diff --git a/rpm/0001-Disable-libblockdev-mdraid-and-part-support-from-sou.patch b/rpm/0001-Disable-libblockdev-mdraid-and-part-support-from-sou.patch index 9a4f1af..7f2909c 100644 --- a/rpm/0001-Disable-libblockdev-mdraid-and-part-support-from-sou.patch +++ b/rpm/0001-Disable-libblockdev-mdraid-and-part-support-from-sou.patch @@ -1,7 +1,7 @@ From bae0c3e0cf68922829d1d55f3e910f4fdeba390f Mon Sep 17 00:00:00 2001 From: Raine Makelainen Date: Tue, 5 Dec 2017 11:17:50 +0200 -Subject: [PATCH 01/10] Disable libblockdev-mdraid and part support from source +Subject: [PATCH] Disable libblockdev-mdraid and part support from source tree Signed-off-by: Raine Makelainen diff --git a/rpm/0002-Drop-smartata-dependencies.patch b/rpm/0002-Drop-smartata-dependencies.patch index e622cc8..60d9117 100644 --- a/rpm/0002-Drop-smartata-dependencies.patch +++ b/rpm/0002-Drop-smartata-dependencies.patch @@ -1,7 +1,7 @@ From d16ccca1c503badece76d462e524c5d530fb8c64 Mon Sep 17 00:00:00 2001 From: Raine Makelainen Date: Thu, 7 Dec 2017 13:15:34 +0200 -Subject: [PATCH 02/10] Drop smartata dependencies +Subject: [PATCH] Drop smartata dependencies Signed-off-by: Raine Makelainen --- diff --git a/rpm/0003-Loosen-up-polkit-policies-to-work-from-another-seat.patch b/rpm/0003-Loosen-up-polkit-policies-to-work-from-another-seat.patch index b4b2e2e..4eacdba 100644 --- a/rpm/0003-Loosen-up-polkit-policies-to-work-from-another-seat.patch +++ b/rpm/0003-Loosen-up-polkit-policies-to-work-from-another-seat.patch @@ -1,7 +1,7 @@ From 83e732433500be755af56a18488d17dbaf32992b Mon Sep 17 00:00:00 2001 From: Raine Makelainen Date: Tue, 6 Feb 2018 14:01:16 +0200 -Subject: [PATCH 03/10] Loosen up polkit policies to work from another seat +Subject: [PATCH] Loosen up polkit policies to work from another seat Signed-off-by: Raine Makelainen --- diff --git a/rpm/0005-Add-udev-rule-for-the-sda-drives.patch b/rpm/0005-Add-udev-rule-for-the-sda-drives.patch index 490e88c..c9a2d4e 100644 --- a/rpm/0005-Add-udev-rule-for-the-sda-drives.patch +++ b/rpm/0005-Add-udev-rule-for-the-sda-drives.patch @@ -1,7 +1,7 @@ From 511431a281d8949d9da40537d4cf0d508e577584 Mon Sep 17 00:00:00 2001 From: Raine Makelainen Date: Mon, 12 Mar 2018 10:18:03 +0200 -Subject: [PATCH 05/10] Add udev rule for the sda drives +Subject: [PATCH] Add udev rule for the sda drives Signed-off-by: Raine Makelainen --- diff --git a/rpm/0006-Disable-zram-rule-for-now.patch b/rpm/0006-Disable-zram-rule-for-now.patch index a6fb94b..aaafe5e 100644 --- a/rpm/0006-Disable-zram-rule-for-now.patch +++ b/rpm/0006-Disable-zram-rule-for-now.patch @@ -1,7 +1,7 @@ From 17ceca1b69a8639fa3ada7b93a7ba2666e4fa072 Mon Sep 17 00:00:00 2001 From: Raine Makelainen Date: Wed, 11 Apr 2018 11:11:53 +0300 -Subject: [PATCH 06/10] Disable zram rule for now +Subject: [PATCH] Disable zram rule for now Signed-off-by: Raine Makelainen --- diff --git a/rpm/0007-Create-mount-path-with-755-rights.patch b/rpm/0007-Create-mount-path-with-755-rights.patch