Page 1 of 1

My polkit rule does not elevate NTFS-3G mount

PostPosted: Feb 16th, '21, 08:08
by Northsoft
Hello, I have a polkit rule at /etc/polkit-1/rules.d/99-my-disks.rules, with a code like this:
Code: Select all
polkit.addRule(function(action, subject) {
    if (
        subject.user == 'northsoft' &&
        (
            action.id == 'org.freedesktop.udisks2.filesystem-mount-system' ||
            action.id == 'org.freedesktop.udisks2.filesystem-mount'
        ) &&
        action.lookup("id.label") == 'my_ntfs_volume' &&
        action.lookup("device") == '/dev/sda4' &&
        action.lookup("id.uuid") == '61398737-7eb1-46c3-b7f7-63afea32e037'
    )
        return polkit.Result.YES;
    return polkit.Result.NOT_HANDLED;
});

Previously i was able to mount NTFS volumes without prompting for root password. Now i have an error and such lines in journal:
Code: Select all
фев 16 13:06:07 localhost.localdomain udisksd[2418585]: Unprivileged user can not mount NTFS block devices using the external FUSE
фев 16 13:06:07 localhost.localdomain udisksd[2418585]: library. Either mount the volume as root, or rebuild NTFS-3G with integrated
фев 16 13:06:07 localhost.localdomain udisksd[2418585]: FUSE support and make it setuid root. Please see more information at
фев 16 13:06:07 localhost.localdomain udisksd[2418585]: http://tuxera.com/community/ntfs-3g-faq/#unprivileged

Do i need to rebuild NTFS-3G? Or there is some more repo-friendly way?

UPD:
Code: Select all
Linux localhost.localdomain 5.10.10-desktop-1.mga8 #1 SMP Sat Jan 23 17:25:44 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

Re: My polkit rule does not elevate NTFS-3G mount

PostPosted: Feb 16th, '21, 18:26
by doktor5000
If those are internal disks, why not simply mount those via fstab which is the default ?

Also your polkit rule is needlessly complex.

Re: My polkit rule does not elevate NTFS-3G mount

PostPosted: Feb 16th, '21, 18:46
by Northsoft
I don't want to use automount via fstab because sometimes Windows may shut down unexpectedly, and automount stops Mageia from booting in case of mount failed.
Also I think that Windows volumes should not be accessible unless I explicitly want to access them.
And I can't use noauto,user options at fstab, they don't work for NTFS.

And my polkit rule is really much more complex:
Code: Select all
polkit.addRule(function(action, subject) {
        var label = action.lookup("id.label");
        var device = action.lookup("device");
        var uuid = action.lookup("id.uuid");

        var controlled_actions = [
                'org.freedesktop.udisks2.filesystem-mount-system',
                'org.freedesktop.udisks2.filesystem-mount',
                'org.freedesktop.udisks2.encrypted-unlock-system'
        ];
        var allowed_devices = [
                {
                        device: '/dev/sda10',
                        label: 'alpha',
                        uuid: '8ce766b9-596a-440d-9864-961d035ccb2a'
                },
                {
                        device: '/dev/sda11',
                        label: 'bravo',
                        uuid: 'b50de6a3-cda2-4512-9646-be13c2b6e874'
                },
                {
                        device: '/dev/sda12',
                        label: 'charlie',
                        uuid: '9a233c12-e8ff-4e8e-a1df-fc9b0108fa24'
                },
                {
                        device: '/dev/sda13',
                        label: 'delta',
                        uuid: '7a104fa4-7167-4f79-8a26-389273877505'
                },
                {
                        device: '/dev/sda14',
                        label: 'echo',
                        uuid: 'aa4985bb-35b7-4ba4-b154-abb0805ad1b0'
                },
                {
                        device: '/dev/sda15',
                        // no label for foxtrot volume
                        uuid: 'df1d268e-ff1e-48b7-85ed-e14a23137a38'
                },
                {
                        device: '/dev/sda16',
                        label: 'golf',
                        uuid: 'f5761dcf-9f55-4369-ad9a-91178acba5bd'
                },
                {
                        device: '/dev/sda17',
                        label: 'hotel',
                        uuid: 'f5a34faa-12fe-4d2f-9bc6-969b170f535e'
                }
        ];
        if (subject.user != 'northsoft')
                return polkit.Result.NOT_HANDLED;

        var is_action_controlled = false;
        for (i_controlled_action in controlled_actions) {
                if (action.id == controlled_actions[i_controlled_action]) {
                        is_action_controlled = true;
                        break;
                }
        }
        if (!is_action_controlled)
                return polkit.Result.NOT_HANDLED;

        for (adev_idx in allowed_devices) {
                var adev = allowed_devices[adev_idx];
                var label_ok = !('label' in adev) || (adev.label == label);
                var dev_ok   = adev.device == device;
                var uuid_ok  = adev.uuid == uuid;
               
                if (label_ok && dev_ok && uuid_ok)
                        return polkit.Result.YES;
        }
        return polkit.Result.NOT_HANDLED;
});

Re: My polkit rule does not elevate NTFS-3G mount

PostPosted: Feb 16th, '21, 22:00
by doktor5000
Northsoft wrote:automount stops Mageia from booting in case of mount failed.


No it doesn't, as they are also added with nofail as mount option by default.

I'm using this rule, and it works just fine here on mga7: https://wiki.mageia.org/en/Useful_polki ... t_password
Don't see any changes to ntfs-3g in between since mga7.