[udisks] Add option to set filesystem group permissions. Contributes …

…to JB#50288 Added option set-group-permissions to the Format() method. If the take-ownership option is set, the filesystem permissions will be drwx------ by default. When also setting the set-group-permissions option true, the permission is set to drwxrwx---.
sailfishos · Jul 31, 2020 · 8518d11 · 8518d11
1 parent d20b9c1
commit 8518d11
Show file tree

Hide file tree

Showing 12 changed files with 137 additions and 23 deletions.
diff --git a/rpm/0001-Disable-libblockdev-mdraid-and-part-support-from-sou.patch b/rpm/0001-Disable-libblockdev-mdraid-and-part-support-from-sou.patch
@@ -1,7 +1,7 @@
 From bae0c3e0cf68922829d1d55f3e910f4fdeba390f Mon Sep 17 00:00:00 2001
 From: Raine Makelainen <raine.makelainen@jolla.com>
 Date: Tue, 5 Dec 2017 11:17:50 +0200
-Subject: [PATCH 01/10] Disable libblockdev-mdraid and part support from source
+Subject: [PATCH] Disable libblockdev-mdraid and part support from source
  tree
 
 Signed-off-by: Raine Makelainen <raine.makelainen@jolla.com>

diff --git a/rpm/0002-Drop-smartata-dependencies.patch b/rpm/0002-Drop-smartata-dependencies.patch
@@ -1,7 +1,7 @@
 From d16ccca1c503badece76d462e524c5d530fb8c64 Mon Sep 17 00:00:00 2001
 From: Raine Makelainen <raine.makelainen@jolla.com>
 Date: Thu, 7 Dec 2017 13:15:34 +0200
-Subject: [PATCH 02/10] Drop smartata dependencies
+Subject: [PATCH] Drop smartata dependencies
 
 Signed-off-by: Raine Makelainen <raine.makelainen@jolla.com>
 ---

diff --git a/rpm/0003-Loosen-up-polkit-policies-to-work-from-another-seat.patch b/rpm/0003-Loosen-up-polkit-policies-to-work-from-another-seat.patch
@@ -1,7 +1,7 @@
 From 83e732433500be755af56a18488d17dbaf32992b Mon Sep 17 00:00:00 2001
 From: Raine Makelainen <raine.makelainen@jolla.com>
 Date: Tue, 6 Feb 2018 14:01:16 +0200
-Subject: [PATCH 03/10] Loosen up polkit policies to work from another seat
+Subject: [PATCH] Loosen up polkit policies to work from another seat
 
 Signed-off-by: Raine Makelainen <raine.makelainen@jolla.com>
 ---

diff --git a/rpm/0005-Add-udev-rule-for-the-sda-drives.patch b/rpm/0005-Add-udev-rule-for-the-sda-drives.patch
@@ -1,7 +1,7 @@
 From 511431a281d8949d9da40537d4cf0d508e577584 Mon Sep 17 00:00:00 2001
 From: Raine Makelainen <raine.makelainen@jolla.com>
 Date: Mon, 12 Mar 2018 10:18:03 +0200
-Subject: [PATCH 05/10] Add udev rule for the sda drives
+Subject: [PATCH] Add udev rule for the sda drives
 
 Signed-off-by: Raine Makelainen <raine.makelainen@jolla.com>
 ---

diff --git a/rpm/0006-Disable-zram-rule-for-now.patch b/rpm/0006-Disable-zram-rule-for-now.patch
@@ -1,7 +1,7 @@
 From 17ceca1b69a8639fa3ada7b93a7ba2666e4fa072 Mon Sep 17 00:00:00 2001
 From: Raine Makelainen <raine.makelainen@jolla.com>
 Date: Wed, 11 Apr 2018 11:11:53 +0300
-Subject: [PATCH 06/10] Disable zram rule for now
+Subject: [PATCH] Disable zram rule for now
 