index 5a4098b..412a394 100644 --- a/rpm/0007-Create-mount-path-with-755-rights.patch +++ b/rpm/0007-Create-mount-path-with-755-rights.patch @@ -1,7 +1,7 @@ From 9ce374eb82c4cebc0f24d2f4746ebbf9e78df12f Mon Sep 17 00:00:00 2001 From: Raine Makelainen Date: Wed, 18 Apr 2018 18:00:00 +0300 -Subject: [PATCH 07/10] Create mount path with 755 rights +Subject: [PATCH] Create mount path with 755 rights Signed-off-by: Raine Makelainen --- diff --git a/rpm/0008-Make-it-possible-to-encrypt-mmcblk-format-with-encry.patch b/rpm/0008-Make-it-possible-to-encrypt-mmcblk-format-with-encry.patch index 7b6790d..375df6b 100644 --- a/rpm/0008-Make-it-possible-to-encrypt-mmcblk-format-with-encry.patch +++ b/rpm/0008-Make-it-possible-to-encrypt-mmcblk-format-with-encry.patch @@ -1,7 +1,7 @@ From a22976986045a7af66c2d1985b5ae8d21fe9e5f4 Mon Sep 17 00:00:00 2001 From: Raine Makelainen Date: Tue, 18 Sep 2018 17:04:36 +0300 -Subject: [PATCH 08/10] Make it possible to encrypt mmcblk* (format with +Subject: [PATCH] Make it possible to encrypt mmcblk* (format with encryption) Signed-off-by: Raine Makelainen diff --git a/rpm/0009-Reduce-reserved-blocks-percentage-to-zero-for-ext2-e.patch b/rpm/0009-Reduce-reserved-blocks-percentage-to-zero-for-ext2-e.patch index 2b30ee2..9dcf6c5 100644 --- a/rpm/0009-Reduce-reserved-blocks-percentage-to-zero-for-ext2-e.patch +++ b/rpm/0009-Reduce-reserved-blocks-percentage-to-zero-for-ext2-e.patch @@ -1,7 +1,7 @@ From 2cadb944916c23d290320076f13b420f65cb3a12 Mon Sep 17 00:00:00 2001 From: Raine Makelainen Date: Wed, 21 Nov 2018 17:27:59 +0200 -Subject: [PATCH 09/10] Reduce reserved blocks percentage to zero for +Subject: [PATCH] Reduce reserved blocks percentage to zero for ext2/ext3/ext4 formatting Signed-off-by: Raine Makelainen diff --git a/rpm/0010-Allow-rescan-for-inactive.patch b/rpm/0010-Allow-rescan-for-inactive.patch index 788848a..0edecec 100644 --- a/rpm/0010-Allow-rescan-for-inactive.patch +++ b/rpm/0010-Allow-rescan-for-inactive.patch @@ -1,7 +1,7 @@ From 4c2e802eb6afa9040dba04c175e0724d7ae00ff3 Mon Sep 17 00:00:00 2001 From: Raine Makelainen Date: Wed, 21 Nov 2018 17:04:27 +0200 -Subject: [PATCH 10/10] Allow rescan for inactive +Subject: [PATCH] Allow rescan for inactive Signed-off-by: Raine Makelainen --- diff --git a/rpm/0011-Allow-whitelisting-filesystems-that-can-be-mounted.patch b/rpm/0011-Allow-whitelisting-filesystems-that-can-be-mounted.patch index 2f33219..1d9867f 100644 --- a/rpm/0011-Allow-whitelisting-filesystems-that-can-be-mounted.patch +++ b/rpm/0011-Allow-whitelisting-filesystems-that-can-be-mounted.patch @@ -1,7 +1,7 @@ From 44c58573ec01df21716f1c0b5db94a51ea7caf4b Mon Sep 17 00:00:00 2001 From: Raine Makelainen Date: Fri, 15 Feb 2019 15:15:48 +0200 -Subject: [PATCH 11/11] Allow whitelisting filesystems that can be mounted +Subject: [PATCH] Allow whitelisting filesystems that can be mounted If whitelist is empty when 'well-know', '/proc/filesystems/', and '/etc/filesystems' are used like