986 – Forces HAL backend to honor HAL mount options

By default, Bugzilla does not search the list of RESOLVED bugs.
You can force it to do so by putting the upper-case word ALL in front of your search query, e.g.: ALL tdelibs
We recommend searching for bugs this way, as you may discover that your bug has already been resolved and fixed in a later release.

Bug 986 - Forces HAL backend to honor HAL mount options

Summary: Forces HAL backend to honor HAL mount options

Status:	RESOLVED FIXED

Alias:	None

Product:	TDE
Classification:	Unclassified
Component:	tdebase (show other bugs)
Version:	3.5.13 [Trinity]
Hardware:	All Linux

Importance:	P5 enhancement
Assignee:	Timothy Pearson

URL:

Depends on:
Blocks:

Reported:	2012-05-03 17:14 CDT by Francois Andriot
Modified:	2012-05-09 13:39 CDT (History)
CC List:	2 users (show)

See Also:
Compiler Version:
TDE Version String:
Application Version:
Application Name:

Attachments
Forces TDE to honor HAL options (2.69 KB, patch) 2012-05-03 17:15 CDT, Francois Andriot	Details \| Diff
kdebase 3.5.13: adds control panel for default mount options (63.23 KB, patch) 2012-05-05 15:43 CDT, Francois Andriot	Details \| Diff
Snapshot of the control panel USB mount options (Fedora 16) (111.00 KB, image/png) 2012-05-07 02:52 CDT, Francois Andriot	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Francois Andriot 2012-05-03 17:14:07 CDT

Okay, I know HAL is obsolete and will be removed someday, but for now, it is used in TDE 3.5.13 and still officially available in professional distros like RHEL 6.

In corporate environment, I need to restrict the user access to removable devices, especially USB sticks. My company's policy is to allow USB sticks ONLY if they are mounted read-only, not read-write.
To do so, we have written a long time ago some HAL policy files (.fdi) which automatically adds the option "ro" to any mount request by the logged-in user. So when he tried to mount the USB key through KDE, it was mounted ro, but this was configured in HAL, not in KDE.

Alas someday, someone in the opensource world decided that the device-mounting poliies should not be handled by a common tool like HAL, but by each desktop environment directly. (I find this idea stupid, because I'd prefer to manage policies in a common way rather than having gnome-specific config for gnome users, and kde-specific ocnfig for kde users ...)

So the feature "polling HAL for mount options" was simply removed from KDE 3.5 . As a result, the mount options specified in HAL are simply ignored in TDE.
The problem is that, the equivalent feature was never written in KDE 3.x because all new KDE features at the time were for KDE 4 ... So we just lost a feature here !!!

I have written the attached patch, which is mostly a copy/paste of the deleted code, updated for TDE 3.5.12/3.5.13 . I confirm this is working with HAL 0.5.14

Comment 1 Francois Andriot 2012-05-03 17:15:03 CDT

Created attachment 597 [details]
Forces TDE to honor HAL options

Comment 2 Darrell 2012-05-04 11:06:00 CDT

Francois, I'm interested in this patch because Slackware still uses HAL (0.5.14). Would you please post a basic test plan for the patch? I don't have any fdi policy files as you describe to test against or what type of scenarios to test.

I don't know how any of this affects the new hardware detection that Tim is working on. Perhaps the two of you should discuss this or start a separate bug report for that support?

Comment 3 Francois Andriot 2012-05-04 11:25:29 CDT

Hello, you can read good documentation on the Arch Wiki:

https://wiki.archlinux.org/index.php/HAL

You can test your distribution with the sample file at chapter "Enable the noatime mount option for removable devices" .

Here is a basic test plan:

1) Create your HAL policy
1.1) Create the file "/etc/hal/fdi/policy/20-noatime-removable.fdi" (the location may vary depending on your distro), with the content shown in the Arch wiki.
1.2) Restarts the HAL daemon.

2) Check the problem
2.1) Plug in your USB stick, mount it with TDE.
2.2) Check the options that were used by TDE to mount the key (cat /proc/mounts). The line corresponding to your key should *NOT* contain the "noatime" flag. This indicates that the HAL configuration was ignored.

3) Correct the problem
3.1) Install patched kdebase.
3.2) logout, login again.
3.3) Mount your USB stick again with TDE.
3.4) Check the options that were used by TDE to mount the key (cat /proc/mounts). The line corresponding to your key should contain the "noatime" flag. This indicates that the HAL configuration was taken into account :)

Comment 4 Darrell 2012-05-04 12:20:27 CDT

Thanks. I have noatime disabled in my fstab. I don't want to undo that. If possible would you please share your USB read-only policy? That would be a good test for my setup.

Also, in your original post, you wrote that this support was removed in 3.5.x. Does that mean using fdi policies was supported in KDE 3.4.x?

Comment 5 Francois Andriot 2012-05-04 15:59:55 CDT

To get "ro" option you just have to change the 2 words "noatime" in the Arch sample file with work "ro", and it will work.

It will look like:
<merge key="volume.policy.mount_option.ro" type="bool">true</merge>

I cannot give you the exact file I use at work; the reason why I have to mount the USB keys as readonly is precisely to avoid that people copy or send files from my company's network outside the local network !

