Comment 11 for bug 1153781

(In reply to comment #2)
> If you look at the FSMountOptions structure
>
> http://cgit.freedesktop.org/udisks/tree/src/device.c?id=1.0.2#n5843
>
> then there are two arrays: defaults and allow. I think it would make sense to
> control both on a per-device basis via udev via, say. UDISKS_MOUNT_OPTIONS and
> UDISKS_MOUNT_OPTIONS_ALLOW. The former would be appended to the existing mount
> options (as you suggest) and the latter would be replacing it (to allow
> complete lockdown).

So I have implemented the UDISKS_MOUNT_OPTIONS_ALLOW which replaces the allow[] array set in the various FSMountOptions predefined structures (depending on the filesystem type), but then I am facing a problem because if the mount options defined in the defaults[] array are not listed in the allow[] one, then the mount is denied ("Mount option is not allowed").

For example, vfat_defaults[] lists the option "showexec". imagine a sysadmin does not want that option to be allowed, (s)he would not list that option in UDISKS_MOUNT_OPTIONS_ALLOW but then all devices using vfat will be denied the right to be mounted (which is not what most people want, I guess most people would want to use only the elements in the intersection of the two sets, {defaults[] ∪ mount_options[]} ∩ allow[] if that makes any sense :)

So I'll probably propose the two patches, yet I believe UDISKS_MOUNT_OPTIONS_ALLOW would be used to filter out the options that a sysamin does not want to be used (ie if not listed in UDISKS_MOUNT_OPTIONS_ALLOW, it is not passed to mount, rather than not allowing the mount).

> Regarding the patch: I don't think we need to expose this a D-Bus property.

Oops, sorry I can't find where it is exposed via D-Bus.