 Signed-off-by: Raine Makelainen <raine.makelainen@jolla.com>
 ---

diff --git a/rpm/0007-Create-mount-path-with-755-rights.patch b/rpm/0007-Create-mount-path-with-755-rights.patch
@@ -1,7 +1,7 @@
 From 9ce374eb82c4cebc0f24d2f4746ebbf9e78df12f Mon Sep 17 00:00:00 2001
 From: Raine Makelainen <raine.makelainen@jolla.com>
 Date: Wed, 18 Apr 2018 18:00:00 +0300
-Subject: [PATCH 07/10] Create mount path with 755 rights
+Subject: [PATCH] Create mount path with 755 rights
 
 Signed-off-by: Raine Makelainen <raine.makelainen@jolla.com>
 ---

diff --git a/rpm/0008-Make-it-possible-to-encrypt-mmcblk-format-with-encry.patch b/rpm/0008-Make-it-possible-to-encrypt-mmcblk-format-with-encry.patch
@@ -1,7 +1,7 @@
 From a22976986045a7af66c2d1985b5ae8d21fe9e5f4 Mon Sep 17 00:00:00 2001
 From: Raine Makelainen <raine.makelainen@jolla.com>
 Date: Tue, 18 Sep 2018 17:04:36 +0300
-Subject: [PATCH 08/10] Make it possible to encrypt mmcblk* (format with
+Subject: [PATCH] Make it possible to encrypt mmcblk* (format with
  encryption)
 
 Signed-off-by: Raine Makelainen <raine.makelainen@jolla.com>

diff --git a/rpm/0009-Reduce-reserved-blocks-percentage-to-zero-for-ext2-e.patch b/rpm/0009-Reduce-reserved-blocks-percentage-to-zero-for-ext2-e.patch
@@ -1,7 +1,7 @@
 From 2cadb944916c23d290320076f13b420f65cb3a12 Mon Sep 17 00:00:00 2001
 From: Raine Makelainen <raine.makelainen@jolla.com>
 Date: Wed, 21 Nov 2018 17:27:59 +0200
-Subject: [PATCH 09/10] Reduce reserved blocks percentage to zero for
+Subject: [PATCH] Reduce reserved blocks percentage to zero for
  ext2/ext3/ext4 formatting
 
 Signed-off-by: Raine Makelainen <raine.makelainen@jolla.com>

diff --git a/rpm/0010-Allow-rescan-for-inactive.patch b/rpm/0010-Allow-rescan-for-inactive.patch
@@ -1,7 +1,7 @@
 From 4c2e802eb6afa9040dba04c175e0724d7ae00ff3 Mon Sep 17 00:00:00 2001
 From: Raine Makelainen <raine.makelainen@jolla.com>
 Date: Wed, 21 Nov 2018 17:04:27 +0200
-Subject: [PATCH 10/10] Allow rescan for inactive
+Subject: [PATCH] Allow rescan for inactive
 
 Signed-off-by: Raine Makelainen <raine.makelainen@jolla.com>
 ---

diff --git a/rpm/0011-Allow-whitelisting-filesystems-that-can-be-mounted.patch b/rpm/0011-Allow-whitelisting-filesystems-that-can-be-mounted.patch
@@ -1,7 +1,7 @@
 From 44c58573ec01df21716f1c0b5db94a51ea7caf4b Mon Sep 17 00:00:00 2001
 From: Raine Makelainen <raine.makelainen@jolla.com>
 Date: Fri, 15 Feb 2019 15:15:48 +0200
-Subject: [PATCH 11/11] Allow whitelisting filesystems that can be mounted
+Subject: [PATCH] Allow whitelisting filesystems that can be mounted
 
 If whitelist is empty when 'well-know', '/proc/filesystems/', and
 '/etc/filesystems' are used like before.

