From b56fd7cce6b229bcba2f78175f5aef97892a5440 Mon Sep 17 00:00:00 2001 From: Douglas Teles Date: Tue, 23 Jun 2026 14:22:51 -0300 Subject: [PATCH] Sync sysutils fixes from ROCKNIX systemd: re-enable timedated (was -Dtimedated=false). Drop the post-install safe_remove that nuked /usr/bin/timedatectl so users can finally run timedatectl set-timezone from the shell. Two upstream-equivalent patches accompany the build: 0600 redirects the timedated write target to /var/run/localtime (writable on our read-only rootfs), 0601 makes the timezone reader follow indirect symlinks (matches the /etc -> /storage layout). udevil: pull the cleaned udevil.conf (UFS gate moved from allowed_devices to forbidden_devices, /dev/sd* whitelisted as removable). The udev rule now bails on anything that is not usb-storage. Internal mmc devices were never matched by the prior KERNEL=="sd*|sr*" filter anyway, but this makes the intent explicit and stops misclassified eSATA-like devices. input_sense: grep -line-buffered before the parse loop so only EV_KEY / EV_SW / error-reading lines reach the case statement. evtest output is mostly EV_ABS noise we threw away anyway; this cuts the CPU spent on the dispatch hot path on every controller. Co-Authored-By: Claude Opus 4.7 --- packages/sysutils/systemd/package.mk | 5 +- ...00-timedated-use-run-archr-localtime.patch | 58 +++++++++++++++++++ ...et-timezone-follow-indirect-symlinks.patch | 23 ++++++++ packages/sysutils/udevil/config/udevil.conf | 25 ++++---- .../udevil/udev.d/95-udevil-mount.rules | 12 ++-- .../system-utils/sources/scripts/input_sense | 2 +- .../packages/sysutils/systemd/package.mk | 5 +- ...00-timedated-use-run-archr-localtime.patch | 58 +++++++++++++++++++ ...et-timezone-follow-indirect-symlinks.patch | 23 ++++++++ .../sysutils/udevil/config/udevil.conf | 23 ++++---- .../udevil/udev.d/95-udevil-mount.rules | 3 + 11 files changed, 198 insertions(+), 39 deletions(-) create mode 100644 packages/sysutils/systemd/patches/systemd-0600-timedated-use-run-archr-localtime.patch create mode 100644 packages/sysutils/systemd/patches/systemd-0601-get-timezone-follow-indirect-symlinks.patch create mode 100644 projects/ArchR/packages/sysutils/systemd/patches/systemd-0600-timedated-use-run-archr-localtime.patch create mode 100644 projects/ArchR/packages/sysutils/systemd/patches/systemd-0601-get-timezone-follow-indirect-symlinks.patch diff --git a/packages/sysutils/systemd/package.mk b/packages/sysutils/systemd/package.mk index c2a8824dcc..d04e2d1de8 100644 --- a/packages/sysutils/systemd/package.mk +++ b/packages/sysutils/systemd/package.mk @@ -66,7 +66,7 @@ PKG_MESON_OPTS_TARGET="--libdir=/usr/lib \ -Dnologin-path=/usr/sbin/nologin \ -Dhomed=disabled \ -Dnetworkd=false \ - -Dtimedated=false \ + -Dtimedated=true \ -Dtimesyncd=true \ -Dfirstboot=false \ -Drandomseed=false \ @@ -163,9 +163,6 @@ post_makeinstall_target() { safe_remove ${INSTALL}/usr/bin/systemd-nspawn safe_remove ${INSTALL}/usr/lib/systemd/system/systemd-nspawn@.service - # remove timedatectl - safe_remove ${INSTALL}/usr/bin/timedatectl - # remove unneeded generators for gen in ${INSTALL}/usr/lib/systemd/system-generators/*; do case "${gen}" in diff --git a/packages/sysutils/systemd/patches/systemd-0600-timedated-use-run-archr-localtime.patch b/packages/sysutils/systemd/patches/systemd-0600-timedated-use-run-archr-localtime.patch new file mode 100644 index 0000000000..3f826f5e27 --- /dev/null +++ b/packages/sysutils/systemd/patches/systemd-0600-timedated-use-run-archr-localtime.patch @@ -0,0 +1,58 @@ +--- a/src/timedate/timedated.c ++++ b/src/timedate/timedated.c +@@ -290,34 +290,47 @@ + static int context_write_data_timezone(Context *c) { + _cleanup_free_ char *p = NULL; + const char *source; ++ int r; + + assert(c); + +- /* No timezone is very similar to UTC. Hence in either of these cases link the UTC file in. Except if +- * it isn't installed, in which case we remove the symlink altogether. Since glibc defaults to an +- * internal version of UTC in that case behaviour is mostly equivalent. We still prefer creating the +- * symlink though, since things are more self explanatory then. */ + + if (isempty(c->zone) || streq(c->zone, "UTC")) { + + if (access("/usr/share/zoneinfo/UTC", F_OK) < 0) { + +- if (unlink("/etc/localtime") < 0 && errno != ENOENT) ++ if (unlink("/var/run/localtime") < 0 && errno != ENOENT) + return -errno; + + return 0; + } + +- source = "../usr/share/zoneinfo/UTC"; ++ source = "/usr/share/zoneinfo/UTC"; + } else { +- p = path_join("../usr/share/zoneinfo", c->zone); ++ p = path_join("/usr/share/zoneinfo", c->zone); + if (!p) + return -ENOMEM; + + source = p; + } + +- return symlink_atomic(source, "/etc/localtime"); ++ r = symlink_atomic(source, "/var/run/localtime"); ++ if (r < 0) ++ return r; ++ ++ /* Persist timezone across reboots via /storage/.cache/timezone */ ++ if (!isempty(c->zone)) { ++ _cleanup_free_ char *tz_line = NULL; ++ ++ tz_line = strjoin("TIMEZONE=", c->zone, "\n"); ++ if (tz_line) ++ (void) write_string_file("/storage/.cache/timezone", tz_line, ++ WRITE_STRING_FILE_CREATE | ++ WRITE_STRING_FILE_ATOMIC | ++ WRITE_STRING_FILE_TRUNCATE); ++ } ++ ++ return 0; + } + + static int context_write_data_local_rtc(Context *c) { diff --git a/packages/sysutils/systemd/patches/systemd-0601-get-timezone-follow-indirect-symlinks.patch b/packages/sysutils/systemd/patches/systemd-0601-get-timezone-follow-indirect-symlinks.patch new file mode 100644 index 0000000000..e08377ed78 --- /dev/null +++ b/packages/sysutils/systemd/patches/systemd-0601-get-timezone-follow-indirect-symlinks.patch @@ -0,0 +1,23 @@ +--- a/src/basic/time-util.c ++++ b/src/basic/time-util.c +@@ -1626,8 +1626,18 @@ int get_timezone(char **ret) { + return r; /* returns EINVAL if not a symlink */ + + e = PATH_STARTSWITH_SET(t, "/usr/share/zoneinfo/", "../usr/share/zoneinfo/"); +- if (!e) +- return -EINVAL; ++ if (!e) { ++ char resolved[PATH_MAX + 1]; ++ if (realpath("/etc/localtime", resolved)) { ++ free(t); ++ t = strdup(resolved); ++ if (!t) ++ return -ENOMEM; ++ e = PATH_STARTSWITH_SET(t, "/usr/share/zoneinfo/", "../usr/share/zoneinfo/"); ++ } ++ if (!e) ++ return -EINVAL; ++ } + + if (!timezone_is_valid(e, LOG_DEBUG)) + return -EINVAL; diff --git a/packages/sysutils/udevil/config/udevil.conf b/packages/sysutils/udevil/config/udevil.conf index b185941a2a..fc8516d66d 100644 --- a/packages/sysutils/udevil/config/udevil.conf +++ b/packages/sysutils/udevil/config/udevil.conf @@ -4,7 +4,7 @@ # # This file controls what devices, networks, and files users may mount and # unmount via udevil (set suid). -# +# # IMPORTANT: IT IS POSSIBLE TO CREATE SERIOUS SECURITY PROBLEMS IF THIS FILE # IS MISCONFIGURED - EDIT WITH CARE # @@ -42,7 +42,7 @@ log_keep_days = 10 # Setting allowed_types = * does NOT allow all types, as this is a security # risk, but does allow all