reopen 765017 stop Hi Liung. (keeping Guido CCed at his request)
I just cloned this bug from virt-manager to spice-client-glib-usb-acl-helper. As you can see from the previous discussion, there was an issue (the one I usually named (1)) that virt-manager automatically redirected USB devices fully to guests. And there is another issue (I've numbered (2)) that, even if virt-manager had a security-problematic default, it should have never gotten the rights to do so. Apparently these rights are automatically granted by the polkit rules from your package. IMHO, as laid out in e.g. my message #39, even interactive users shouldn't be granted such powerful rights per se,... only if root has really manually granted this in the policy (e.g. per user or for all interactive users). Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature
