinkPad Dock   " hash "OkrTUwAUxn55t8+ezGtkhdgxjz9TIluGUS+bjFE+iC4=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "1-4" with-interface 09:00:00 with-connect-type "hotplug"
allow id 8087:0a2b serial "" name "" hash "TtRMrWxJil9GOY/JzidUEOz0yUiwwzbLm8D7DJvGxdg=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "1-7" with-interface { e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 } with-connect-type "not used"
allow id 5986:111c serial "200901010001" name "Integrated Camera" hash "eJOK0isU58kbzlKp7vkhqIX9jnniOygkoiGdZ9rqWZg=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" with-interface { 0e:01:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 } with-connect-type "not used"
allow id 0bda:0316 serial "20120501030900000" name "USB3.0-CRW" hash "WG1MSC3YZsmCslTNGpjTTjT2lUvhNfU4gEVvD3gIuV4=" parent-hash "3Wo3XWDgen1hD5xM3PSNl3P98kLp1RUTgGQ5HSxtf8k=" with-interface 08:06:50 with-connect-type "not used"
allow id 17ef:1010 serial "" name "Lenovo ThinkPad Dock   " hash "KeGZSLglm8uUqZaWgqpMz4O4Eb8lWCd3vnRbRJIL5mM=" parent-hash "3Wo3XWDgen1hD5xM3PSNl3P98kLp1RUTgGQ5HSxtf8k=" via-port "2-4" with-interface 09:00:00 with-connect-type "hotplug"
allow id 17ef:100f serial "Rev1.2" name "Lenovo ThinkPad Dock" hash "zC/l1hLcFOg5CzEKcyZMP/h1xmdZLnH5ssvafoV6pj0=" parent-hash "OkrTUwAUxn55t8+ezGtkhdgxjz9TIluGUS+bjFE+iC4=" with-interface { 09:00:01 09:00:02 } with-connect-type "unknown"
allow id 10f5:0231 serial "0000000001" name "Turtle Beach P11 Headset" hash "LV6IMISEpfcN52MtFVJNcp+Dv88RpzAbHz0NOpQ52Hw=" parent-hash "zC/l1hLcFOg5CzEKcyZMP/h1xmdZLnH5ssvafoV6pj0=" with-interface { 01:01:00 01:02:00 01:02:00 01:02:00 01:02:00 03:00:00 } with-connect-type "unknown"
allow id 046d:c505 serial "" name "USB Receiver" hash "DLUGx/Ox7PN6QQfwhi/tkVqPMsfUJa70/S1d30y/JFo=" parent-hash "zC/l1hLcFOg5CzEKcyZMP/h1xmdZLnH5ssvafoV6pj0=" via-port "1-4.4.3" with-interface { 03:01:01 03:01:02 } with-connect-type "unknown"