-
-
Notifications
You must be signed in to change notification settings - Fork 157
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mount_tomb: make use of ACL in specific locations #475
Conversation
This is especially interesting if it allows us to remove the |
Interesting point. Theoretically it would allow that. But then it probably needs a better check for ACL support. Let's see what can be done. |
Urg.. not sure how to proceed, as this could easily spiral somewhat out of control and cause big changes :D At least it seems currently like that. |
We need more exhaustive testing for this, many corner cases can arise... Should we leave the code as-is? Perhaps ACL as an opt-in rather than auto-detect. |
This is definitively nothing for 2.10 :D I lean to split the approach:
For the first point we can use auto-detect or entirely switch, as there is control over the initial tomb. But could also be be opt-in. Set a flag and a ACL config file is placed beside the other tomb files in a tomb. If it's there apply that instead of the chown. |
5fcbea1
to
dac78c5
Compare
The scope of this PR adjusted to its original intent to match the behaviour when mounting a tomb at |
Namely /run/media/$USER, which was introduced as a replacement for the classic /media. Main motiviation being, that $USER_B shouldn't get access to or information about mounted devices from $USER_A. The mount point itself is owned by root, therefore one needs currently to know the name of the mountpoint to change to the location. Other tools for mounting media like udisksctl set ACL to allow the owner to use it normally (autocompletion and such). Fixes dyne#461
excellent! will merge this now. If you have time I am very interested in your opinion on kdf in the other PR |
Rebasing seems to be have something which it shouldn't have :D It reintroduced partly old behaviour of
https://github.com/dyne/tomb/blob/master/tomb#L3320-L3325 |
Namely /run/media/$USER.
The mount point itself is owned by root, therefore one needs to know the name of the mountpoint to change to the location. Other tools for mounting media like udisksctl set ACL to allow the owner to use it normally (autocompletion and such).
Fixes #461
To get the solution for the named issue going.
There were some undecided points and maybe with some changed code this can go on further.
Therefore this PR is only a draft. Request for comments