recognized types. # allowed_types = $KNOWN_FILESYSTEMS, file, cifs, smbfs, nfs, curlftpfs, ftpfs, sshfs, davfs, tmpfs, ramfs -allowed_types = $KNOWN_FILESYSTEMS, hfsplus, hfs +allowed_types = $KNOWN_FILESYSTEMS, hfsplus, hfs, btrfs # allowed_users is a list of users permitted to mount and unmount with udevil. @@ -108,7 +108,7 @@ allowed_media_dirs = /media, /var/media, /run/media/$USER # or unmount. If a device is not listed in allowed_devices, it cannot be # un/mounted (unless in fstab). However, even if a device is listed, other # factors may prevent its use. For example, access to system internal devices -# will be denied to normal users even if they are included in allowed_devices. +# will be denied to normal users even if they are included in allowed_devices. # allowed_devices_FSTYPE, if present, is used to override allowed_devices when # mounting or unmounting a specific fstype (eg ext3, ntfs). For example, to # prevent all block devices containing an ext4 filesystem from being @@ -133,7 +133,7 @@ allowed_devices = /dev/* # Some removable esata drives look like internal drives to udevil. To avoid # this problem, they can be treated as removable with this setting. # WARNING: SETTING A SYSTEM DEVICE HERE CAN CAUSE SERIOUS SECURITY PROBLEMS. -# allowed_internal_devices = +allowed_internal_devices = /dev/sd* # allowed_internal_uuids and allowed_internal_uuids_FSTYPE work similarly to @@ -141,7 +141,7 @@ allowed_devices = /dev/* # For example, to allow un/mounting of an internal filesystem based on UUID: # allowed_internal_uuids = cc0c4489-8def-1e5b-a304-ab87c3cb626c0 # WARNING: SETTING A SYSTEM DEVICE HERE CAN CAUSE SERIOUS SECURITY PROBLEMS. -# allowed_internal_uuids = +# allowed_internal_uuids = # forbidden_devices is used to prevent block devices from being un/mounted @@ -153,13 +153,13 @@ allowed_devices = /dev/* # forbidden_devices_ntfs = /dev/sdd1 # NOTE: device node paths are canonicalized before being tested, so forbidding # a link to a device will have no effect. -forbidden_devices = +forbidden_devices = /dev/disk/by-path/*ufshc* # allowed_networks determines what hosts may be un/mounted by udevil users when # using nfs, cifs, smbfs, curlftpfs, ftpfs, or sshfs. Hosts may be specified # using a hostname (eg myserver.com) or IP address (192.168.1.100). -# Wildcards may be used in hostnames and IP addresses, but CIDR notation +# Wildcards may be used in hostnames and IP addresses, but CIDR notation # (192.168.1.0/16) is NOT supported. IP v6 is supported. For example: # allowed_networks = 127.0.0.1, 192.168.1.*, 10.0.0.*, localmachine, *.okay.com # Or, to prevent un/mounting of any network shares, set: @@ -178,7 +178,7 @@ allowed_networks = * # NO REVERSE LOOKUP IS PERFORMED, so including bad.com will only have an effect # if the user uses that hostname. IP lookup is always performed, so forbidding # an IP address will also forbid all corresponding hostnames. -forbidden_networks = +forbidden_networks = # allowed_files is used to determine what files in what directories may be @@ -198,7 +198,7 @@ allowed_files = * # for "forbidden_files = *". # NOTE: file paths are canonicalized before being tested, so forbidding # a link to a file will have no effect. -forbidden_files = +forbidden_files = # default_options specifies what options are always included when performing @@ -230,7 +230,7 @@ default_options_ftpfs = nosuid, noexec, nodev, noatime, uid=$UID, gid=$GID