fix: remove usbguard-dbus due to insufficient systemd sandboxing (#352)

RECOMMENDED.md

@@ -1 +1 @@
-GNOME is the only desktop that secures privileged wayland protocols like screencopy. This means that on non-GNOME systems, applications can access screen content of the entire desktop. This implicitly includes the content of other applications. It's primarily for this reason that GNOME images are recommended. A secondary reason is GNOME's superior [USBGuard integration](https://wiki.archlinux.org/title/USBGuard#GNOME_integration)
+GNOME is the only desktop that secures privileged wayland protocols like screencopy. This means that on non-GNOME systems, applications can access screen content of the entire desktop. This implicitly includes the content of other applications. It's primarily for this reason that GNOME images are recommended.

files/system/usr/share/ublue-os/just/60-custom.just

@@ -160,13 +160,8 @@ setup-usbguard:
     sudo chmod 755 /etc/usbguard
     sudo sh -c 'usbguard generate-policy > /etc/usbguard/rules.conf'
     sudo systemctl enable --now usbguard.service
-    sudo systemctl enable --now usbguard-dbus.service
     sudo usbguard add-user $(whoami)
     systemctl enable --user --now usbguard-notifier.service
-    if command -v gsettings &> /dev/null; then
-        gsettings set org.gnome.desktop.privacy usb-protection-level always
-        gsettings set org.gnome.desktop.privacy usb-protection true
-    fi
 
 # Rerun Yafti
 rerun-yafti:

recipes/common/common-packages.yml

@@ -3,7 +3,6 @@ repos:
   - https://copr.fedorainfracloud.org/coprs/secureblue/hardened_malloc/repo/fedora-%OS_VERSION%/secureblue-hardened_malloc-fedora-%OS_VERSION%.repo
 install:
   - hardened_malloc
-  - usbguard-dbus