support USB in jails

Author: gronke

iocage/lib/Config/Jail/BaseConfig.py

@@ -380,6 +380,18 @@ def _set_login_flags(self, value, **kwargs):
                     logger=self.logger
                 )
 
+    def _get_usb_device(self) -> typing.List[str]:
+        return self.data["usb_device"].split()
+
+    def _set_usb_device(
+        self,
+        value: typing.Union[typing.List[str], str]
+    ) -> None:
+        if isinstance(value, list):
+            self.data["usb_device"] = " ".join(value)
+        else:
+            self.data["usb_device"] = value
+
     def _get_host_hostuuid(self):
         try:
             return self.data["host_hostuuid"]

iocage/lib/Config/Jail/Defaults.py

@@ -91,6 +91,8 @@ class JailConfigDefaults(iocage.lib.Config.Jail.BaseConfig.BaseConfig):
         "allow_mount_procfs": 0,
         "allow_mount_zfs": 0,
         "allow_mount_tmpfs": 0,
+        "allow_usb": 0,
+        "usb_device": ["ugen*"],
         "allow_quotas": 0,
         "allow_socket_af": 0,
         "sysvmsg": "new",

iocage/lib/Jail.py

@@ -673,9 +673,15 @@ def devfs_ruleset(self) -> iocage.lib.DevfsRules.DevfsRuleset:
         devfs_ruleset = iocage.lib.DevfsRules.DevfsRuleset()
         devfs_ruleset.clone(configured_devfs_ruleset)
 
-        if self._dhcp_enabled:
+        if self._dhcp_enabled is True:
             devfs_ruleset.append("add path 'bpf*' unhide")
 
+        if self.config["allow_usb"] is True:
+            devfs_ruleset.append("add path 'usb/*' unhide")
+            devfs_ruleset.append("add path 'usbctl' unhide")
+            for usb_device in self.config["usb_device"]:
+                devfs_ruleset.append(f"add path '{usb_device}' unhide")
+
         # create if the final rule combination does not exist as ruleset
         if devfs_ruleset not in self.host.devfs:
             self.logger.verbose("New devfs ruleset combination")