Commit 8518d119 authored by Mike Salmela's avatar Mike Salmela

[udisks] Add option to set filesystem group permissions. Contributes to JB#50288

Added option set-group-permissions to the Format() method.
If the take-ownership option is set, the filesystem permissions will be drwx------ by default.
When also setting the set-group-permissions option true, the permission is set to drwxrwx---.
parent d20b9c18
From bae0c3e0cf68922829d1d55f3e910f4fdeba390f Mon Sep 17 00:00:00 2001
From: Raine Makelainen <raine.makelainen@jolla.com>
Date: Tue, 5 Dec 2017 11:17:50 +0200
Subject: [PATCH 01/10] Disable libblockdev-mdraid and part support from source
Subject: [PATCH] Disable libblockdev-mdraid and part support from source
tree
Signed-off-by: Raine Makelainen <raine.makelainen@jolla.com>
......
From d16ccca1c503badece76d462e524c5d530fb8c64 Mon Sep 17 00:00:00 2001
From: Raine Makelainen <raine.makelainen@jolla.com>
Date: Thu, 7 Dec 2017 13:15:34 +0200
Subject: [PATCH 02/10] Drop smartata dependencies
Subject: [PATCH] Drop smartata dependencies
Signed-off-by: Raine Makelainen <raine.makelainen@jolla.com>
---
......
From 83e732433500be755af56a18488d17dbaf32992b Mon Sep 17 00:00:00 2001
From: Raine Makelainen <raine.makelainen@jolla.com>
Date: Tue, 6 Feb 2018 14:01:16 +0200
Subject: [PATCH 03/10] Loosen up polkit policies to work from another seat
Subject: [PATCH] Loosen up polkit policies to work from another seat
Signed-off-by: Raine Makelainen <raine.makelainen@jolla.com>
---
......
From 511431a281d8949d9da40537d4cf0d508e577584 Mon Sep 17 00:00:00 2001
From: Raine Makelainen <raine.makelainen@jolla.com>
Date: Mon, 12 Mar 2018 10:18:03 +0200
Subject: [PATCH 05/10] Add udev rule for the sda drives
Subject: [PATCH] Add udev rule for the sda drives
Signed-off-by: Raine Makelainen <raine.makelainen@jolla.com>
---
......
From 17ceca1b69a8639fa3ada7b93a7ba2666e4fa072 Mon Sep 17 00:00:00 2001
From: Raine Makelainen <raine.makelainen@jolla.com>
Date: Wed, 11 Apr 2018 11:11:53 +0300
Subject: [PATCH 06/10] Disable zram rule for now
Subject: [PATCH] Disable zram rule for now
Signed-off-by: Raine Makelainen <raine.makelainen@jolla.com>
---
......
From 9ce374eb82c4cebc0f24d2f4746ebbf9e78df12f Mon Sep 17 00:00:00 2001
From: Raine Makelainen <raine.makelainen@jolla.com>
Date: Wed, 18 Apr 2018 18:00:00 +0300
Subject: [PATCH 07/10] Create mount path with 755 rights
Subject: [PATCH] Create mount path with 755 rights
Signed-off-by: Raine Makelainen <raine.makelainen@jolla.com>
---
......
From a22976986045a7af66c2d1985b5ae8d21fe9e5f4 Mon Sep 17 00:00:00 2001
From: Raine Makelainen <raine.makelainen@jolla.com>
Date: Tue, 18 Sep 2018 17:04:36 +0300
Subject: [PATCH 08/10] Make it possible to encrypt mmcblk* (format with
Subject: [PATCH] Make it possible to encrypt mmcblk* (format with
encryption)
Signed-off-by: Raine Makelainen <raine.makelainen@jolla.com>
......
From 2cadb944916c23d290320076f13b420f65cb3a12 Mon Sep 17 00:00:00 2001
From: Raine Makelainen <raine.makelainen@jolla.com>
Date: Wed, 21 Nov 2018 17:27:59 +0200
Subject: [PATCH 09/10] Reduce reserved blocks percentage to zero for
Subject: [PATCH] Reduce reserved blocks percentage to zero for
ext2/ext3/ext4 formatting
Signed-off-by: Raine Makelainen <raine.makelainen@jolla.com>
......
