diff options
author | David Zeuthen <davidz@redhat.com> | 2009-12-08 14:33:43 -0500 |
---|---|---|
committer | David Zeuthen <davidz@redhat.com> | 2009-12-08 14:37:14 -0500 |
commit | a342316cb7b9d236ff3063d7b24b7b04c61a379e (patch) | |
tree | ddc6638effb2c95977a8fedd7a69d7cab0ce69ff /monitor | |
parent | 9d815258f5d0e11a36e2b73adc7e6e7129329ca2 (diff) | |
download | gvfs-a342316cb7b9d236ff3063d7b24b7b04c61a379e.tar.gz |
[gdu] Be more careful with automounting - use a whitelist
The current behavior is that we try to automount all filesystems. This
has unintended consequences for big iron boxes connected to a SAN when
the user is logging in as root (thus having all polkit authorizations
at hand) - literally hundreds or thousands of devices may get mounted.
As such, only automount filesystems from the current whitelist
- anything connected via USB or Firewire or SDIO buses
- optical discs
Signed-off-by: David Zeuthen <davidz@redhat.com>
Diffstat (limited to 'monitor')
-rw-r--r-- | monitor/gdu/ggduvolume.c | 51 |
1 files changed, 47 insertions, 4 deletions
diff --git a/monitor/gdu/ggduvolume.c b/monitor/gdu/ggduvolume.c index 6e2fcd3b..23f50604 100644 --- a/monitor/gdu/ggduvolume.c +++ b/monitor/gdu/ggduvolume.c @@ -351,13 +351,56 @@ update_volume (GGduVolume *volume) volume->can_mount = TRUE; - /* If a volume (partition) appear _much later_ than when media was insertion it - * can only be because the media was repartitioned. We don't want to automount - * such volumes. + /* Only automount filesystems from drives of known types/interconnects: + * + * - USB + * - Firewire + * - sdio + * - optical discs + * + * The mantra here is "be careful" - we really don't want to + * automount fs'es from all devices in a SAN etc - We REALLY + * need to be CAREFUL here. + * + * Sidebar: Actually, a surprisingly large number of admins like + * to log into GNOME as root (thus having all polkit + * authorizations) and if weren't careful we'd + * automount all mountable devices from the box. See + * the enterprise distro bug trackers for details. */ - volume->should_automount = TRUE; + volume->should_automount = FALSE; if (volume->drive != NULL) { + GduPresentable *drive_presentable; + drive_presentable = g_gdu_drive_get_presentable (volume->drive); + if (drive_presentable != NULL) + { + GduDevice *drive_device; + drive_device = gdu_presentable_get_device (drive_presentable); + if (drive_device != NULL) + { + if (gdu_device_is_drive (drive_device)) + { + const gchar *connection_interface; + + connection_interface = gdu_device_drive_get_connection_interface (drive_device); + + if (g_strcmp0 (connection_interface, "usb") == 0 || + g_strcmp0 (connection_interface, "firewire") == 0 || + g_strcmp0 (connection_interface, "sdio") == 0 || + gdu_device_is_optical_disc (drive_device)) + { + volume->should_automount = TRUE; + } + } + g_object_unref (drive_device); + } + } + + /* If a volume (partition) appear _much later_ than when media was inserted it + * can only be because the media was repartitioned. We don't want to automount + * such volumes. + */ now = time (NULL); if (now - g_gdu_drive_get_time_of_last_media_insertion (volume->drive) > 5) volume->should_automount = FALSE; |