mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-12-22 01:58:57 +00:00
mount_tomb: make use of ACL in a specific location
Namely /run/media/$USER, which was introduced as a replacement for the classic /media. Main motiviation being, that $USER_B shouldn't get access to or information about mounted devices from $USER_A. The mount point itself is owned by root, therefore one needs currently to know the name of the mountpoint to change to the location. Other tools for mounting media like udisksctl set ACL to allow the owner to use it normally (autocompletion and such). Fixes #461
This commit is contained in:
parent
5409402196
commit
a6e6a9c677
24
tomb
24
tomb
@ -65,6 +65,7 @@ typeset -i RESIZER=1
|
||||
typeset -i RECOLL=1
|
||||
typeset -i QRENCODE=1
|
||||
typeset -i LSOF=1
|
||||
typeset -i ACL=1
|
||||
|
||||
# Default mount options
|
||||
typeset MOUNTOPTS="rw,noatime,nodev"
|
||||
@ -897,7 +898,7 @@ function _print() {
|
||||
_list_optional_tools() {
|
||||
typeset -a _deps
|
||||
_deps=(gettext dcfldd shred steghide)
|
||||
_deps+=(resize2fs tomb-kdb-pbkdf2 argon2 qrencode recoll unoconv lsof)
|
||||
_deps+=(resize2fs tomb-kdb-pbkdf2 argon2 qrencode recoll unoconv lsof setfacl)
|
||||
for d in $_deps; do
|
||||
_print "`which $d`"
|
||||
done
|
||||
@ -960,6 +961,8 @@ _ensure_dependencies() {
|
||||
command -v recoll 1>/dev/null 2>/dev/null || RECOLL=0
|
||||
# Check for QREncode for paper backups of keys
|
||||
command -v qrencode 1>/dev/null 2>/dev/null || QRENCODE=0
|
||||
# Check for acl/setfacl for setting ACL at the mount location
|
||||
command -v setfacl 1>/dev/null 2>/dev/null || ACL=0
|
||||
}
|
||||
|
||||
# }}} - Commandline interaction
|
||||
@ -2289,8 +2292,11 @@ mount_tomb() {
|
||||
local tombmount="$2"
|
||||
[[ -z "$tombmount" ]] && {
|
||||
tombmount="/media/$TOMBNAME"
|
||||
[[ -d /media ]] || { # no /media found, adopting /run/media/$USER (udisks2 compat)
|
||||
tombmount="/run/media/$_USER/$TOMBNAME"
|
||||
[[ -d /media ]] || {
|
||||
# no /media found, adopting /run/media/$USER to match behaviour
|
||||
# of tools following the notion to mount in that location (like udisks2)
|
||||
local runmedia="/run/media/$_USER"
|
||||
tombmount="$runmedia/$TOMBNAME"
|
||||
}
|
||||
_message "Mountpoint not specified, using default: ::1 mount point::" "$tombmount"
|
||||
}
|
||||
@ -2383,6 +2389,12 @@ mount_tomb() {
|
||||
# we need root from here on
|
||||
_sudo mkdir -p "$tombmount"
|
||||
|
||||
# set ACL on /run/media/$_USER/ to match behaviour (see #461)
|
||||
# tmpfs -> it doesn't know acl/noacl mount options -> no check
|
||||
[[ $ACL == 1 ]] && [[ -s $runmedia ]] && {
|
||||
_sudo setfacl -m u:"$_USER":r-x "$runmedia"
|
||||
}
|
||||
|
||||
# Default mount options are overridden with the -o switch
|
||||
local oldmountopts
|
||||
{ option_is_set -o } && {
|
||||
@ -3305,6 +3317,12 @@ main() {
|
||||
|
||||
# Close the tomb
|
||||
umount|close)
|
||||
[[ "$subcommand" == "slam" ]] && {
|
||||
SLAM=1
|
||||
[[ $LSOF == 0 ]] && {
|
||||
unset SLAM
|
||||
_warning "lsof not installed: cannot slam tombs."
|
||||
_warning "Trying a regular close." }}
|
||||
umount_tomb $PARAM[1]
|
||||
;;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user