Created attachment 42455 [details] [review] Proposed patch (against current git) gnome-mount had a feature to specify mount options per file system types (via GConf key "/system/storage/default_options/<fs type>/mount_options") that could be used to restrict read-only mount of removable devices from the desktop. I could not find something similar with udisks (maybe it's there but I could not find it) so I wrote the attached patch to add this feature. Basically, udev sets a property UDISKS_MOUNT_OPTIONS (coma separated list of options to pass to mount) that is read by udisk-daemon and appended to the options used to mount the device. The idea is to allow sysadmins to force some mount options on some devices, for example "ro,noxec" on USB sticks.
There is a DBUS mechanism to pass mount options to udisks-daemon (used by udisks, the command line tool) but that may not really be what is needed here. To get the desired mount options to be applied, that would require to implement the functionality in every desktop/file manager which may use usdisks (instead of forcing the options in udisks-daemon as done with the proposed patch). Also, a user may use the udisks command directly without specifying the mount options to get the mount in read-write mode.
If you look at the FSMountOptions structure http://cgit.freedesktop.org/udisks/tree/src/device.c?id=1.0.2#n5843 then there are two arrays: defaults and allow. I think it would make sense to control both on a per-device basis via udev via, say. UDISKS_MOUNT_OPTIONS and UDISKS_MOUNT_OPTIONS_ALLOW. The former would be appended to the existing mount options (as you suggest) and the latter would be replacing it (to allow complete lockdown). Then your use case will be just setting UDISKS_MOUNT_OPTIONS="ro,noexec" Regarding the patch: I don't think we need to expose this a D-Bus property. Also, the patch should also include a modification to the udisks(7) man page.
Btw, the docs will have to be very careful about emphasizing that whatever the user set the properties to, may be filesystem dependent. An example like this might suffice # use specific charset for FAT filesystems # ENV{ID_FS_TYPE}=="vfat", ENV{UDISKS_MOUNT_OPTIONS}="utf8=0,iocharset=iso8859-15" and the USB example in your patch is too encompassing (it sets the property on too many devices). It should be something like this # mount all USB devices RO # SUBSYSTEMS="usb", ENV{ID_FS_USAGE}=="filesystem", ENV{UDISKS_MOUNT_OPTIONS}="ro" instead (and even this may be too wide - for example, the disk controller may be USB but the disk itself is something else. But that's unimportant.)
Sorry for the delay (got busy with other stuff), thanks a for the feedback! I am working on a new patch based on comment #2
(In reply to comment #2) > If you look at the FSMountOptions structure > > http://cgit.freedesktop.org/udisks/tree/src/device.c?id=1.0.2#n5843 > > then there are two arrays: defaults and allow. I think it would make sense to > control both on a per-device basis via udev via, say. UDISKS_MOUNT_OPTIONS and > UDISKS_MOUNT_OPTIONS_ALLOW. The former would be appended to the existing mount > options (as you suggest) and the latter would be replacing it (to allow > complete lockdown). So I have implemented the UDISKS_MOUNT_OPTIONS_ALLOW which replaces the allow[] array set in the various FSMountOptions predefined structures (depending on the filesystem type), but then I am facing a problem because if the mount options defined in the defaults[] array are not listed in the allow[] one, then the mount is denied ("Mount option is not allowed"). For example, vfat_defaults[] lists the option "showexec". imagine a sysadmin does not want that option to be allowed, (s)he would not list that option in UDISKS_MOUNT_OPTIONS_ALLOW but then all devices using vfat will be denied the right to be mounted (which is not what most people want, I guess most people would want to use only the elements in the intersection of the two sets, {defaults[] ∪ mount_options[]} ∩ allow[] if that makes any sense :) So I'll probably propose the two patches, yet I believe UDISKS_MOUNT_OPTIONS_ALLOW would be used to filter out the options that a sysamin does not want to be used (ie if not listed in UDISKS_MOUNT_OPTIONS_ALLOW, it is not passed to mount, rather than not allowing the mount). > Regarding the patch: I don't think we need to expose this a D-Bus property. Oops, sorry I can't find where it is exposed via D-Bus.
Created attachment 43436 [details] [review] Updated patch That the patch I am not too happy with. Basically, if an option is used while not listed in UDISKS_MOUNT_OPTIONS_ALLOW (if set, of course) then the mount is rejected.
Created attachment 43437 [details] [review] Another proposed patch This is the 3rd approach, which I think is better, UDISKS_MOUNT_OPTIONS_ALLOW is used as a filter, if an option is used but not listed in UDISKS_MOUNT_OPTIONS_ALLOW (if set, of course), then that option is ignored yet the mount is performed. This allows the sysadmins to specify the exact subset of mount option to be allowed, so that options such as "showexec", for example, which is set by default on vfat can be filter out if needed.
This looks pretty stalled. I really need to be able to turn off "showexec" on out vfat mounts. Any hope for this in the future?
Not knowing this bug, I created another patch: http://lists.freedesktop.org/archives/devkit-devel/2015-April/001668.html I like the idea here: configure mount options in the udev files. But I would like to be able to do more: being able to configure selected mount options (e. g. exec/noexec, shortname, codepage, fmask, dmask, tz=UTC, time_offset,...) by a non-privileged user. It is now impossible. Merging features of both together (udev support, non-privileged support, per-device, per-fs and per volume configuration) would create a very nice, flexible and comfortable solution.
May I ask to get some attention for this bug? I'd really like my USB sticks to be mounted with specific options automatically without knowing them in advance. In my present case, I have the issue that VFAT is always mounted with iocharset=ascii, meaning all accented characters in filenames are garbled, making them unusable. Thanks in advance.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.