Bug 793994 – GUnixVolumeMonitor doesn’t show user mounts when run as root

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 793994 - GUnixVolumeMonitor doesn’t show user mounts when run as root


Summary:	GUnixVolumeMonitor doesn’t show user mounts when run as root


Status:	RESOLVED FIXED

Product:	glib
Classification:	Platform
Component:	gio
Version:	2.55.x
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	gtkdev
QA Contact:	gtkdev

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2018-03-02 16:33 UTC by Philip Withnall
Modified:	2018-03-13 13:00 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
gunixmounts: Allow root to display mounts under /run/media/$username (2.69 KB, patch) 2018-03-02 16:42 UTC, Philip Withnall	committed	Details \| Review

Description Philip Withnall 2018-03-02 16:33:06 UTC

If I run a program which calls g_volume_monitor_get_mounts() from a GUnixVolumeMonitor, I get different results if I run it as root or as a normal user.

Turns out that it’s only listing mounts if g_unix_mount_guess_should_display() returns TRUE for them, and that returns different results for the same mount depending on the user: it will only return TRUE for mounts under /run/media/$username/ when run as that user.

That makes sense, except for the case when you’re running as root, because root can access all of those mounts. Specifically, if I have a system service (running as root) which needs to access mounted USB sticks, the USB sticks get automounted in the user’s session somewhere under /run/media/$username. The system service is using GUnixVolumeMonitor because it doesn’t have access to the gvfs-udisks2-volume-monitor process on the session bus (see bug #793993 for more about that).

Patch coming.

Comment 1 Philip Withnall 2018-03-02 16:42:45 UTC

Created attachment 369193 [details] [review]
gunixmounts: Allow root to display mounts under /run/media/$username

Normally, the list of mounts is filtered to exclude mounts in
/run/media/$username where $username is not the current user. However,
root can access all the mounts under /run/media/, regardless of the
username — so there’s no point in filtering out those mounts.

In some cases, filtering them out is harmful. In the case of a system
service which uses GVolumeMonitor, for example, filtering them out means
the service cannot see automounted USB sticks belonging to user
sessions.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Comment 2 Colin Walters 2018-03-02 18:58:55 UTC

Review of attachment 369193 [details] [review]:

::: gio/gunixmounts.c
@@ +2689,3 @@
   if (mount_path != NULL)
     {
+      uid_t uid = getuid ();

I would personally have spelled this as:
const gboolean running_as_root = getuid () == 0;
...
if (running_as_root)

but it's a personal preference around trying to make
conditionals a bit more English like.  Looks fine to me as is too!

Comment 3 Matthew Leeds 2018-03-05 07:06:21 UTC

The patch LGTM too, and I can also confirm it has the intended effect (`ostree find-remotes --finders=mount ...` works with the patched glib).

Comment 4 Philip Withnall 2018-03-13 13:00:43 UTC

I made the suggested change and pushed to master. I won't backport to glib-2-56 as I think the behaviour change is a bit risky for a stable branch. Thanks for the reviews! :-)

Attachment 369193 [details] pushed as c672fcc - gunixmounts: Allow root to display mounts under /run/media/$username