My polkit rule does not elevate NTFS-3G mount

This forum is dedicated to testing early releases and cauldron : Howtos, tips, tricks and user global feedback and thoughts...

Helpful tip :
For bugs tracking we use : https://bugs.mageia.org = The Mageia Bug Tracker
In this bug tracker you'll find already reported bugs and you'll be able to report those you have found....

My polkit rule does not elevate NTFS-3G mount

Postby Northsoft » Feb 16th, '21, 08:08

Hello, I have a polkit rule at /etc/polkit-1/rules.d/99-my-disks.rules, with a code like this:
Code: Select all
polkit.addRule(function(action, subject) {
    if (
        subject.user == 'northsoft' &&
        (
            action.id == 'org.freedesktop.udisks2.filesystem-mount-system' ||
            action.id == 'org.freedesktop.udisks2.filesystem-mount'
        ) &&
        action.lookup("id.label") == 'my_ntfs_volume' &&
        action.lookup("device") == '/dev/sda4' &&
        action.lookup("id.uuid") == '61398737-7eb1-46c3-b7f7-63afea32e037'
    )
        return polkit.Result.YES;
    return polkit.Result.NOT_HANDLED;
});

Previously i was able to mount NTFS volumes without prompting for root password. Now i have an error and such lines in journal:
Code: Select all
фев 16 13:06:07 localhost.localdomain udisksd[2418585]: Unprivileged user can not mount NTFS block devices using the external FUSE
фев 16 13:06:07 localhost.localdomain udisksd[2418585]: library. Either mount the volume as root, or rebuild NTFS-3G with integrated
фев 16 13:06:07 localhost.localdomain udisksd[2418585]: FUSE support and make it setuid root. Please see more information at
фев 16 13:06:07 localhost.localdomain udisksd[2418585]: http://tuxera.com/community/ntfs-3g-faq/#unprivileged

Do i need to rebuild NTFS-3G? Or there is some more repo-friendly way?

UPD:
Code: Select all
Linux localhost.localdomain 5.10.10-desktop-1.mga8 #1 SMP Sat Jan 23 17:25:44 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Northsoft
 
Posts: 33
Joined: Dec 18th, '12, 19:22
Location: Novosibirsk, Russia

Re: My polkit rule does not elevate NTFS-3G mount

Postby doktor5000 » Feb 16th, '21, 18:26

If those are internal disks, why not simply mount those via fstab which is the default ?

Also your polkit rule is needlessly complex.
Cauldron is not for the faint of heart!
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
User avatar
doktor5000
 
Posts: 17603
Joined: Jun 4th, '11, 10:10
Location: Leipzig, Germany

Re: My polkit rule does not elevate NTFS-3G mount

Postby Northsoft » Feb 16th, '21, 18:46

I don't want to use automount via fstab because sometimes Windows may shut down unexpectedly, and automount stops Mageia from booting in case of mount failed.
Also I think that Windows volumes should not be accessible unless I explicitly want to access them.
And I can't use noauto,user options at fstab, they don't work for NTFS.

And my polkit rule is really much more complex:
Code: Select all
polkit.addRule(function(action, subject) {
        var label = action.lookup("id.label");
        var device = action.lookup("device");
        var uuid = action.lookup("id.uuid");

        var controlled_actions = [
                'org.freedesktop.udisks2.filesystem-mount-system',
                'org.freedesktop.udisks2.filesystem-mount',
                'org.freedesktop.udisks2.encrypted-unlock-system'
        ];
        var allowed_devices = [
                {
                        device: '/dev/sda10',
                        label: 'alpha',
                        uuid: '8ce766b9-596a-440d-9864-961d035ccb2a'
                },
                {
                        device: '/dev/sda11',
                        label: 'bravo',
                        uuid: 'b50de6a3-cda2-4512-9646-be13c2b6e874'
                },
                {
                        device: '/dev/sda12',
                        label: 'charlie',
                        uuid: '9a233c12-e8ff-4e8e-a1df-fc9b0108fa24'
                },
                {
                        device: '/dev/sda13',
                        label: 'delta',
                        uuid: '7a104fa4-7167-4f79-8a26-389273877505'
                },
                {
                        device: '/dev/sda14',
                        label: 'echo',
                        uuid: 'aa4985bb-35b7-4ba4-b154-abb0805ad1b0'
                },
                {
                        device: '/dev/sda15',
                        // no label for foxtrot volume
                        uuid: 'df1d268e-ff1e-48b7-85ed-e14a23137a38'
                },
                {
                        device: '/dev/sda16',
                        label: 'golf',
                        uuid: 'f5761dcf-9f55-4369-ad9a-91178acba5bd'
                },
                {
                        device: '/dev/sda17',
                        label: 'hotel',
                        uuid: 'f5a34faa-12fe-4d2f-9bc6-969b170f535e'
                }
        ];
        if (subject.user != 'northsoft')
                return polkit.Result.NOT_HANDLED;

        var is_action_controlled = false;
        for (i_controlled_action in controlled_actions) {
                if (action.id == controlled_actions[i_controlled_action]) {
                        is_action_controlled = true;
                        break;
                }
        }
        if (!is_action_controlled)
                return polkit.Result.NOT_HANDLED;

        for (adev_idx in allowed_devices) {
                var adev = allowed_devices[adev_idx];
                var label_ok = !('label' in adev) || (adev.label == label);
                var dev_ok   = adev.device == device;
                var uuid_ok  = adev.uuid == uuid;
               
                if (label_ok && dev_ok && uuid_ok)
                        return polkit.Result.YES;
        }
        return polkit.Result.NOT_HANDLED;
});
Northsoft
 
Posts: 33
Joined: Dec 18th, '12, 19:22
Location: Novosibirsk, Russia

Re: My polkit rule does not elevate NTFS-3G mount

Postby doktor5000 » Feb 16th, '21, 22:00

Northsoft wrote:automount stops Mageia from booting in case of mount failed.


No it doesn't, as they are also added with nofail as mount option by default.

I'm using this rule, and it works just fine here on mga7: https://wiki.mageia.org/en/Useful_polki ... t_password
Don't see any changes to ntfs-3g in between since mga7.
Cauldron is not for the faint of heart!
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
User avatar
doktor5000
 
Posts: 17603
Joined: Jun 4th, '11, 10:10
Location: Leipzig, Germany


Return to Testing : Alpha, Beta, RC and Cauldron

Who is online

Users browsing this forum: No registered users and 1 guest

cron