Bug 33461 - Allow extra mount options from udev rules
Summary: Allow extra mount options from udev rules
Status: NEW
Alias: None
Product: udisks
Classification: Unclassified
Component: general (show other bugs)
Version: unspecified
Hardware: Other All
: medium enhancement
Assignee: David Zeuthen (not reading bugmail)
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-01-25 05:52 UTC by Olivier Fourdan
Modified: 2016-06-25 16:10 UTC (History)
5 users (show)

See Also:
i915 platform:
i915 features:


Attachments
Proposed patch (against current git) (5.42 KB, patch)
2011-01-25 05:52 UTC, Olivier Fourdan
Details | Splinter Review
Updated patch (12.44 KB, patch)
2011-02-16 08:37 UTC, Olivier Fourdan
Details | Splinter Review
Another proposed patch (9.88 KB, patch)
2011-02-16 08:41 UTC, Olivier Fourdan
Details | Splinter Review

Note You need to log in before you can comment on or make changes to this bug.
Description Olivier Fourdan 2011-01-25 05:52:30 UTC
Created attachment 42455 [details] [review]
Proposed patch (against current git)

gnome-mount had a feature to specify mount options per file system types (via GConf key "/system/storage/default_options/<fs type>/mount_options") that could be used to restrict read-only mount of removable devices from the desktop.

I could not find something similar with udisks (maybe it's there but I could not find it) so I wrote the attached patch to add this feature.

Basically, udev sets a property UDISKS_MOUNT_OPTIONS (coma separated list of options to pass to mount) that is read by udisk-daemon and appended to the options used to mount the device.

The idea is to allow sysadmins to force some mount options on some devices, for example "ro,noxec" on USB sticks.
Comment 1 Olivier Fourdan 2011-01-27 05:12:01 UTC
There is a DBUS mechanism to pass mount options to udisks-daemon (used by udisks, the command line tool) but that may not really be what is needed here.

To get the desired mount options to be applied, that would require to implement the functionality in every desktop/file manager which may use usdisks (instead of forcing the options in udisks-daemon as done with the proposed patch).

Also, a user may use the udisks command directly without specifying the mount options to get the mount in read-write mode.
Comment 2 David Zeuthen (not reading bugmail) 2011-01-27 08:43:02 UTC
If you look at the FSMountOptions structure

 http://cgit.freedesktop.org/udisks/tree/src/device.c?id=1.0.2#n5843

then there are two arrays: defaults and allow. I think it would make sense to control both on a per-device basis via udev via, say. UDISKS_MOUNT_OPTIONS and UDISKS_MOUNT_OPTIONS_ALLOW. The former would be appended to the existing mount options (as you suggest) and the latter would be replacing it (to allow complete lockdown).

Then your use case will be just setting

 UDISKS_MOUNT_OPTIONS="ro,noexec"

Regarding the patch: I don't think we need to expose this a D-Bus property. Also, the patch should also include a modification to the udisks(7) man page.
Comment 3 David Zeuthen (not reading bugmail) 2011-01-27 08:53:12 UTC
Btw, the docs will have to be very careful about emphasizing that whatever the user set the properties to, may be filesystem dependent. An example like this might suffice

 # use specific charset for FAT filesystems
 #
 ENV{ID_FS_TYPE}=="vfat", ENV{UDISKS_MOUNT_OPTIONS}="utf8=0,iocharset=iso8859-15"

and the USB example in your patch is too encompassing (it sets the property on too many devices). It should be something like this