before. diff --git a/rpm/0012-Add-option-to-set-group-permissions.patch b/rpm/0012-Add-option-to-set-group-permissions.patch new file mode 100644 index 0000000..7f7d296 --- /dev/null +++ b/rpm/0012-Add-option-to-set-group-permissions.patch @@ -0,0 +1,125 @@ +From 9c4ee1390505b2e3cc205df7e2ac8e34811e6aa1 Mon Sep 17 00:00:00 2001 +From: Mike Salmela +Date: Fri, 31 Jul 2020 11:19:27 +0300 +Subject: [PATCH] Add option to set filesystem group permissions + +Added option set-group-permissions to the Format() method. +If the take-ownership option is set, the filesystem permissions will be drwx------ by default. +When also setting the set-group-permissions option true, the permission is set to drwxrwx---. +--- + src/udiskslinuxblock.c | 5 ++++- + src/udiskslinuxfilesystem.c | 3 +++ + src/udiskslinuxfilesystemhelpers.c | 13 ++++++++++--- + src/udiskslinuxfilesystemhelpers.h | 1 + + 4 files changed, 18 insertions(+), 4 deletions(-) + +diff --git a/src/udiskslinuxblock.c b/src/udiskslinuxblock.c +index fd82d0e4..27d85f7b 100644 +--- a/src/udiskslinuxblock.c ++++ b/src/udiskslinuxblock.c +@@ -2897,6 +2897,7 @@ udisks_linux_block_handle_format (UDisksBlock *block, + uid_t caller_uid; + gid_t caller_gid; + gboolean take_ownership = FALSE; ++ gboolean set_group_permissions = FALSE; + GString *encrypt_passphrase = NULL; + gchar *encrypt_type = NULL; + gchar *erase_type = NULL; +@@ -2928,6 +2929,7 @@ udisks_linux_block_handle_format (UDisksBlock *block, + error_message = NULL; + + g_variant_lookup (options, "take-ownership", "b", &take_ownership); ++ g_variant_lookup (options, "set-group-permissions", "b", &set_group_permissions); + udisks_variant_lookup_binary (options, "encrypt.passphrase", &encrypt_passphrase); + g_variant_lookup (options, "encrypt.type", "s", &encrypt_type); + g_variant_lookup (options, "erase", "s", &erase_type); +@@ -3350,7 +3352,8 @@ udisks_linux_block_handle_format (UDisksBlock *block, + if (take_ownership && fs_info->supports_owners) + { + if (!take_filesystem_ownership (udisks_block_get_device (block_to_mkfs), +- type, caller_uid, caller_gid, FALSE, &error)) ++ type, caller_uid, caller_gid, FALSE, ++ set_group_permissions, &error)) + { + g_prefix_error (&error, + "Failed to take ownership of newly created filesystem: "); +diff --git a/src/udiskslinuxfilesystem.c b/src/udiskslinuxfilesystem.c +index 8d1bff42..ac663d49 100644 +--- a/src/udiskslinuxfilesystem.c ++++ b/src/udiskslinuxfilesystem.c +@@ -2609,10 +2609,12 @@ handle_take_ownership (UDisksFilesystem *filesystem, + UDisksBaseJob *job = NULL; + GError *error = NULL; + gboolean recursive = FALSE; ++ gboolean set_group_permissions = FALSE; + uid_t caller_uid; + gid_t caller_gid; + + g_variant_lookup (options, "recursive", "b", &recursive); ++ g_variant_lookup (options, "set-group-permissions", "b", &set_group_permissions); + + /* only allow a single call at a time */ + g_mutex_lock (&UDISKS_LINUX_FILESYSTEM (filesystem)->lock); +@@ -2697,6 +2699,7 @@ handle_take_ownership (UDisksFilesystem *filesystem, + probed_fs_type, + caller_uid, caller_gid, + recursive, ++ set_group_permissions, + &error)) + { + g_dbus_method_invocation_return_error (invocation, +diff --git a/src/udiskslinuxfilesystemhelpers.c b/src/udiskslinuxfilesystemhelpers.c +index 11ce27b4..c27f5fc0 100644 +--- a/src/udiskslinuxfilesystemhelpers.c ++++ b/src/udiskslinuxfilesystemhelpers.c +@@ -81,6 +81,7 @@ gboolean take_filesystem_ownership (const gchar *device, + uid_t caller_uid, + gid_t caller_gid, + gboolean recursive, ++ gboolean set_group_permissions, + GError **error) + + { +@@ -89,6 +90,7 @@ gboolean take_filesystem_ownership (const gchar *device, + GError *local_error = NULL; + gboolean unmount = FALSE; + gboolean success = TRUE; ++ mode_t chmod_mode = 0700; + + mountpoint = bd_fs_get_mountpoint (device, &local_error); + if (mountpoint == NULL) +@@ -154,11 +156,16 @@ gboolean take_filesystem_ownership (const gchar *device, + } + } + +- if (chmod (mountpoint, 0700) != 0) ++ if (set_group_permissions) ++ { ++ chmod_mode |= 070; ++ } ++ ++ if (chmod (mountpoint, chmod_mode) != 0) + { + g_set_error (error, UDISKS_ERROR, UDISKS_ERROR_FAILED, +- "Cannot chmod %s to mode 0700: %m", +- mountpoint); ++ "Cannot chmod %s to mode %o: %m", ++ mountpoint, chmod_mode); + success = FALSE; + goto out; + } +diff --git a/src/udiskslinuxfilesystemhelpers.h b/src/udiskslinuxfilesystemhelpers.h +index 02e827c9..17f73bf7 100644 +--- a/src/udiskslinuxfilesystemhelpers.h ++++ b/src/udiskslinuxfilesystemhelpers.h +@@ -36,6 +36,7 @@ gboolean take_filesystem_ownership (const gchar *device, + uid_t caller_uid, + gid_t caller_gid, + gboolean recursive, ++ gboolean set_group_permissions, + GError **error); + + G_END_DECLS +-- +2.27.0 + diff --git a/rpm/udisks2.spec b/rpm/udisks2.spec index 91217a0..1ad35f3 100644 --- a/rpm/udisks2.spec +++ b/rpm/udisks2.spec @@ -27,6 +27,7 @@ Patch8: 0008-Make-it-possible-to-encrypt-mmcblk-format-with-encry.patch Patch9: 0009-Reduce-reserved-blocks-percentage-to-zero-for-ext2-e.patch Patch10: 0010-Allow-rescan-for-inactive.patch Patch11: 0011-Allow-whitelisting-filesystems-that-can-be-mounted.patch +Patch12: 0012-Add-option-to-set-group-permissions.patch BuildRequires: pkgconfig(glib-2.0) >= %{glib2_version} BuildRequires: pkgconfig(gobject-introspection-1.0) @@ -110,19 +111,7 @@ This package contains the development files for the library lib%{name}, a dynamic library, which provides access to the udisksd daemon. %prep -%setup -q -n %{name}-%{version}/%{name} - -%patch1 -p1 -b .disable-mdraid_and_part -%patch2 -p1 -b .drop-smartata -%patch3 -p1 -b .loosen-up-rights -%patch4 -p1 -b .mount-sd-service -%patch5 -p1 -b .udev-rules-for-sda -%patch6 -p1 -b .udev-disable-zram -%patch7 -p1 -b .mount-path-rights -%patch8 -p1 -b .mmcblk-encryption -%patch9 -p1 -b .mkfs-reserved-blocks-percentage -%patch10 -p1 -b .allow-rescan -%patch11 -p1 -b .fs-whitelist +%autosetup -p1 -n %{name}-%{version}/%{name} %build # Disable gtk-doc