Here is the original KDE bug (from 2006 !) which also contains a sample .fdi file to reproduce the bug.
https://bugs.kde.org/show_bug.cgi?id=133456

Comment 6 Darrell 2012-05-04 17:01:38 CDT

Good enough --- thank you.

Comment 7 Francois Andriot 2012-05-05 15:43:12 CDT

Created attachment 605 [details]
kdebase 3.5.13: adds control panel for default mount options

Hello, in the original KDE bug (see previous posts), someone had written a patch that adds, in KDE control panel, the ability to specify defaults options for mouting removable media, instead of having to specify options for each devices.
I've adapted the patch for TDE 3.5.13.

Comment 8 Darrell 2012-05-06 19:01:29 CDT

I started testing these patches. Here is how the Mount Options looks in KControl:

http://humanreadable.nfshost.com/trinity/build_logs/mount-options.png

Notice the group box is cut off at the bottom. Can we get that fixed?

With the patch the device icon on the desktop now pops up with a check box "Use default mount options."

I have not yet finished testing the other patch with the fdi policy file.

Comment 9 Darrell 2012-05-06 19:39:57 CDT

I tested the HAL fdi policy with a USB flash drive. Seems to work just fine. Without the policy the drive automounts rw and with the policy the drive mounts ro.

I tested with a floppy too, but that did not work. Perhaps the policy I am using only affects other hot pluggable devices.

Tim,

I don't know how this patch affects your latest work with hardware device detection. If there are none then I would like to push to GIT. if you want to test further then I'll wait.

Comment 10 Timothy Pearson 2012-05-06 22:39:35 CDT

(In reply to comment #9)
> I tested the HAL fdi policy with a USB flash drive. Seems to work just fine.
> Without the policy the drive automounts rw and with the policy the drive mounts
> ro.
> 
> I tested with a floppy too, but that did not work. Perhaps the policy I am
> using only affects other hot pluggable devices.
> 
> Tim,
> 
> I don't know how this patch affects your latest work with hardware device
> detection. If there are none then I would like to push to GIT. if you want to
> test further then I'll wait.

Short answer: it doesn't.  Go ahead and push.

Long answer: The alternate TDE HW lib/pmount system does not yet have any way to set mount options of any type.  A separate enhancement request should be opened for this, as HAL is deprecated and may start disappearing "in the wild" shortly as distributions drop it entirely.

Tim

Comment 11 Francois Andriot 2012-05-07 02:52:27 CDT

Created attachment 614 [details]
Snapshot of the control panel USB mount options (Fedora 16)

Hello, the size on the panel is correct on my test machine. Most of the labels are even already translated :)
It looks like your font size is too big to fit in the control panel window.

Comment 12 Darrell 2012-05-07 11:47:01 CDT

Font selection should not influence group box sizing.

I don't have this problem with anything else in Trinity. Even with KControl open to full screen the group box seems hard-coded to a fixed size rather than self-adjusting. Which width/heigth attributes in the ui file do I need to tinker with? Or add?

Comment 13 Darrell 2012-05-07 21:25:43 CDT

I made one change to the patch and the group box completes properly:

AS IS:

--- kdebase/kioslave/media/kcmodule/managermoduleview.ui	(revision 604326)
+++ kdebase/kioslave/media/kcmodule/managermoduleview.ui	(working copy)
@@ -8,10 +8,13 @@
         <rect>
             <x>0</x>
             <y>0</y>
-            <width>600</width>
-            <height>480</height>
+            <width>340</width>
+            <height>476</height>
         </rect>
     </property>
+    <property name="caption">
+        <string>ManagerModuleView</string>
+    </property>
     <vbox>
         <property name="name">
             <cstring>unnamed</cstring>

CHANGED TO:

--- kdebase/kioslave/media/kcmodule/managermoduleview.ui	(revision 604326)
+++ kdebase/kioslave/media/kcmodule/managermoduleview.ui	(working copy)
@@ -12,6 +12,9 @@
             <height>480</height>
         </rect>
     </property>
+    <property name="caption">
+        <string>ManagerModuleView</string>
+    </property>
     <vbox>
         <property name="name">
             <cstring>unnamed</cstring>

Would you test this nominal change and verify everything still displays correctly on your systems?

Thanks!

Comment 14 Francois Andriot 2012-05-08 03:00:51 CDT

Yes it still looks correct (no change for me) after your modification.

Comment 15 Darrell 2012-05-08 13:14:00 CDT

Ok, thanks. I'll push these patches to GIT.

Comment 16 Darrell 2012-05-08 17:00:25 CDT

Patches pushed in GIT hashes c4050cef and 8ecd1080.

This resolves the bug report.

Thank you!

Comment 17 Darrell 2012-05-09 13:39:05 CDT

Francois,

Do you know how to resize a window when a kcontrol module is opened through kcmshell?

When run through kcmshell (Alt-F2, kcmshell media) the new group box is longer than the window and is cut off. There is no scroll bar. Here is a snapshot:

http://humanreadable.nfshost.com/trinity/build_logs/mount-options1.png

The window size is 765,512 and we need to change that to about 765,590.