Created attachment 67107 [details] [review] patch against current git udisks2 (git and current release) will not build without libacl. Other related components such as systemd/udev make ACLs optional and I believe udisks should do the same.
Chowning the directory /run/media/$USER to $USER is a security hole - there's a reason we use ACLs. I think the only way to do this without ACLs is to use a shared thing like /media - and we don't want that for obvious reasons. You also provide no reason for dropping such a small dependency as libacl - we already depend on GLib which is much heavier. Anyway, sorry, but I don't think it makes sense to make this configurable. Closing WONTFIX.
To respond on the rationale for making ACL support optional. I have no problem with udisks requiring GLib, since it is used by many things on my system. But on a personal-use laptop or desktop I have no need for ACLs, no other software I use requires libacl, and the kernel is compiled without ACL support. I think you should allow users who are building their own systems to judge what's a relevant security hole. I have no problem with use of ACLs being the default, as with systemd/udev, only with its being mandatory.
Now, with a fix for bug #61162 committed in git [1], it looks like, people can live with the added potential security hole. (as Allin, I don't have ACL turned on in my single-user desktop kernel either and I want to get rid of otherwise unused libacl dependency) So, please, reconsider adding --disable-acl configure option, proposed in David Heidelberger's patch [2] together with a bit safer group chown(). [1] http://cgit.freedesktop.org/udisks/commit/?id=86bcf135 [2] http://lists.freedesktop.org/archives/devkit-devel/2014-April/001589.html
Adjusted David Heidelberger's patch to current git, and applied: https://cgit.freedesktop.org/udisks/commit/?id=ce392b4e1
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.