diff --git a/rpm/0012-Add-option-to-set-group-permissions.patch b/rpm/0012-Add-option-to-set-group-permissions.patch
@@ -0,0 +1,125 @@
+From 9c4ee1390505b2e3cc205df7e2ac8e34811e6aa1 Mon Sep 17 00:00:00 2001
+From: Mike Salmela <mike.salmela@jolla.com>
+Date: Fri, 31 Jul 2020 11:19:27 +0300
+Subject: [PATCH] Add option to set filesystem group permissions
+
+Added option set-group-permissions to the Format() method.
+If the take-ownership option is set, the filesystem permissions will be drwx------ by default.
+When also setting the set-group-permissions option true, the permission is set to drwxrwx---.
+---
+ src/udiskslinuxblock.c             |  5 ++++-
+ src/udiskslinuxfilesystem.c        |  3 +++
+ src/udiskslinuxfilesystemhelpers.c | 13 ++++++++++---
+ src/udiskslinuxfilesystemhelpers.h |  1 +
+ 4 files changed, 18 insertions(+), 4 deletions(-)
+
+diff --git a/src/udiskslinuxblock.c b/src/udiskslinuxblock.c
+index fd82d0e4..27d85f7b 100644
+--- a/src/udiskslinuxblock.c
++++ b/src/udiskslinuxblock.c
+@@ -2897,6 +2897,7 @@ udisks_linux_block_handle_format (UDisksBlock             *block,
+   uid_t caller_uid;
+   gid_t caller_gid;
+   gboolean take_ownership = FALSE;
++  gboolean set_group_permissions = FALSE;
+   GString *encrypt_passphrase = NULL;
+   gchar *encrypt_type = NULL;
+   gchar *erase_type = NULL;
+@@ -2928,6 +2929,7 @@ udisks_linux_block_handle_format (UDisksBlock             *block,
+   error_message = NULL;
+
+   g_variant_lookup (options, "take-ownership", "b", &take_ownership);
++  g_variant_lookup (options, "set-group-permissions", "b", &set_group_permissions);
+   udisks_variant_lookup_binary (options, "encrypt.passphrase", &encrypt_passphrase);
+   g_variant_lookup (options, "encrypt.type", "s", &encrypt_type);
+   g_variant_lookup (options, "erase", "s", &erase_type);
+@@ -3350,7 +3352,8 @@ udisks_linux_block_handle_format (UDisksBlock             *block,
+   if (take_ownership && fs_info->supports_owners)
+     {
+       if (!take_filesystem_ownership (udisks_block_get_device (block_to_mkfs),
+-                                      type, caller_uid, caller_gid, FALSE, &error))
++                                      type, caller_uid, caller_gid, FALSE,
++                                      set_group_permissions, &error))
+         {
+           g_prefix_error (&error,
+                           "Failed to take ownership of newly created filesystem: ");
+diff --git a/src/udiskslinuxfilesystem.c b/src/udiskslinuxfilesystem.c
+index 8d1bff42..ac663d49 100644
+--- a/src/udiskslinuxfilesystem.c
++++ b/src/udiskslinuxfilesystem.c
+@@ -2609,10 +2609,12 @@ handle_take_ownership (UDisksFilesystem      *filesystem,
+   UDisksBaseJob *job = NULL;
+   GError *error = NULL;
+   gboolean recursive = FALSE;
++  gboolean set_group_permissions = FALSE;
+   uid_t caller_uid;
+   gid_t caller_gid;
+
+   g_variant_lookup (options, "recursive", "b", &recursive);
++  g_variant_lookup (options, "set-group-permissions", "b", &set_group_permissions);
+
+   /* only allow a single call at a time */
+   g_mutex_lock (&UDISKS_LINUX_FILESYSTEM (filesystem)->lock);
+@@ -2697,6 +2699,7 @@ handle_take_ownership (UDisksFilesystem      *filesystem,
+                                    probed_fs_type,
+                                    caller_uid, caller_gid,
+                                    recursive,