From 4c2e802eb6afa9040dba04c175e0724d7ae00ff3 Mon Sep 17 00:00:00 2001
From: Raine Makelainen <raine.makelainen@jolla.com>
Date: Wed, 21 Nov 2018 17:04:27 +0200
Subject: [PATCH 10/10] Allow rescan for inactive
Subject: [PATCH] Allow rescan for inactive
Signed-off-by: Raine Makelainen <raine.makelainen@jolla.com>
---
......
From 44c58573ec01df21716f1c0b5db94a51ea7caf4b Mon Sep 17 00:00:00 2001
From: Raine Makelainen <raine.makelainen@jolla.com>
Date: Fri, 15 Feb 2019 15:15:48 +0200
Subject: [PATCH 11/11] Allow whitelisting filesystems that can be mounted
Subject: [PATCH] Allow whitelisting filesystems that can be mounted
If whitelist is empty when 'well-know', '/proc/filesystems/', and
'/etc/filesystems' are used like before.
......
From 9c4ee1390505b2e3cc205df7e2ac8e34811e6aa1 Mon Sep 17 00:00:00 2001
From: Mike Salmela <mike.salmela@jolla.com>
Date: Fri, 31 Jul 2020 11:19:27 +0300
Subject: [PATCH] Add option to set filesystem group permissions
Added option set-group-permissions to the Format() method.
If the take-ownership option is set, the filesystem permissions will be drwx------ by default.
When also setting the set-group-permissions option true, the permission is set to drwxrwx---.
---
src/udiskslinuxblock.c | 5 ++++-
src/udiskslinuxfilesystem.c | 3 +++
src/udiskslinuxfilesystemhelpers.c | 13 ++++++++++---
src/udiskslinuxfilesystemhelpers.h | 1 +
4 files changed, 18 insertions(+), 4 deletions(-)
diff --git a/src/udiskslinuxblock.c b/src/udiskslinuxblock.c
index fd82d0e4..27d85f7b 100644
--- a/src/udiskslinuxblock.c
+++ b/src/udiskslinuxblock.c
@@ -2897,6 +2897,7 @@ udisks_linux_block_handle_format (UDisksBlock *block,
uid_t caller_uid;
gid_t caller_gid;
gboolean take_ownership = FALSE;
+ gboolean set_group_permissions = FALSE;
GString *encrypt_passphrase = NULL;
gchar *encrypt_type = NULL;
gchar *erase_type = NULL;
@@ -2928,6 +2929,7 @@ udisks_linux_block_handle_format (UDisksBlock *block,
error_message = NULL;
g_variant_lookup (options, "take-ownership", "b", &take_ownership);
+ g_variant_lookup (options, "set-group-permissions", "b", &set_group_permissions);
udisks_variant_lookup_binary (options, "encrypt.passphrase", &encrypt_passphrase);
g_variant_lookup (options, "encrypt.type", "s", &encrypt_type);
g_variant_lookup (options, "erase", "s", &erase_type);
@@ -3350,7 +3352,8 @@ udisks_linux_block_handle_format (UDisksBlock *block,
if (take_ownership && fs_info->supports_owners)
{
if (!take_filesystem_ownership (udisks_block_get_device (block_to_mkfs),
- type, caller_uid, caller_gid, FALSE, &error))
+ type, caller_uid, caller_gid, FALSE,
+ set_group_permissions, &error))
{
g_prefix_error (&error,
"Failed to take ownership of newly created filesystem: ");
diff --git a/src/udiskslinuxfilesystem.c b/src/udiskslinuxfilesystem.c
index 8d1bff42..ac663d49 100644
--- a/src/udiskslinuxfilesystem.c
+++ b/src/udiskslinuxfilesystem.c
@@ -2609,10 +2609,12 @@ handle_take_ownership (UDisksFilesystem *filesystem,
UDisksBaseJob *job = NULL;
GError *error = NULL;
gboolean recursive = FALSE;
+ gboolean set_group_permissions = FALSE;
uid_t caller_uid;
