diff mbox series

[bug#43604] services: %desktop-services: Setuid root NTFS and NFS mount helpers.

Message ID 20200925013643.23795-1-maxim.cournoyer@gmail.com
State Accepted
Headers show
Series [bug#43604] services: %desktop-services: Setuid root NTFS and NFS mount helpers. | expand

Checks

Context Check Description
cbaines/comparison success View comparision
cbaines/git branch success View Git branch
cbaines/applying patch success View Laminar job

Commit Message

Maxim Cournoyer Sept. 25, 2020, 1:36 a.m. UTC 
Combined with commit def6e2ae46, this allows unprivileged users to mount file
systems marked with the "user" option.  It adds less than 4 MiB to the closure
of the lightweight-desktop.tmpl operating system template.

* gnu/services/desktop.scm (%desktop-services): Extend the
setuid-program-service-type service with the 'mount.nfs' and 'mount.nfs-3g'
programs.
---
 gnu/services/desktop.scm | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

Comments

Ludovic Courtès Sept. 29, 2020, 8:47 p.m. UTC | #1 
Hi Maxim,

Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:

> Combined with commit def6e2ae46, this allows unprivileged users to mount file
> systems marked with the "user" option.  It adds less than 4 MiB to the closure
> of the lightweight-desktop.tmpl operating system template.
>
> * gnu/services/desktop.scm (%desktop-services): Extend the
> setuid-program-service-type service with the 'mount.nfs' and 'mount.nfs-3g'
> programs.

Looks reasonable to me.

Thank you!

Ludo’.
Maxim Cournoyer Oct. 1, 2020, 7:50 p.m. UTC | #2 
Hello,

Ludovic Courtès <ludo@gnu.org> writes:

> Hi Maxim,
>
> Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:
>
>> Combined with commit def6e2ae46, this allows unprivileged users to mount file
>> systems marked with the "user" option.  It adds less than 4 MiB to the closure
>> of the lightweight-desktop.tmpl operating system template.
>>
>> * gnu/services/desktop.scm (%desktop-services): Extend the
>> setuid-program-service-type service with the 'mount.nfs' and 'mount.nfs-3g'
>> programs.
>
> Looks reasonable to me.
>
> Thank you!

Thanks for the review!  Pushed as commit d40c9f6c85.

Maxim
diff mbox series

Patch

diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index 1dcf71d359..f9f666e791 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -3,7 +3,7 @@ 
 ;;; Copyright © 2015 Andy Wingo <wingo@igalia.com>
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Sou Bunnbu <iyzsong@gmail.com>
-;;; Copyright © 2017 Maxim Cournoyer <maxim.cournoyer@gmail.com>
+;;; Copyright © 2017, 2020 Maxim Cournoyer <maxim.cournoyer@gmail.com>
 ;;; Copyright © 2017 Nikita <nikita@n0.is>
 ;;; Copyright © 2018, 2020 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
@@ -54,6 +54,7 @@ 
   #:use-module (gnu packages linux)
   #:use-module (gnu packages libusb)
   #:use-module (gnu packages mate)
+  #:use-module (gnu packages nfs)
   #:use-module (gnu packages enlightenment)
   #:use-module (guix deprecation)
   #:use-module (guix records)
@@ -1203,6 +1204,12 @@  or setting its password with passwd.")))
          ;; perform administrative tasks (similar to "sudo").
          polkit-wheel-service
 
+         ;; Allow desktop users to also mount NTFS and NFS file systems
+         ;; without root.
+         (simple-service 'mount-setuid-helpers setuid-program-service-type
+                         (list (file-append nfs-utils "/sbin/mount.nfs")
+                               (file-append ntfs-3g "/sbin/mount.ntfs-3g")))
+
          ;; The global fontconfig cache directory can sometimes contain
          ;; stale entries, possibly referencing fonts that have been GC'd,
          ;; so mount it read-only.