GNOME Bugzilla – Bug 562581
gvfs should unmount disks when session ends
Last modified: 2018-09-21 16:31:45 UTC
At the moment, when you log out of GNOME, it seems the disks that you mounted via gvfs stay mounted. This is potentially an issue for a few reasons: + the user might assume it's safe to unplug a disk + another user in a new session might want to mount the disk himself, to get the right permissions + it's better to be paranoid ;-) I'm not quite sure how this should be done, but I think having the hal volume monitor unmount stuff it mounted when it exits is a good approximation of the right thing to do. Any opinion on this?
I agree with the sentiment that any system-wide actions done by the user (such as mounting disks [1]) should be cleaned up when an user session ends. There's also security implications (such as Denial Of Service) by this not currently happening. But I don't think the hal volume monitor is the right place; it's a session process so it can be killed by anything in the session; heck the whole session might be killed without any chance to run hooks. I think the right place for this is on the system level. The mechanism used by GVfs (currently HAL, going to be DeviceKit-disks in the future), should be able to run code when the session ends. This should be easy to implement as ConsoleKit emits a signal on D-Bus when this happens. I'll look into this when doing the HAL -> DeviceKit-disks migration in GVfs in the Spring (the GNOME release following the upcoming one). I'll keep this bug open till then... (FWIW, this is something both I and the ConsoleKit maintained (Jon McCann) been wanting implement too for some time but been busy fixing the infrastructure layers to make it possible to do in a secure way...) [1] : and also a bunch of other things; e.g. tear down VPN connections etc.
(In reply to comment #1) > But I don't think the hal volume monitor is the right place; it's a session > process so it can be killed by anything in the session; heck the whole session > might be killed without any chance to run hooks. > > I think the right place for this is on the system level. The mechanism used by > GVfs (currently HAL, going to be DeviceKit-disks in the future), should be able > to run code when the session ends. This should be easy to implement as > ConsoleKit emits a signal on D-Bus when this happens. We're having some discussion about this in openSUSE, and we don't have any agreement if it should be done at the session level or system level. Or both (session level first, and system level as an enforcement). FWIW, my opinion is that it's easier (and it makes sense) to do it once, at the system level. However, it's also somewhat logical that the session should do it since, well, it mounted the disk in the first time, so it should clean up things before quitting. Do you feel strong about this being done at the system level only?
Changing component to udisks2 volume monitor, because hal volume monitor is obsolete currently and this issue seems to be valid also for udisks2 volume monitor... gnome-shell is responsible for automounting, maybe it should also unmount/stop them... see similar bug 535609 about stopping.
-- GitLab Migration Automatic Message -- This bug has been migrated to GNOME's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/gvfs/issues/74.