gid_t caller_gid;
g_variant_lookup (options, "recursive", "b", &recursive);
+ g_variant_lookup (options, "set-group-permissions", "b", &set_group_permissions);
/* only allow a single call at a time */
g_mutex_lock (&UDISKS_LINUX_FILESYSTEM (filesystem)->lock);
@@ -2697,6 +2699,7 @@ handle_take_ownership (UDisksFilesystem *filesystem,
probed_fs_type,
caller_uid, caller_gid,
recursive,
+ set_group_permissions,
&error))
{
g_dbus_method_invocation_return_error (invocation,
diff --git a/src/udiskslinuxfilesystemhelpers.c b/src/udiskslinuxfilesystemhelpers.c
index 11ce27b4..c27f5fc0 100644
--- a/src/udiskslinuxfilesystemhelpers.c
+++ b/src/udiskslinuxfilesystemhelpers.c
@@ -81,6 +81,7 @@ gboolean take_filesystem_ownership (const gchar *device,
uid_t caller_uid,
gid_t caller_gid,
gboolean recursive,
+ gboolean set_group_permissions,
GError **error)
{
@@ -89,6 +90,7 @@ gboolean take_filesystem_ownership (const gchar *device,
GError *local_error = NULL;
gboolean unmount = FALSE;
gboolean success = TRUE;
+ mode_t chmod_mode = 0700;
mountpoint = bd_fs_get_mountpoint (device, &local_error);
if (mountpoint == NULL)
@@ -154,11 +156,16 @@ gboolean take_filesystem_ownership (const gchar *device,
}
}
- if (chmod (mountpoint, 0700) != 0)
+ if (set_group_permissions)
+ {
+ chmod_mode |= 070;
+ }
+
+ if (chmod (mountpoint, chmod_mode) != 0)
{
g_set_error (error, UDISKS_ERROR, UDISKS_ERROR_FAILED,
- "Cannot chmod %s to mode 0700: %m",
- mountpoint);
+ "Cannot chmod %s to mode %o: %m",
+ mountpoint, chmod_mode);
success = FALSE;
goto out;
}
diff --git a/src/udiskslinuxfilesystemhelpers.h b/src/udiskslinuxfilesystemhelpers.h
index 02e827c9..17f73bf7 100644
--- a/src/udiskslinuxfilesystemhelpers.h
+++ b/src/udiskslinuxfilesystemhelpers.h
@@ -36,6 +36,7 @@ gboolean take_filesystem_ownership (const gchar *device,
uid_t caller_uid,
gid_t caller_gid,
gboolean recursive,
+ gboolean set_group_permissions,
GError **error);
G_END_DECLS
--
2.27.0
......@@ -27,6 +27,7 @@ Patch8: 0008-Make-it-possible-to-encrypt-mmcblk-format-with-encry.patch
Patch9: 0009-Reduce-reserved-blocks-percentage-to-zero-for-ext2-e.patch
Patch10: 0010-Allow-rescan-for-inactive.patch
Patch11: 0011-Allow-whitelisting-filesystems-that-can-be-mounted.patch
Patch12: 0012-Add-option-to-set-group-permissions.patch
BuildRequires: pkgconfig(glib-2.0) >= %{glib2_version}
BuildRequires: pkgconfig(gobject-introspection-1.0)
......@@ -110,19 +111,7 @@ This package contains the development files for the library lib%{name}, a
dynamic library, which provides access to the udisksd daemon.
%prep
%setup -q -n %{name}-%{version}/%{name}
%patch1 -p1 -b .disable-mdraid_and_part
%patch2 -p1 -b .drop-smartata
%patch3 -p1 -b .loosen-up-rights
%patch4 -p1 -b .mount-sd-service
%patch5 -p1 -b .udev-rules-for-sda
%patch6 -p1 -b .udev-disable-zram
%patch7 -p1 -b .mount-path-rights
%patch8 -p1 -b .mmcblk-encryption
%patch9 -p1 -b .mkfs-reserved-blocks-percentage
%patch10 -p1 -b .allow-rescan
%patch11 -p1 -b .fs-whitelist
%autosetup -p1 -n %{name}-%{version}/%{name}
%build
# Disable gtk-doc
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment