toLoongarch/udevil
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

udisks2 compatibility: replace /run/media/$USER with /media/$USER #47

Browse Source 
Instead of /run/media/$USER, /media/$USER will be auto-created on demand with
setfacl permissions.  This is due to a change in udisks2 which began using
/media/$USER for FHS compatibility.

/run/media/$USER (and other variations) may still be used but will not be
auto-created.
This commit is contained in:
IgnorantGuru 2015-04-27 17:59:28 -06:00
parent 0a9973e9c1
commit 5c466d3d30
3 changed files with 40 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@ -6,6 +6,7 @@
special handling for cifs mount ipv6 literal #46; retain literal host special handling for cifs mount ipv6 literal #46; retain literal host
udevil.conf allowed_options_ftpfs remove ip=*; add ip= after test #46 udevil.conf allowed_options_ftpfs remove ip=*; add ip= after test #46
respect configure option --sysconfdir #31 #53 respect configure option --sysconfdir #31 #53
udisks2 compatibility: replace /run/media/$USER with /media/$USER #47
0.4.3 2013-12-09: 0.4.3 2013-12-09:
fix default udevil.conf allowed_options missing fmask=0133 #35 fix default udevil.conf allowed_options missing fmask=0133 #35
0.4.2 2013-12-04: 0.4.2 2013-12-04:

12
etc/udevil.conf
View File

@ -84,7 +84,7 @@ allowed_groups = *
# allowed_media_dirs specifies the media directories in which user mount points # allowed_media_dirs specifies the media directories in which user mount points
# may be located. The first directory which exists and does not contain a # may be located. The first directory which exists and does not contain a
# wildcard will be used as the default media directory (normally /media or # wildcard will be used as the default media directory (normally /media or
# /run/media/$USER). # /media/$USER).
# The $USER variable, if included, will be replaced with the username of the # The $USER variable, if included, will be replaced with the username of the
# user running udevil. Wildcards may also be used in any directory EXCEPT the # user running udevil. Wildcards may also be used in any directory EXCEPT the
# default. Wildcards will not match a / # default. Wildcards will not match a /
@ -92,16 +92,16 @@ allowed_groups = *
# when mounting or unmounting a specific fstype (eg ext2, nfs). For example, # when mounting or unmounting a specific fstype (eg ext2, nfs). For example,
# to cause /media/network to be used as the default media directory for # to cause /media/network to be used as the default media directory for
# nfs and ftpfs mounts, use these two lines: # nfs and ftpfs mounts, use these two lines:
# allowed_media_dirs_nfs = /media/network, /media, /run/media/$USER # allowed_media_dirs_nfs = /media/network, /media, /media/$USER
# allowed_media_dirs_ftpfs = /media/network, /media, /run/media/$USER # allowed_media_dirs_ftpfs = /media/network, /media, /media/$USER
# NOTE: If you want only the user who mounted a device to have access to it # NOTE: If you want only the user who mounted a device to have access to it
# and be allowed to unmount it, specify /run/media/$USER as the first # and be allowed to unmount it, specify /media/$USER as the first
# allowed media directory. # allowed media directory (only /media/$USER is created on demand).
# IMPORTANT: If an allowed file is mounted to a media directory, the user may # IMPORTANT: If an allowed file is mounted to a media directory, the user may
# be permitted to unmount its associated loop device even though internal. # be permitted to unmount its associated loop device even though internal.
# INCLUDING /MNT HERE IS NOT RECOMMENDED. ALL ALLOWED MEDIA DIRECTORIES # INCLUDING /MNT HERE IS NOT RECOMMENDED. ALL ALLOWED MEDIA DIRECTORIES
# SHOULD BE OWNED AND WRITABLE ONLY BY ROOT. # SHOULD BE OWNED AND WRITABLE ONLY BY ROOT.
allowed_media_dirs = /media, /run/media/$USER allowed_media_dirs = /media, /media/$USER, /run/media/$USER
# allowed_devices is the first criteria for what block devices users may mount # allowed_devices is the first criteria for what block devices users may mount