++                                   set_group_permissions,
+                                    &error))
+     {
+       g_dbus_method_invocation_return_error (invocation,
+diff --git a/src/udiskslinuxfilesystemhelpers.c b/src/udiskslinuxfilesystemhelpers.c
+index 11ce27b4..c27f5fc0 100644
+--- a/src/udiskslinuxfilesystemhelpers.c
++++ b/src/udiskslinuxfilesystemhelpers.c
+@@ -81,6 +81,7 @@ gboolean take_filesystem_ownership (const gchar *device,
+                                     uid_t caller_uid,
+                                     gid_t caller_gid,
+                                     gboolean recursive,
++                                    gboolean set_group_permissions,
+                                     GError **error)
+
+ {
+@@ -89,6 +90,7 @@ gboolean take_filesystem_ownership (const gchar *device,
+   GError *local_error = NULL;
+   gboolean unmount = FALSE;
+   gboolean success = TRUE;
++  mode_t chmod_mode = 0700;
+
+   mountpoint = bd_fs_get_mountpoint (device, &local_error);
+   if (mountpoint == NULL)
+@@ -154,11 +156,16 @@ gboolean take_filesystem_ownership (const gchar *device,
+         }
+     }
+
+-  if (chmod (mountpoint, 0700) != 0)
++  if (set_group_permissions)
++    {
++      chmod_mode |= 070;
++    }
++
++  if (chmod (mountpoint, chmod_mode) != 0)
+     {
+       g_set_error (error, UDISKS_ERROR, UDISKS_ERROR_FAILED,
+-                   "Cannot chmod %s to mode 0700: %m",
+-                   mountpoint);
++                   "Cannot chmod %s to mode %o: %m",
++                   mountpoint, chmod_mode);
+       success = FALSE;
+       goto out;
+     }
+diff --git a/src/udiskslinuxfilesystemhelpers.h b/src/udiskslinuxfilesystemhelpers.h
+index 02e827c9..17f73bf7 100644
+--- a/src/udiskslinuxfilesystemhelpers.h
++++ b/src/udiskslinuxfilesystemhelpers.h
+@@ -36,6 +36,7 @@ gboolean take_filesystem_ownership (const gchar *device,
+                                     uid_t caller_uid,
+                                     gid_t caller_gid,
+                                     gboolean recursive,
++                                    gboolean set_group_permissions,
+                                     GError **error);
+
+ G_END_DECLS
+-- 
+2.27.0
+
diff --git a/rpm/udisks2.spec b/rpm/udisks2.spec
@@ -27,6 +27,7 @@ Patch8: 0008-Make-it-possible-to-encrypt-mmcblk-format-with-encry.patch
 Patch9: 0009-Reduce-reserved-blocks-percentage-to-zero-for-ext2-e.patch
 Patch10: 0010-Allow-rescan-for-inactive.patch
 Patch11: 0011-Allow-whitelisting-filesystems-that-can-be-mounted.patch
+Patch12: 0012-Add-option-to-set-group-permissions.patch
 
 BuildRequires: pkgconfig(glib-2.0) >= %{glib2_version}
 BuildRequires: pkgconfig(gobject-introspection-1.0)
@@ -110,19 +111,7 @@ This package contains the development files for the library lib%{name}, a
 dynamic library, which provides access to the udisksd daemon.
 
 %prep
-%setup -q -n %{name}-%{version}/%{name}
-
-%patch1 -p1 -b .disable-mdraid_and_part
-%patch2 -p1 -b .drop-smartata
-%patch3 -p1 -b .loosen-up-rights
-%patch4 -p1 -b .mount-sd-service
-%patch5 -p1 -b .udev-rules-for-sda
-%patch6 -p1 -b .udev-disable-zram
-%patch7 -p1 -b .mount-path-rights
-%patch8 -p1 -b .mmcblk-encryption
-%patch9 -p1 -b .mkfs-reserved-blocks-percentage
-%patch10 -p1 -b .allow-rescan
-%patch11 -p1 -b .fs-whitelist
+%autosetup -p1 -n %{name}-%{version}/%{name}
 
 %build
 # Disable gtk-doc