diff options
author | Maxim Cournoyer <maxim.cournoyer@gmail.com> | 2020-09-24 15:30:18 -0400 |
---|---|---|
committer | Maxim Cournoyer <maxim.cournoyer@gmail.com> | 2020-10-01 15:47:55 -0400 |
commit | d40c9f6c85575a1abb3dac14679926e9e3bb59ca (patch) | |
tree | 48eb7a0750f09aedb331f4d2f5e647b42db885f5 | |
parent | c5cf45e9068e4c1f97f7357a3c051b2ad19f5e25 (diff) | |
download | guix-d40c9f6c85575a1abb3dac14679926e9e3bb59ca.tar guix-d40c9f6c85575a1abb3dac14679926e9e3bb59ca.tar.gz |
services: %desktop-services: Setuid root NTFS and NFS mount helpers.
Fixes <https://issues.guix.info/39670>.
Combined with commit def6e2ae46, this allows unprivileged users to mount file
systems marked with the "user" option. It adds less than 4 MiB to the closure
of the lightweight-desktop.tmpl operating system template.
* gnu/services/desktop.scm (%desktop-services): Extend the
setuid-program-service-type service with the 'mount.nfs' and 'mount.nfs-3g'
programs.
Reported-by: Nathan Dehnel <ncdehnel@gmail.com>
-rw-r--r-- | gnu/services/desktop.scm | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm index 96bacf1cff..3a3fd8fd1b 100644 --- a/gnu/services/desktop.scm +++ b/gnu/services/desktop.scm @@ -3,7 +3,7 @@ ;;; Copyright © 2015 Andy Wingo <wingo@igalia.com> ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2016 Sou Bunnbu <iyzsong@gmail.com> -;;; Copyright © 2017 Maxim Cournoyer <maxim.cournoyer@gmail.com> +;;; Copyright © 2017, 2020 Maxim Cournoyer <maxim.cournoyer@gmail.com> ;;; Copyright © 2017 Nikita <nikita@n0.is> ;;; Copyright © 2018, 2020 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net> @@ -54,6 +54,7 @@ #:use-module (gnu packages linux) #:use-module (gnu packages libusb) #:use-module (gnu packages mate) + #:use-module (gnu packages nfs) #:use-module (gnu packages enlightenment) #:use-module (guix deprecation) #:use-module (guix records) @@ -1206,6 +1207,12 @@ or setting its password with passwd."))) ;; perform administrative tasks (similar to "sudo"). polkit-wheel-service + ;; Allow desktop users to also mount NTFS and NFS file systems + ;; without root. + (simple-service 'mount-setuid-helpers setuid-program-service-type + (list (file-append nfs-utils "/sbin/mount.nfs") + (file-append ntfs-3g "/sbin/mount.ntfs-3g"))) + ;; The global fontconfig cache directory can sometimes contain ;; stale entries, possibly referencing fonts that have been GC'd, ;; so mount it read-only. |