1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
From 0007d5616f4dbc9ccd65b9094ffc18c6f776d06a Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Wed, 4 Jun 2025 15:26:46 +0200
Subject: [PATCH] udiskslinuxfilesystemhelpers: Mount private mounts with
'nodev,nosuid'
The private mount done in take_filesystem_ownership() should always
default to 'nodev,nosuid' for security and 'errors=remount-ro' for
selected filesystem to handle corrupted filesystem. This is consistent
with mount options calculation for regular mounts.
---
src/udiskslinuxfilesystemhelpers.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/udiskslinuxfilesystemhelpers.c b/src/udiskslinuxfilesystemhelpers.c
index 7c5fc037..9eb7742c 100644
--- a/src/udiskslinuxfilesystemhelpers.c
+++ b/src/udiskslinuxfilesystemhelpers.c
@@ -123,6 +123,7 @@ take_filesystem_ownership (const gchar *device,
{
gchar *mountpoint = NULL;
+ const gchar *mount_opts;
GError *local_error = NULL;
gboolean unmount = FALSE;
gboolean success = TRUE;
@@ -151,8 +152,15 @@ take_filesystem_ownership (const gchar *device,
goto out;
}
+ mount_opts = "nodev,nosuid";
+ if (g_strcmp0 (fstype, "ext2") == 0 ||
+ g_strcmp0 (fstype, "ext3") == 0 ||
+ g_strcmp0 (fstype, "ext4") == 0 ||
+ g_strcmp0 (fstype, "jfs") == 0)
+ mount_opts = "nodev,nosuid,errors=remount-ro";
+
/* TODO: mount to a private mount namespace */
- if (!bd_fs_mount (device, mountpoint, fstype, NULL, NULL, &local_error))
+ if (!bd_fs_mount (device, mountpoint, fstype, mount_opts, NULL, &local_error))
{
g_set_error (error, UDISKS_ERROR, UDISKS_ERROR_FAILED,
"Cannot mount %s at %s: %s",
--
2.49.0
|
