diff options
author | Vyacheslav Yurkov <v.yurkov@precitec.de> | 2022-05-12 09:35:40 +0200 |
---|---|---|
committer | Khem Raj <raj.khem@gmail.com> | 2022-05-12 09:16:11 -0700 |
commit | d7ff4a77241fc79fc704a0d9d6b414b52f025531 (patch) | |
tree | 709f3a8f0fe4fbf6d073cd8653fd9acc596c56d4 /meta-oe/recipes-extended | |
parent | 8ac08ac7d82c9d53338733cab3cf9201541a939e (diff) | |
download | meta-openembedded-contrib-d7ff4a77241fc79fc704a0d9d6b414b52f025531.tar.gz |
polkit: add udisks2 rule
The rule allows non-priviledged users from plugdev group to
mount/unmount block devices
Signed-off-by: Vyacheslav Yurkov <v.yurkov@precitec.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-oe/recipes-extended')
-rw-r--r-- | meta-oe/recipes-extended/polkit/files/50-org.freedesktop.udiskie.rules | 24 | ||||
-rw-r--r-- | meta-oe/recipes-extended/polkit/polkit-group-rule-udisks2.bb | 17 |
2 files changed, 41 insertions, 0 deletions
diff --git a/meta-oe/recipes-extended/polkit/files/50-org.freedesktop.udiskie.rules b/meta-oe/recipes-extended/polkit/files/50-org.freedesktop.udiskie.rules new file mode 100644 index 0000000000..2ffa4087a8 --- /dev/null +++ b/meta-oe/recipes-extended/polkit/files/50-org.freedesktop.udiskie.rules @@ -0,0 +1,24 @@ +polkit.addRule(function(action, subject) { + var YES = polkit.Result.YES; + var permission = { + // required for udisks1: + "org.freedesktop.udisks.filesystem-mount": YES, + "org.freedesktop.udisks.luks-unlock": YES, + "org.freedesktop.udisks.drive-eject": YES, + "org.freedesktop.udisks.drive-detach": YES, + // required for udisks2: + "org.freedesktop.udisks2.filesystem-mount": YES, + "org.freedesktop.udisks2.encrypted-unlock": YES, + "org.freedesktop.udisks2.eject-media": YES, + "org.freedesktop.udisks2.power-off-drive": YES, + // required for udisks2 if using udiskie from another seat (e.g. systemd): + "org.freedesktop.udisks2.filesystem-mount-other-seat": YES, + "org.freedesktop.udisks2.filesystem-unmount-others": YES, + "org.freedesktop.udisks2.encrypted-unlock-other-seat": YES, + "org.freedesktop.udisks2.eject-media-other-seat": YES, + "org.freedesktop.udisks2.power-off-drive-other-seat": YES + }; + if (subject.isInGroup("plugdev")) { + return permission[action.id]; + } +}); diff --git a/meta-oe/recipes-extended/polkit/polkit-group-rule-udisks2.bb b/meta-oe/recipes-extended/polkit/polkit-group-rule-udisks2.bb new file mode 100644 index 0000000000..ae024d0328 --- /dev/null +++ b/meta-oe/recipes-extended/polkit/polkit-group-rule-udisks2.bb @@ -0,0 +1,17 @@ +DESCRIPTION = "Polkit rule to allow non-priviledged users mount/umount block devices via udisks2" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302" + +require polkit-group-rule.inc + +# The file originates from https://github.com/coldfix/udiskie/wiki/Permissions +SRC_URI = "file://50-org.freedesktop.udiskie.rules" + +RDEPENDS_${PN} += "udisks2" + +do_install() { + install -m 0755 ${WORKDIR}/50-org.freedesktop.udiskie.rules ${D}${sysconfdir}/polkit-1/rules.d +} + +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM:${PN} = "--system plugdev" |