Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[udisks] Add option to set filesystem group permissions. Contributes …
…to JB#50288 Added option set-group-permissions to the Format() method. If the take-ownership option is set, the filesystem permissions will be drwx------ by default. When also setting the set-group-permissions option true, the permission is set to drwxrwx---.
- Loading branch information
1 parent
d20b9c1
commit 8518d11
Showing
12 changed files
with
137 additions
and
23 deletions.
There are no files selected for viewing
2 changes: 1 addition & 1 deletion
2
rpm/0001-Disable-libblockdev-mdraid-and-part-support-from-sou.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
rpm/0003-Loosen-up-polkit-policies-to-work-from-another-seat.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
rpm/0008-Make-it-possible-to-encrypt-mmcblk-format-with-encry.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
rpm/0009-Reduce-reserved-blocks-percentage-to-zero-for-ext2-e.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
rpm/0011-Allow-whitelisting-filesystems-that-can-be-mounted.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,125 @@ | ||
From 9c4ee1390505b2e3cc205df7e2ac8e34811e6aa1 Mon Sep 17 00:00:00 2001 | ||
From: Mike Salmela <mike.salmela@jolla.com> | ||
Date: Fri, 31 Jul 2020 11:19:27 +0300 | ||
Subject: [PATCH] Add option to set filesystem group permissions | ||
|
||
Added option set-group-permissions to the Format() method. | ||
If the take-ownership option is set, the filesystem permissions will be drwx------ by default. | ||
When also setting the set-group-permissions option true, the permission is set to drwxrwx---. | ||
--- | ||
src/udiskslinuxblock.c | 5 ++++- | ||
src/udiskslinuxfilesystem.c | 3 +++ | ||
src/udiskslinuxfilesystemhelpers.c | 13 ++++++++++--- | ||
src/udiskslinuxfilesystemhelpers.h | 1 + | ||
4 files changed, 18 insertions(+), 4 deletions(-) | ||
|
||
diff --git a/src/udiskslinuxblock.c b/src/udiskslinuxblock.c | ||
index fd82d0e4..27d85f7b 100644 | ||
--- a/src/udiskslinuxblock.c | ||
+++ b/src/udiskslinuxblock.c | ||
@@ -2897,6 +2897,7 @@ udisks_linux_block_handle_format (UDisksBlock *block, | ||
uid_t caller_uid; | ||
gid_t caller_gid; | ||
gboolean take_ownership = FALSE; | ||
+ gboolean set_group_permissions = FALSE; | ||
GString *encrypt_passphrase = NULL; | ||
gchar *encrypt_type = NULL; | ||
gchar *erase_type = NULL; | ||
@@ -2928,6 +2929,7 @@ udisks_linux_block_handle_format (UDisksBlock *block, | ||
error_message = NULL; | ||
|
||
g_variant_lookup (options, "take-ownership", "b", &take_ownership); | ||
+ g_variant_lookup (options, "set-group-permissions", "b", &set_group_permissions); | ||
udisks_variant_lookup_binary (options, "encrypt.passphrase", &encrypt_passphrase); | ||
g_variant_lookup (options, "encrypt.type", "s", &encrypt_type); | ||
g_variant_lookup (options, "erase", "s", &erase_type); | ||
@@ -3350,7 +3352,8 @@ udisks_linux_block_handle_format (UDisksBlock *block, | ||
if (take_ownership && fs_info->supports_owners) | ||
{ | ||
if (!take_filesystem_ownership (udisks_block_get_device (block_to_mkfs), | ||
- type, caller_uid, caller_gid, FALSE, &error)) | ||
+ type, caller_uid, caller_gid, FALSE, | ||
+ set_group_permissions, &error)) | ||
{ | ||
g_prefix_error (&error, | ||
"Failed to take ownership of newly created filesystem: "); | ||
diff --git a/src/udiskslinuxfilesystem.c b/src/udiskslinuxfilesystem.c | ||
index 8d1bff42..ac663d49 100644 | ||
--- a/src/udiskslinuxfilesystem.c | ||
+++ b/src/udiskslinuxfilesystem.c | ||
@@ -2609,10 +2609,12 @@ handle_take_ownership (UDisksFilesystem *filesystem, | ||
UDisksBaseJob *job = NULL; | ||
GError *error = NULL; | ||
gboolean recursive = FALSE; | ||
+ gboolean set_group_permissions = FALSE; | ||
uid_t caller_uid; | ||
gid_t caller_gid; | ||
|
||
g_variant_lookup (options, "recursive", "b", &recursive); | ||
+ g_variant_lookup (options, "set-group-permissions", "b", &set_group_permissions); | ||
|
||
/* only allow a single call at a time */ | ||
g_mutex_lock (&UDISKS_LINUX_FILESYSTEM (filesystem)->lock); | ||
@@ -2697,6 +2699,7 @@ handle_take_ownership (UDisksFilesystem *filesystem, | ||
probed_fs_type, | ||
caller_uid, caller_gid, | ||
recursive, | ||
+ set_group_permissions, | ||
&error)) | ||
{ | ||
g_dbus_method_invocation_return_error (invocation, | ||
diff --git a/src/udiskslinuxfilesystemhelpers.c b/src/udiskslinuxfilesystemhelpers.c | ||
index 11ce27b4..c27f5fc0 100644 | ||
--- a/src/udiskslinuxfilesystemhelpers.c | ||
+++ b/src/udiskslinuxfilesystemhelpers.c | ||
@@ -81,6 +81,7 @@ gboolean take_filesystem_ownership (const gchar *device, | ||
uid_t caller_uid, | ||
gid_t caller_gid, | ||
gboolean recursive, | ||
+ gboolean set_group_permissions, | ||
GError **error) | ||
|
||
{ | ||
@@ -89,6 +90,7 @@ gboolean take_filesystem_ownership (const gchar *device, | ||
GError *local_error = NULL; | ||
gboolean unmount = FALSE; | ||
gboolean success = TRUE; | ||
+ mode_t chmod_mode = 0700; | ||
|
||
mountpoint = bd_fs_get_mountpoint (device, &local_error); | ||
if (mountpoint == NULL) | ||
@@ -154,11 +156,16 @@ gboolean take_filesystem_ownership (const gchar *device, | ||
} | ||
} | ||
|
||
- if (chmod (mountpoint, 0700) != 0) | ||
+ if (set_group_permissions) | ||
+ { | ||
+ chmod_mode |= 070; | ||
+ } | ||
+ | ||
+ if (chmod (mountpoint, chmod_mode) != 0) | ||
{ | ||
g_set_error (error, UDISKS_ERROR, UDISKS_ERROR_FAILED, | ||
- "Cannot chmod %s to mode 0700: %m", | ||
- mountpoint); | ||
+ "Cannot chmod %s to mode %o: %m", | ||
+ mountpoint, chmod_mode); | ||
success = FALSE; | ||
goto out; | ||
} | ||
diff --git a/src/udiskslinuxfilesystemhelpers.h b/src/udiskslinuxfilesystemhelpers.h | ||
index 02e827c9..17f73bf7 100644 | ||
--- a/src/udiskslinuxfilesystemhelpers.h | ||
+++ b/src/udiskslinuxfilesystemhelpers.h | ||
@@ -36,6 +36,7 @@ gboolean take_filesystem_ownership (const gchar *device, | ||
uid_t caller_uid, | ||
gid_t caller_gid, | ||
gboolean recursive, | ||
+ gboolean set_group_permissions, | ||
GError **error); | ||
|
||
G_END_DECLS | ||
-- | ||
2.27.0 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters