Hal-storage questions: default mount options

Wed Jan 31 17:11:40 PST 2007

On Tue, 2007-01-23 at 11:58 +0300, Alexander Gerasiov wrote:
> Hello there.
> 
> I've found that KDE have some problems with mounting devices via HAL.
> http://bugs.kde.org/show_bug.cgi?id=133456
> 
> KDE just gets volume.mount.valid_options and tries to use some hardcoded
> options which are valid.
> 
> But there are volume.policy.mount_option.* which are ignored.
> pmount-hal use them and mount right. It uses
> libhal_drive_policy_get_mount_options() from libhal-storage, but in the
> header i found LIBHAL_DEPRECATED after it =\
> 
> From the other side I see no fuction in HAL API which means
> get_all_properties_whos_name_starts_from("volume.policy.mount_option")

The volume.policy.* and storage.policy.* properties was removed long
ago...

> 
> So I have some questions:
> 1st. Does HAL policies supposed to setup mount options based on some
> conditions?
> 2nd. Is "volume.policy.mount_option" the right place for setup them?
> 3d. Who should insert that mountoptions into used mountoptions? HAL or
> applications which uses HAL.
> 4th. If application should setup that options, what is the right way to
> get volume.policy.mount_option.*?

It's a bit difficult to answer these questions separately because they
assume that volume.policy.* is used. Basically it's like this: On the
volume you wish to mount, there's a strlist property called 

 volume.mount.valid_options

that describes what mount options that the Mount() method on that device
object will accept. Example

   volume.mount.valid_options = {'ro', 'sync', 'dirsync', 'noatime',
                                 'nodiratime', 'noexec', 'quiet',
                                 'remount', 'exec', 'uid=', 'gid=',
                                 'umask=', 'locale='} (string list)

If one of the options in that strlist ends with '=' it means you can
pass anything after the '=' symbol. If one of the options is of the form
'foo=bar' it means you can only pass 'foo=bar'. Also note that the
'uid=' is handled specially; it only allows you to pass uid=XYZ if, and
only if, the caller has user id XYZ.

We have all this in place to avoid privilege escalation.

Also, by default, some default (sane) mount options are prepended. On
Linux that is noexec, nosuid, nodev. On Solaris, FreeBSD. Note that
since 'exec' is allowed you can pass 'exec' and it will nullify the
'noexec' that is set by default.

Note that volume.mount.valid_options can and will vary with the volume
dependent on file system, where the device is connected, local system
configuration and so forth.

This API makes it possible to make all mount options originate from the
desktop session. In gnome-mount e.g. I have this (terrible) dialog for
setting mount options

 http://people.freedesktop.org/~david/gm-prop/gm-prop1.png
 http://people.freedesktop.org/~david/gm-prop/gm-prop2.png

which is stored in the GNOME configuration system GConf. While the UI
surely can be improved in these crappy dialogs they get the job done.

Hope this clarifies.

      David