mount_tomb: make use of ACL in a specific location

Namely /run/media/$USER, which was introduced as a replacement for the classic /media. Main motiviation being, that $USER_B shouldn't get access to or information about mounted devices from $USER_A. The mount point itself is owned by root, therefore one needs currently to know the name of the mountpoint to change to the location. Other tools for mounting media like udisksctl set ACL to allow the owner to use it normally (autocompletion and such). Fixes dyne#461
Narrat · Aug 8, 2024 · 5fcbea1 · 5fcbea1
1 parent 75aafc0
commit 5fcbea1
Showing 1 changed file with 15 additions and 1 deletion.
diff --git a/tomb b/tomb
@@ -65,6 +65,7 @@ typeset -i SPHINX=1
 typeset -i RESIZER=1
 typeset -i RECOLL=1
 typeset -i QRENCODE=1
+typeset -i ACL=1
 
 # Default mount options
 typeset		 MOUNTOPTS="rw,noatime,nodev"
@@ -989,7 +990,7 @@ function _print() {
 _list_optional_tools() {
 	typeset -a _deps
 	_deps=(gettext dcfldd shred steghide)
-	_deps+=(resize2fs tomb-kdb-pbkdf2 argon2 qrencode recoll unoconv lsof)
+	_deps+=(resize2fs tomb-kdb-pbkdf2 argon2 qrencode recoll unoconv lsof setfacl)
 	for d in $_deps; do
 		_print "`which $d`"
 	done
@@ -1054,6 +1055,8 @@ _ensure_dependencies() {
 	command -v recoll 1>/dev/null 2>/dev/null || RECOLL=0
 	# Check for QREncode for paper backups of keys
 	command -v qrencode 1>/dev/null 2>/dev/null || QRENCODE=0
+	# Check for acl/setfacl for setting ACL at the mount location
+	command -v setfacl 1>/dev/null 2>/dev/null || ACL=0
 }
 
 # }}} - Commandline interaction
@@ -2400,6 +2403,10 @@ _detect_filesystem() {
 mount_tomb() {
 	[[ -n "$1" ]] || _failure "No tomb name specified for opening."
 
+	# only on /run/media/$_USER should the acl be applied to match behaviour
+	# of tools following the notion to mount in that location
+	local runmedia=0
+
 	_message "Commanded to open tomb ::1 tomb name::" $1
 
 	_check_swap
@@ -2415,6 +2422,7 @@ mount_tomb() {
 		tombmount="/media/$TOMBNAME"
 		[[ -d /media ]] || { # no /media found, adopting /run/media/$USER (udisks2 compat)
 			tombmount="/run/media/$_USER/$TOMBNAME"
+			runmedia=1
 		}
 		_message "Mountpoint not specified, using default: ::1 mount point::" "$tombmount"
 	}
@@ -2510,6 +2518,12 @@ mount_tomb() {
 	# we need root from here on
 	_sudo mkdir -p "$tombmount"
 
+	# set ACL on /run/media/$_USER/ which is a tmpfs nowadays,
+	# so no check for support necessary as it doesn't know acl/noacl mount options
+	[[ $ACL == 1 ]] && [[ runmedia -eq 1 ]] && {
+		_sudo setfacl -m u:"$_USER":rwx "/run/media/$_USER"
+	}
+
 	# Default mount options are overridden with the -o switch
 	{ option_is_set -o } && {
 		local oldmountopts=$MOUNTOPTS