Ubuntu
udisks2 package

Ignores HintSystem (UDISKS_SYSTEM)

Bug #1836499 reported by TJ
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
udisks2 (Ubuntu)
New
Undecided
Unassigned

Bug Description

[18.04 amd64]

HintSystem (which can be set by a udev rule with ENV{UDISKS_SYSTEM}="1") is supposed to "require additional permissions to access" [0] but there is no difference in the mount permissions when it is set:

# UDISKS_SYSTEM=0

$ udisksctl info -b /dev/sr0 /org/freedesktop/UDisks2/block_devices/sr0:
  org.freedesktop.UDisks2.Block:
    Configuration: []
    CryptoBackingDevice: '/'
    Device: /dev/sr0
...
    HintAuto: true
    HintIconName:
    HintIgnore: false
    HintName:
    HintPartitionable: false
    HintSymbolicIconName:
    HintSystem: false
    Id: by-uuid-2019-06-22-02-06-15-00
...
    UserspaceMountOptions: uhelper=udisks2
  org.freedesktop.UDisks2.Filesystem:
    MountPoints: /media/tj/Xubuntu 19.10 amd64
    Size: 0

$ mount | grep media/tj
/dev/sr0 on /media/tj/Xubuntu 19.10 amd64 type iso9660 (ro,nosuid,nodev,relatime,nojoliet,check=s,map=n,blocksize=2048,uid=1000,gid=1000,dmode=500,fmode=400,uhelper=udisks2)

# UDISKS_SYSTEM=1

$ udisksctl info -b /dev/sr0
/org/freedesktop/UDisks2/block_devices/sr0:
  org.freedesktop.UDisks2.Block:
    Configuration: []
    CryptoBackingDevice: '/'
    Device: /dev/sr0
...
    HintAuto: true
    HintIconName:
    HintIgnore: false
    HintName:
    HintPartitionable: false
    HintSymbolicIconName:
    HintSystem: true
    Id: by-uuid-2019-06-22-02-06-15-00
...
    UserspaceMountOptions: uhelper=udisks2
  org.freedesktop.UDisks2.Filesystem:
    MountPoints: /media/tj/Xubuntu 19.10 amd64
    Size: 0

$ mount | grep media/tj
/dev/sr0 on /media/tj/Xubuntu 19.10 amd64 type iso9660 (ro,nosuid,nodev,relatime,nojoliet,check=s,map=n,blocksize=2048,uid=1000,gid=1000,dmode=500,fmode=400,u
helper=udisks2)

[0] http://storaged.org/doc/udisks2-api/latest/gdbus-org.freedesktop.UDisks2.Block.html#gdbus-property-org-freedesktop-UDisks2-Block.HintSystem

Revision history for this message
Vojtěch Trefný (vojtech.trefny) wrote :

The documentation is a little bit confusing here -- the "HintSystem" property is not about the device access or filesystem permissions, it's about "accessing" UDisks functions using PolicyKit.

See the policies here [1] for mounting filesystems -- "normal" devices can be mounted by a "regular" user (in an active session), but "system" devices require root authentication (similar policies exist for unlocking encrypted devices, ejecting drives etc.)

[1] https://github.com/storaged-project/udisks/blob/master/data/org.freedesktop.UDisks2.policy.in#L15

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.