default_options_davfs = nosuid, noexec, nodev, uid=$UID, gid=$GID default_options_tmpfs = nosuid, noexec, nodev, noatime, uid=$UID, gid=$GID default_options_ramfs = nosuid, noexec, nodev, noatime, uid=$UID, gid=$GID - +default_options_btrfs = compress=zstd:3 # allowed_options determines all options that a user may specify when mounting. # All the options used in default_options above must be included here too, or @@ -299,7 +299,7 @@ allowed_options_exfat = nosuid, noexec, nodev, noatime, ro, rw, uid=$UID, gi # validate_rootexec works similarly to validate_exec, except that the program # is run as root. validate_rootexec will also be run if the root user runs -# udevil. If both validate_exec and validate_rootexec are specified, +# udevil. If both validate_exec and validate_rootexec are specified, # validate_rootexec will run first, followed by validate_exec. # The program must return an exit status of 0 to allow the mount or unmount # to proceed. If it returns non-zero, the user will be denied permission. @@ -309,7 +309,7 @@ allowed_options_exfat = nosuid, noexec, nodev, noatime, ro, rw, uid=$UID, gi # validate_rootexec = -# success_exec is run after a successful mount, remount, or unmount. The +# success_exec is run after a successful mount, remount, or unmount. The # program is run as a normal user (if root runs udevil, success_exec # will NOT be run). # The program is passed the username, a printable description of what action @@ -329,4 +329,3 @@ allowed_options_exfat = nosuid, noexec, nodev, noatime, ro, rw, uid=$UID, gi # rootexec settings NOT be used, as it is easy to inadvertently open exploits. # THIS PROGRAM IS ALWAYS RUN AS ROOT, even if the user running udevil is not. # success_rootexec = - diff --git a/packages/sysutils/udevil/udev.d/95-udevil-mount.rules b/packages/sysutils/udevil/udev.d/95-udevil-mount.rules index 35f99632fc..5a399014ce 100644 --- a/packages/sysutils/udevil/udev.d/95-udevil-mount.rules +++ b/packages/sysutils/udevil/udev.d/95-udevil-mount.rules @@ -2,15 +2,18 @@ IMPORT{cmdline}="installer" ENV{installer}=="1", GOTO="exit" -# check for blockdevices, /dev/sd*, /dev/sr*, /dev/mmc*, and /dev/nvme* -SUBSYSTEM!="block", KERNEL!="sd*|sr*|mmc*|nvme*", GOTO="exit" +# check for blockdevices, /dev/sd*, /dev/sr* +SUBSYSTEM!="block", KERNEL!="sd*|sr*", GOTO="exit" + +# only allow USB-attached devices +ENV{ID_USB_DRIVER}!="usb-storage", GOTO="exit" # check for special partitions we dont want mount IMPORT{builtin}="blkid" ENV{ID_FS_LABEL}=="EFI|BOOT|Recovery|RECOVERY|SETTINGS|boot|root0|share0", GOTO="exit" -# /dev/sd*, /dev/mmc*, and /dev/nvme* with partitions/disk and filesystems only, and /dev/sr* disks only -KERNEL=="sd*|mmc*|nvme*", ENV{DEVTYPE}=="partition|disk", ENV{ID_FS_USAGE}=="filesystem", GOTO="harddisk" +# /dev/sd* with partitions/disk and filesystems only and /dev/sr* disks only +KERNEL=="sd*", ENV{DEVTYPE}=="partition|disk", ENV{ID_FS_USAGE}=="filesystem", GOTO="harddisk" KERNEL=="sr*", ENV{DEVTYPE}=="disk", GOTO="optical" GOTO="exit" @@ -27,4 +30,3 @@ GOTO="exit" # Exit LABEL="exit" - diff --git a/projects/ArchR/packages/sysutils/system-utils/sources/scripts/input_sense b/projects/ArchR/packages/sysutils/system-utils/sources/scripts/input_sense index 5752d8d27a..e828ed68ea 100755 --- a/projects/ArchR/packages/sysutils/system-utils/sources/scripts/input_sense +++ b/projects/ArchR/packages/sysutils/system-utils/sources/scripts/input_sense @@ -319,7 +319,7 @@ set +e done wait # Wait for all background loops (they never end unless forcibly stopped) -) | while read line; do +) | grep --line-buffered "EV_KEY\|EV_SW\|error reading" | while read line; do # Parse lines from any evtest instance: case ${line} in diff --git a/projects/ArchR/packages/sysutils/systemd/package.mk b/projects/ArchR/packages/sysutils/systemd/package.mk index 74a1d829b8..e55ec0e8a2 100644 --- a/projects/ArchR/packages/sysutils/systemd/package.mk +++ b/projects/ArchR/packages/sysutils/systemd/package.mk @@ -66,7 +66,7 @@ PKG_MESON_OPTS_TARGET="--libdir=/usr/lib \ -Duserdb=false \ -Dhomed=false \ -Dnetworkd=false \ - -Dtimedated=false \ + -Dtimedated=true \ -Dtimesyncd=true \ -Dfirstboot=false \ -Drandomseed=false \ @@ -168,9 +168,6 @@ post_makeinstall_target() { safe_remove ${INSTALL}/usr/bin/systemd-nspawn safe_remove ${INSTALL}/usr/lib/systemd/system/systemd-nspawn@.service - # remove timedatectl - safe_remove ${INSTALL}/usr/bin/timedatectl - # remove unneeded generators for gen in ${INSTALL}/usr/lib/systemd/system-generators/*; do case "${gen}" in diff --git a/projects/ArchR/packages/sysutils/systemd/patches/systemd-0600-timedated-use-run-archr-localtime.patch b/projects/ArchR/packages/sysutils/systemd/patches/systemd-0600-timedated-use-run-archr-localtime.patch new file mode 100644 index 0000000000..3f826f5e27 --- /dev/null +++ b/projects/ArchR/packages/sysutils/systemd/patches/systemd-0600-timedated-use-run-archr-localtime.patch @@ -0,0 +1,58 @@ +--- a/src/timedate/timedated.c ++++ b/src/timedate/timedated.c +@@ -290,34 +290,47 @@ + static int context_write_data_timezone(Context *c) { + _cleanup_free_ char *p = NULL; + const char *source; ++ int r; + + assert(c); + +- /* No timezone is very similar to UTC. Hence in either of these cases link the UTC file in. Except if +- * it isn't installed, in which case we remove the symlink altogether. Since glibc defaults to an +- * internal version of UTC in that case behaviour is mostly equivalent. We still prefer creating the +- * symlink though, since things are more self explanatory then. */ + + if (isempty(c->zone) || streq(c->zone, "UTC")) { + + if (access("/usr/share/zoneinfo/UTC", F_OK) < 0) { + +- if (unlink("/etc/localtime") < 0 && errno != ENOENT) ++ if (unlink("/var/run/localtime") < 0 && errno != ENOENT) + return -errno; + + return 0; + } + +- source = "../usr/share/zoneinfo/UTC"; ++ source = "/usr/share/zoneinfo/UTC"; + } else { +- p = path_join("../usr/share/zoneinfo", c->zone); ++ p = path_join("/usr/share/zoneinfo", c->zone); + if (!p) + return -ENOMEM; + + source = p; + } + +- return symlink_atomic(source, "/etc/localtime"); ++ r = symlink_atomic(source, "/var/run/localtime"); ++ if (r < 0) ++ return r; ++ ++ /* Persist timezone across reboots via /storage/.cache/timezone */ ++ if (!isempty(c->zone)) { ++ _cleanup_free_ char *tz_line = NULL; ++ ++ tz_line = strjoin("TIMEZONE=", c->zone, "\n"); ++ if (tz_line) ++ (void) write_string_file("/storage/.cache/timezone", tz_line, ++ WRITE_STRING_FILE_CREATE | ++ WRITE_STRING_FILE_ATOMIC | ++ WRITE_STRING_FILE_TRUNCATE); ++ } ++ ++ return 0; + } + + static int context_write_data_local_rtc(Context *c) { diff --git a/projects/ArchR/packages/sysutils/systemd/patches/systemd-0601-get-timezone-follow-indirect-symlinks.patch b/projects/ArchR/packages/sysutils/systemd/patches/systemd-0601-get-timezone-follow-indirect-symlinks.patch