 # mount all USB devices RO
 #
 SUBSYSTEMS="usb", ENV{ID_FS_USAGE}=="filesystem", ENV{UDISKS_MOUNT_OPTIONS}="ro"

instead (and even this may be too wide - for example, the disk controller may be USB but the disk itself is something else. But that's unimportant.)
Comment 4 Olivier Fourdan 2011-02-16 01:12:10 UTC
Sorry for the delay (got busy with other stuff), thanks a for the feedback! I am working on a new patch based on comment #2
Comment 5 Olivier Fourdan 2011-02-16 06:32:25 UTC
(In reply to comment #2)
> If you look at the FSMountOptions structure
> 
>  http://cgit.freedesktop.org/udisks/tree/src/device.c?id=1.0.2#n5843
> 
> then there are two arrays: defaults and allow. I think it would make sense to
> control both on a per-device basis via udev via, say. UDISKS_MOUNT_OPTIONS and
> UDISKS_MOUNT_OPTIONS_ALLOW. The former would be appended to the existing mount
> options (as you suggest) and the latter would be replacing it (to allow
> complete lockdown).

So I have implemented the UDISKS_MOUNT_OPTIONS_ALLOW which replaces the allow[] array set in the various FSMountOptions predefined structures (depending on the filesystem type), but then I am facing a problem because if the mount options defined in the defaults[] array are not listed in the allow[] one, then the mount is denied ("Mount option is not allowed").

For example, vfat_defaults[] lists the option "showexec". imagine a sysadmin does not want that option to be allowed, (s)he would not list that option in UDISKS_MOUNT_OPTIONS_ALLOW but then all devices using vfat will be denied the right to be mounted (which is not what most people want, I guess most people would want to use only the elements in the intersection of the two sets,  {defaults[] ∪ mount_options[]} ∩ allow[] if that makes any sense :)

So I'll probably propose the two patches, yet I believe UDISKS_MOUNT_OPTIONS_ALLOW would be used to filter out the options that a sysamin does not want to be used (ie if not listed in UDISKS_MOUNT_OPTIONS_ALLOW, it is not passed to mount, rather than not allowing the mount).

> Regarding the patch: I don't think we need to expose this a D-Bus property.

Oops, sorry I can't find where it is exposed via D-Bus.
Comment 6 Olivier Fourdan 2011-02-16 08:37:47 UTC
Created attachment 43436 [details] [review]
Updated patch

That the patch I am not too happy with. Basically, if an option is used while not listed in UDISKS_MOUNT_OPTIONS_ALLOW (if set, of course) then the mount is rejected.
Comment 7 Olivier Fourdan 2011-02-16 08:41:24 UTC
Created attachment 43437 [details] [review]
Another proposed patch

This is the 3rd approach, which I think is better, UDISKS_MOUNT_OPTIONS_ALLOW is used as a filter, if an option is used but not listed in UDISKS_MOUNT_OPTIONS_ALLOW (if set, of course), then that option is ignored yet the mount is performed.

This allows the sysadmins to specify the exact subset of mount option to be allowed, so that options such as "showexec", for example, which is set by default on vfat can be filter out if needed.
Comment 8 Orion Poplawski 2011-10-27 10:53:54 UTC
This looks pretty stalled.  I really need to be able to turn off "showexec" on out vfat mounts.  Any hope for this in the future?
Comment 9 Stanislav Brabec 2015-10-12 14:21:03 UTC
Not knowing this bug, I created another patch:
http://lists.freedesktop.org/archives/devkit-devel/2015-April/001668.html

I like the idea here: configure mount options in the udev files.

But I would like to be able to do more: being able to configure selected mount options (e. g. exec/noexec, shortname, codepage, fmask, dmask, tz=UTC, time_offset,...) by a non-privileged user. It is now impossible.

Merging features of both together (udev support, non-privileged support, per-device, per-fs and per volume configuration) would create a very nice, flexible and comfortable solution.
Comment 10 Eric L. 2016-06-25 16:10:10 UTC
May I ask to get some attention for this bug? I'd really like my USB sticks to be mounted with specific options automatically without knowing them in advance. In my present case, I have the issue that VFAT is always mounted with iocharset=ascii, meaning all accented characters in filenames are garbled, making them unusable. Thanks in advance.


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.