Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

mount_tomb: make use of ACL in specific locations #475

Merged
merged 1 commit into from
Oct 30, 2024
Merged

mount_tomb: make use of ACL in specific locations #475

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 21 additions & 3 deletions tomb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@ typeset -i RESIZER=1
typeset -i RECOLL=1
typeset -i QRENCODE=1
typeset -i LSOF=1
typeset -i ACL=1

# Default mount options
typeset MOUNTOPTS="rw,noatime,nodev"
Expand Down Expand Up @@ -897,7 +898,7 @@ function _print() {
_list_optional_tools() {
typeset -a _deps
_deps=(gettext dcfldd shred steghide)
_deps+=(resize2fs tomb-kdb-pbkdf2 argon2 qrencode recoll unoconv lsof)
_deps+=(resize2fs tomb-kdb-pbkdf2 argon2 qrencode recoll unoconv lsof setfacl)
for d in $_deps; do
_print "`which $d`"
done
Expand Down Expand Up @@ -960,6 +961,8 @@ _ensure_dependencies() {
command -v recoll 1>/dev/null 2>/dev/null || RECOLL=0
# Check for QREncode for paper backups of keys
command -v qrencode 1>/dev/null 2>/dev/null || QRENCODE=0
# Check for acl/setfacl for setting ACL at the mount location
command -v setfacl 1>/dev/null 2>/dev/null || ACL=0
}

# }}} - Commandline interaction
Expand Down Expand Up @@ -2289,8 +2292,11 @@ mount_tomb() {
local tombmount="$2"
[[ -z "$tombmount" ]] && {
tombmount="/media/$TOMBNAME"
[[ -d /media ]] || { # no /media found, adopting /run/media/$USER (udisks2 compat)
tombmount="/run/media/$_USER/$TOMBNAME"
[[ -d /media ]] || {
# no /media found, adopting /run/media/$USER to match behaviour
# of tools following the notion to mount in that location (like udisks2)
local runmedia="/run/media/$_USER"
tombmount="$runmedia/$TOMBNAME"
}
_message "Mountpoint not specified, using default: ::1 mount point::" "$tombmount"
}
Expand Down Expand Up @@ -2383,6 +2389,12 @@ mount_tomb() {
# we need root from here on
_sudo mkdir -p "$tombmount"

# set ACL on /run/media/$_USER/ to match behaviour (see #461)
# tmpfs -> it doesn't know acl/noacl mount options -> no check
[[ $ACL == 1 ]] && [[ -s $runmedia ]] && {
_sudo setfacl -m u:"$_USER":r-x "$runmedia"
}

# Default mount options are overridden with the -o switch
local oldmountopts
{ option_is_set -o } && {
Expand Down Expand Up @@ -3305,6 +3317,12 @@ main() {

# Close the tomb
umount|close)
[[ "$subcommand" == "slam" ]] && {
SLAM=1
[[ $LSOF == 0 ]] && {
unset SLAM
_warning "lsof not installed: cannot slam tombs."
_warning "Trying a regular close." }}
umount_tomb $PARAM[1]
;;

Expand Down
Loading