new file mode 100644 index 0000000000..e08377ed78 --- /dev/null +++ b/projects/ArchR/packages/sysutils/systemd/patches/systemd-0601-get-timezone-follow-indirect-symlinks.patch @@ -0,0 +1,23 @@ +--- a/src/basic/time-util.c ++++ b/src/basic/time-util.c +@@ -1626,8 +1626,18 @@ int get_timezone(char **ret) { + return r; /* returns EINVAL if not a symlink */ + + e = PATH_STARTSWITH_SET(t, "/usr/share/zoneinfo/", "../usr/share/zoneinfo/"); +- if (!e) +- return -EINVAL; ++ if (!e) { ++ char resolved[PATH_MAX + 1]; ++ if (realpath("/etc/localtime", resolved)) { ++ free(t); ++ t = strdup(resolved); ++ if (!t) ++ return -ENOMEM; ++ e = PATH_STARTSWITH_SET(t, "/usr/share/zoneinfo/", "../usr/share/zoneinfo/"); ++ } ++ if (!e) ++ return -EINVAL; ++ } + + if (!timezone_is_valid(e, LOG_DEBUG)) + return -EINVAL; diff --git a/projects/ArchR/packages/sysutils/udevil/config/udevil.conf b/projects/ArchR/packages/sysutils/udevil/config/udevil.conf index 4e02f6bb5b..fc8516d66d 100644 --- a/projects/ArchR/packages/sysutils/udevil/config/udevil.conf +++ b/projects/ArchR/packages/sysutils/udevil/config/udevil.conf @@ -4,7 +4,7 @@ # # This file controls what devices, networks, and files users may mount and # unmount via udevil (set suid). -# +# # IMPORTANT: IT IS POSSIBLE TO CREATE SERIOUS SECURITY PROBLEMS IF THIS FILE # IS MISCONFIGURED - EDIT WITH CARE # @@ -108,7 +108,7 @@ allowed_media_dirs = /media, /var/media, /run/media/$USER # or unmount. If a device is not listed in allowed_devices, it cannot be # un/mounted (unless in fstab). However, even if a device is listed, other # factors may prevent its use. For example, access to system internal devices -# will be denied to normal users even if they are included in allowed_devices. +# will be denied to normal users even if they are included in allowed_devices. # allowed_devices_FSTYPE, if present, is used to override allowed_devices when # mounting or unmounting a specific fstype (eg ext3, ntfs). For example, to # prevent all block devices containing an ext4 filesystem from being @@ -119,7 +119,7 @@ allowed_media_dirs = /media, /var/media, /run/media/$USER # allowed_devices = /dev/* # WARNING: ALLOWING USERS TO MOUNT DEVICES OUTSIDE OF /dev CAN CAUSE SERIOUS # SECURITY PROBLEMS. DO NOT ALLOW DEVICES IN /dev/shm -allowed_devices = /dev/* !*ufshc-scsi* +allowed_devices = /dev/* # allowed_internal_devices causes udevil to treat any listed block devices as @@ -133,7 +133,7 @@ allowed_devices = /dev/* !*ufshc-scsi* # Some removable esata drives look like internal drives to udevil. To avoid # this problem, they can be treated as removable with this setting. # WARNING: SETTING A SYSTEM DEVICE HERE CAN CAUSE SERIOUS SECURITY PROBLEMS. -# allowed_internal_devices = +allowed_internal_devices = /dev/sd* # allowed_internal_uuids and allowed_internal_uuids_FSTYPE work similarly to @@ -141,7 +141,7 @@ allowed_devices = /dev/* !*ufshc-scsi* # For example, to allow un/mounting of an internal filesystem based on UUID: # allowed_internal_uuids = cc0c4489-8def-1e5b-a304-ab87c3cb626c0 # WARNING: SETTING A SYSTEM DEVICE HERE CAN CAUSE SERIOUS SECURITY PROBLEMS. -# allowed_internal_uuids = +# allowed_internal_uuids = # forbidden_devices is used to prevent block devices from being un/mounted @@ -153,13 +153,13 @@ allowed_devices = /dev/* !