64
src/udevil.c
View File

@ -65,6 +65,10 @@
#define ALLOWED_TYPES "$KNOWN_FILESYSTEMS,smbfs,cifs,nfs,ftpfs,curlftpfs,sshfs,file,tmpfs,ramfs" #define ALLOWED_TYPES "$KNOWN_FILESYSTEMS,smbfs,cifs,nfs,ftpfs,curlftpfs,sshfs,file,tmpfs,ramfs"
#define MAX_LOG_DAYS 60 // don't set this too high #define MAX_LOG_DAYS 60 // don't set this too high
// udisks2 changed its media dir from /run/media/$USER to /media/$USER
// NOTE: parents not created
#define AUTO_MEDIA_DIR "/media"
//#define OPT_REMOVE // build with under-development remove function //#define OPT_REMOVE // build with under-development remove function
static int command_clean(); static int command_clean();
@ -2305,31 +2309,29 @@ static gboolean valid_mount_path( const char* path, char** errmsg )
return !msg; return !msg;
} }
static gboolean create_run_media() static gboolean create_auto_media()
{ {
char* str; char* str;
gboolean ret = FALSE; gboolean ret = FALSE;
// create /run/media/$USER // create /media/$USER
char* run_media = g_build_filename( "/run/media", g_get_user_name(), NULL ); char* auto_media = g_build_filename( AUTO_MEDIA_DIR, g_get_user_name(), NULL );
restore_privileges(); restore_privileges();
wlog( "udevil: mkdir %s\n", run_media, 0 ); wlog( "udevil: mkdir %s\n", auto_media, 0 );
mkdir( "/run", S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH ); mkdir( AUTO_MEDIA_DIR, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH );
chown( "/run", 0, 0 ); chown( AUTO_MEDIA_DIR, 0, 0 );
mkdir( "/run/media", S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH ); mkdir( auto_media, S_IRWXU );
chown( "/run/media", 0, 0 ); chown( auto_media, 0, 0 );
mkdir( run_media, S_IRWXU ); // set acl /usr/bin/setfacl -m u:$USER:rx /media/$USER
chown( run_media, 0, 0 );
// set acl /usr/bin/setfacl -m u:$USER:rx /run/media/$USER
gchar *argv[5] = { NULL }; gchar *argv[5] = { NULL };
int a = 0; int a = 0;
argv[a++] = g_strdup( read_config( "setfacl_program", NULL ) ); argv[a++] = g_strdup( read_config( "setfacl_program", NULL ) );
argv[a++] = g_strdup( "-m" ); argv[a++] = g_strdup( "-m" );
argv[a++] = g_strdup_printf( "u:%s:rx", g_get_user_name() ); argv[a++] = g_strdup_printf( "u:%s:rx", g_get_user_name() );
argv[a++] = g_strdup( run_media ); argv[a++] = g_strdup( auto_media );
str = g_strdup_printf( "udevil: %s -m u:%s:rx %s\n", str = g_strdup_printf( "udevil: %s -m u:%s:rx %s\n",
read_config( "setfacl_program", NULL ), read_config( "setfacl_program", NULL ),
g_get_user_name(), run_media ); g_get_user_name(), auto_media );
wlog( str, NULL, 0 ); wlog( str, NULL, 0 );
g_free( str ); g_free( str );
if ( !g_spawn_sync( NULL, argv, NULL, if ( !g_spawn_sync( NULL, argv, NULL,
@ -2339,20 +2341,20 @@ static gboolean create_run_media()
read_config( "setfacl_program", NULL ), 1 ); read_config( "setfacl_program", NULL ), 1 );
drop_privileges( 0 ); drop_privileges( 0 );
// test // test
if ( g_file_test( run_media, G_FILE_TEST_IS_DIR ) && if ( g_file_test( auto_media, G_FILE_TEST_IS_DIR ) &&
g_access( run_media, R_OK | X_OK ) != 0 ) g_access( auto_media, R_OK | X_OK ) != 0 )
{ {
// setfacl apparently failed so fallback to normal permissions // setfacl apparently failed so fallback to normal permissions
wlog( _("udevil: warning 25: setfacl on %s failed, falling back to 'rwxr-xr-x'\n"), wlog( _("udevil: warning 25: setfacl on %s failed, falling back to 'rwxr-xr-x'\n"),
run_media, 1 ); auto_media, 1 );
restore_privileges(); restore_privileges();
chmod( run_media, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH ); chmod( auto_media, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH );
drop_privileges( 0 ); drop_privileges( 0 );
} }
if ( g_file_test( run_media, G_FILE_TEST_IS_DIR ) && if ( g_file_test( auto_media, G_FILE_TEST_IS_DIR ) &&
g_access( run_media, R_OK | X_OK ) == 0 ) g_access( auto_media, R_OK | X_OK ) == 0 )
ret = TRUE; ret = TRUE;
g_free( run_media ); g_free( auto_media );
return ret; return ret;
} }
@ -2367,7 +2369,7 @@ static char* get_default_mount_dir( const char* type )
if ( !( list = read_config( "allowed_media_dirs", type ) ) ) if ( !( list = read_config( "allowed_media_dirs", type ) ) )
return NULL; return NULL;
char* run_media = g_build_filename( "/run/media", g_get_user_name(), NULL ); char* auto_media = g_build_filename( AUTO_MEDIA_DIR, g_get_user_name(), NULL );
while ( list && list[0] ) while ( list && list[0] )
{ {
if ( comma = strchr( list, ',' ) ) if ( comma = strchr( list, ',' ) )
@ -2391,20 +2393,20 @@ static char* get_default_mount_dir( const char* type )
{ {
str = g_strdup( selement ); str = g_strdup( selement );
g_free( element ); g_free( element );
g_free( run_media ); g_free( auto_media );
return str; return str;
} }
else if ( !g_strcmp0( selement, run_media ) ) else if ( !g_strcmp0( selement, auto_media ) )
{ {
if ( create_run_media() ) if ( create_auto_media() )
{ {
g_free( element ); g_free( element );
return run_media; return auto_media;
} }
} }
g_free( element ); g_free( element );
} }
g_free( run_media ); g_free( auto_media );
return NULL; return NULL;
} }
@ -3298,15 +3300,15 @@ _get_type:
} }
// get parent dir // get parent dir
parent_dir = g_path_get_dirname( data->point ); parent_dir = g_path_get_dirname( data->point );
// create parent dir /run/media/$USER ? // create parent dir /media/$USER ?
char* run_media = g_build_filename( "/run/media", g_get_user_name(), NULL ); char* auto_media = g_build_filename( AUTO_MEDIA_DIR, g_get_user_name(), NULL );
if ( !g_strcmp0( parent_dir, run_media ) && if ( !g_strcmp0( parent_dir, auto_media ) &&
validate_in_list( "allowed_media_dirs", fstype, parent_dir ) && validate_in_list( "allowed_media_dirs", fstype, parent_dir ) &&
!g_file_test( parent_dir, G_FILE_TEST_EXISTS ) ) !g_file_test( parent_dir, G_FILE_TEST_EXISTS ) )
{ {
create_run_media(); create_auto_media();
} }
g_free( run_media ); g_free( auto_media );
// canonicalize parent // canonicalize parent
if ( !get_realpath( &parent_dir ) ) if ( !get_realpath( &parent_dir ) )
{ {