AC_HAVE_HDIO_GETGEO
AC_CONFIG_SYSTEMD_SYSTEM_UNIT_DIR
AC_CONFIG_CROND_DIR
+AC_CONFIG_UDEV_RULE_DIR
if test "$enable_blkid" = yes; then
AC_HAVE_BLKID_TOPO
SYSTEMD_SYSTEM_UNIT_DIR = @systemd_system_unit_dir@
HAVE_CROND = @have_crond@
CROND_DIR = @crond_dir@
+HAVE_UDEV = @have_udev@
+UDEV_RULE_DIR = @udev_rule_dir@
HAVE_LIBURCU_ATOMIC64 = @have_liburcu_atomic64@
GCCFLAGS = -funsigned-char -fno-strict-aliasing -Wall
AC_SUBST(have_crond)
AC_SUBST(crond_dir)
])
+
+#
+# Figure out where to put udev rule files
+#
+AC_DEFUN([AC_CONFIG_UDEV_RULE_DIR],
+[
+ AC_REQUIRE([PKG_PROG_PKG_CONFIG])
+ AC_ARG_WITH([udev_rule_dir],
+ [AS_HELP_STRING([--with-udev-rule-dir@<:@=DIR@:>@],
+ [Install udev rules into DIR.])],
+ [],
+ [with_udev_rule_dir=yes])
+ AS_IF([test "x${with_udev_rule_dir}" != "xno"],
+ [
+ AS_IF([test "x${with_udev_rule_dir}" = "xyes"],
+ [
+ PKG_CHECK_MODULES([udev], [udev],
+ [
+ with_udev_rule_dir="$($PKG_CONFIG --variable=udev_dir udev)/rules.d"
+ ], [
+ with_udev_rule_dir=""
+ ])
+ m4_pattern_allow([^PKG_(MAJOR|MINOR|BUILD|REVISION)$])
+ ])
+ AC_MSG_CHECKING([for udev rule dir])
+ udev_rule_dir="${with_udev_rule_dir}"
+ AS_IF([test -n "${udev_rule_dir}"],
+ [
+ AC_MSG_RESULT(${udev_rule_dir})
+ have_udev="yes"
+ ],
+ [
+ AC_MSG_RESULT(no)
+ have_udev="no"
+ ])
+ ],
+ [
+ have_udev="disabled"
+ ])
+ AC_SUBST(have_udev)
+ AC_SUBST(udev_rule_dir)
+])
endif # scrub_prereqs
+UDEV_RULES = xfs.rules
+ifeq ($(HAVE_UDEV),yes)
+ INSTALL_SCRUB += install-udev
+endif
+
HFILES = \
common.h \
counter.h \
$(LTINSTALL) -m 755 $(LTCOMMAND) $(PKG_SBIN_DIR)
$(INSTALL) -m 755 $(XFS_SCRUB_ALL_PROG) $(PKG_SBIN_DIR)
+install-udev: $(UDEV_RULES)
+ $(INSTALL) -m 755 -d $(UDEV_RULE_DIR)
+ for i in $(UDEV_RULES); do \
+ $(INSTALL) -m 644 $$i $(UDEV_RULE_DIR)/64-$$i; \
+ done
+
install-dev:
-include .dep
--- /dev/null
+# SPDX-License-Identifier: GPL-2.0-or-later
+#
+# Copyright (C) 2023 Oracle. All rights reserved.
+# Author: Darrick J. Wong <djwong@kernel.org>
+#
+# Don't let udisks automount XFS filesystems without even asking a user.
+# This doesn't eliminate filesystems as an attack surface; it only prevents
+# evil maid attacks when all sessions are locked.
+#
+# According to http://storaged.org/doc/udisks2-api/latest/udisks.8.html,
+# supplying UDISKS_AUTO=0 here changes the HintAuto property of the block
+# device abstraction to mean "do not automatically start" (e.g. mount).
+SUBSYSTEM=="block", ENV{ID_FS_TYPE}=="xfs|xfs_external_log", ENV{UDISKS_AUTO}="0"