From d40c9f6c85575a1abb3dac14679926e9e3bb59ca Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Thu, 24 Sep 2020 15:30:18 -0400 Subject: services: %desktop-services: Setuid root NTFS and NFS mount helpers. Fixes . Combined with commit def6e2ae46, this allows unprivileged users to mount file systems marked with the "user" option. It adds less than 4 MiB to the closure of the lightweight-desktop.tmpl operating system template. * gnu/services/desktop.scm (%desktop-services): Extend the setuid-program-service-type service with the 'mount.nfs' and 'mount.nfs-3g' programs. Reported-by: Nathan Dehnel --- gnu/services/desktop.scm | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'gnu/services') diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm index 96bacf1cff..3a3fd8fd1b 100644 --- a/gnu/services/desktop.scm +++ b/gnu/services/desktop.scm @@ -3,7 +3,7 @@ ;;; Copyright © 2015 Andy Wingo ;;; Copyright © 2015 Mark H Weaver ;;; Copyright © 2016 Sou Bunnbu -;;; Copyright © 2017 Maxim Cournoyer +;;; Copyright © 2017, 2020 Maxim Cournoyer ;;; Copyright © 2017 Nikita ;;; Copyright © 2018, 2020 Efraim Flashner ;;; Copyright © 2018 Ricardo Wurmus @@ -54,6 +54,7 @@ (define-module (gnu services desktop) #:use-module (gnu packages linux) #:use-module (gnu packages libusb) #:use-module (gnu packages mate) + #:use-module (gnu packages nfs) #:use-module (gnu packages enlightenment) #:use-module (guix deprecation) #:use-module (guix records) @@ -1206,6 +1207,12 @@ (define %desktop-services ;; perform administrative tasks (similar to "sudo"). polkit-wheel-service + ;; Allow desktop users to also mount NTFS and NFS file systems + ;; without root. + (simple-service 'mount-setuid-helpers setuid-program-service-type + (list (file-append nfs-utils "/sbin/mount.nfs") + (file-append ntfs-3g "/sbin/mount.ntfs-3g"))) + ;; The global fontconfig cache directory can sometimes contain ;; stale entries, possibly referencing fonts that have been GC'd, ;; so mount it read-only. -- cgit v1.2.3