*ufshc-scsi* # forbidden_devices_ntfs = /dev/sdd1 # NOTE: device node paths are canonicalized before being tested, so forbidding # a link to a device will have no effect. -forbidden_devices = +forbidden_devices = /dev/disk/by-path/*ufshc* # allowed_networks determines what hosts may be un/mounted by udevil users when # using nfs, cifs, smbfs, curlftpfs, ftpfs, or sshfs. Hosts may be specified # using a hostname (eg myserver.com) or IP address (192.168.1.100). -# Wildcards may be used in hostnames and IP addresses, but CIDR notation +# Wildcards may be used in hostnames and IP addresses, but CIDR notation # (192.168.1.0/16) is NOT supported. IP v6 is supported. For example: # allowed_networks = 127.0.0.1, 192.168.1.*, 10.0.0.*, localmachine, *.okay.com # Or, to prevent un/mounting of any network shares, set: @@ -178,7 +178,7 @@ allowed_networks = * # NO REVERSE LOOKUP IS PERFORMED, so including bad.com will only have an effect # if the user uses that hostname. IP lookup is always performed, so forbidding # an IP address will also forbid all corresponding hostnames. -forbidden_networks = +forbidden_networks = # allowed_files is used to determine what files in what directories may be @@ -198,7 +198,7 @@ allowed_files = * # for "forbidden_files = *". # NOTE: file paths are canonicalized before being tested, so forbidding # a link to a file will have no effect. -forbidden_files = +forbidden_files = # default_options specifies what options are always included when performing @@ -299,7 +299,7 @@ allowed_options_exfat = nosuid, noexec, nodev, noatime, ro, rw, uid=$UID, gi # validate_rootexec works similarly to validate_exec, except that the program # is run as root. validate_rootexec will also be run if the root user runs -# udevil. If both validate_exec and validate_rootexec are specified, +# udevil. If both validate_exec and validate_rootexec are specified, # validate_rootexec will run first, followed by validate_exec. # The program must return an exit status of 0 to allow the mount or unmount # to proceed. If it returns non-zero, the user will be denied permission. @@ -309,7 +309,7 @@ allowed_options_exfat = nosuid, noexec, nodev, noatime, ro, rw, uid=$UID, gi # validate_rootexec = -# success_exec is run after a successful mount, remount, or unmount. The +# success_exec is run after a successful mount, remount, or unmount. The # program is run as a normal user (if root runs udevil, success_exec # will NOT be run). # The program is passed the username, a printable description of what action @@ -329,4 +329,3 @@ allowed_options_exfat = nosuid, noexec, nodev, noatime, ro, rw, uid=$UID, gi # rootexec settings NOT be used, as it is easy to inadvertently open exploits. # THIS PROGRAM IS ALWAYS RUN AS ROOT, even if the user running udevil is not. # success_rootexec = - diff --git a/projects/ArchR/packages/sysutils/udevil/udev.d/95-udevil-mount.rules b/projects/ArchR/packages/sysutils/udevil/udev.d/95-udevil-mount.rules index c1a1704056..5a399014ce 100644 --- a/projects/ArchR/packages/sysutils/udevil/udev.d/95-udevil-mount.rules +++ b/projects/ArchR/packages/sysutils/udevil/udev.d/95-udevil-mount.rules @@ -5,6 +5,9 @@ ENV{installer}=="1", GOTO="exit" # check for blockdevices, /dev/sd*, /dev/sr* SUBSYSTEM!="block", KERNEL!="sd*|sr*", GOTO="exit" +# only allow USB-attached devices +ENV{ID_USB_DRIVER}!="usb-storage", GOTO="exit" + # check for special partitions we dont want mount IMPORT{builtin}="blkid" ENV{ID_FS_LABEL}=="EFI|BOOT|Recovery|RECOVERY|SETTINGS|boot|root0|share0", GOTO="exit"