Same question as below.
In Torizon, mount points under /media are mounted by root user.
For this reason, files cannot be copied without permission from the Docker container.
It seems that udisks2 mounts, but in Ubuntu it is mounted by the login user.
Why is this?
Best regards.
Hi @developer0916 ,
Are your external drives formatted as FAT32? If that’s the case then your question is answered in the same link you referenced: How to pass environment variables to torizon - #8 by lucas_a.tx
In summary:
FAT32 doesn’t support Linux-like permissions, so the way you mount it determines the permissions you get;
You can solve the issue by changing /etc/fstab detailed in the link above: it will tell TorizonCore to mount your FAT32 drive with user torizon as the owner of the mount point, so you’ll have write permissions outside and inside of a container.
It seems that udisks2 mounts, but in Ubuntu it is mounted by the login user.
Why is this?
I don’t know exactly how Ubuntu works in this case, but I assume that it already has a script or description that mounts FAT32 drives as the current user. Currently TorizonCore doesn’t have something similar, so by default it mounts these type of devices as root.
Hope this helps you.
Best regards,
Lucas Akira
You can solve the issue by changing /etc/fstab detailed in the link >above: it will tell TorizonCore to mount your FAT32 drive with user >torizon as the owner of the mount point, so you’ll have write >permissions outside and inside of a container.
Writing UUIDs in fstab is impractical.
I don’t know exactly how Ubuntu works in this case, but I assume that >it already has a script or description that mounts FAT32 drives as the >current user. Currently TorizonCore doesn’t have something similar, >so by default it mounts these type of devices as root.
I did a lot of research on this subject.
udisks2 defaulty mounts removable media with login user.
Please check below.
http://storaged.org/doc/udisks2-api/2.8.4/udisks.8.html
It seems udisks2 fails to initialize polkit on torizon.
This may be the problem.
torizon@colibri-imx8x-07252375:~$ journalctl -u udisks2
– Logs begin at Fri 2023-02-10 03:38:15 UTC, end at Fri 2023-02-10 03:39:10 UTC. –
Feb 10 03:38:18 localhost systemd[1]: Starting Disk Manager…
Feb 10 03:38:18 localhost udisksd[680]: udisks daemon version 2.9.0 starting
Feb 10 03:38:18 localhost udisksd[680]: Warning: Polkit authority cannot be initialized
Feb 10 03:38:18 localhost systemd[1]: Started Disk Manager.
Feb 10 03:38:18 localhost udisksd[680]: Acquired the name org.freedesktop.UDisks2 on the system message bus
Feb 10 03:38:20 colibri-imx8x-07252375 udisksd[680]: Mounted /dev/mmcblk1p1 at /media/21CA-DB43 on behalf of uid 0
I get the error even when I manually mount it.
This doesn’t happen on ubuntu.
torizon@colibri-imx8x-07252375:~$ sudo umount /media/21CA-DB43/
torizon@colibri-imx8x-07252375:~$ sudo udisksctl mount -b /dev/mmcblk1p1 -o uid=1000
Error mounting /dev/mmcblk1p1: GDBus.Error:org.freedesktop.UDisks2.Error.OptionNotPermitted: Mount option `uid=1000’ is not allowed
Best regards.
There is a workaround.
sudo mount -o remount,rw /usr/
sudo vi /usr/bin/usermount-mounter
udisksctl mount -b /dev/$dev 2>/dev/null || true
→
udisksctl mount -o umask=000 -b /dev/$dev 2>/dev/null || true
However, it is strange that it cannot be mounted by the logged-in user.
Only the root user can write to the SD card, which means the program cannot run with user privileges.
I think this should be fixed.
Torizon has a fix to exclude polkitd with “polkit_%.bbappend”.
Why is this?
Best regards.
Hi @developer0916 ,
Glad you were able to find a workaround.
Torizon has a fix to exclude polkitd with “polkit_%.bbappend”.
Why is this?
Right, so I contacted the team internally about this and Polkit is disabled on TorizonCore because some of its dependencies would increase the image size.
Writing UUIDs in fstab is impractical.
One other possible workaround would be to create a udev rule that sets the correct permissions for the SD card. Would that be suitable for your use case?
Best regards,
Lucas Akira
One other possible workaround would be to create a udev rule that sets the correct >permissions for the SD card. Would that be suitable for your use case?
Maybe udisks2 requires polkit to mount as user privileges. User privileges are denied and the mount is done as root user.
I don’t know how large the package size will be, but Torizon uses Docker, which is very resource intensive.
Would the increase in package size due to polkit have an impact?
Best regards.
Hi @developer0916 ,
Maybe udisks2 requires polkit to mount as user privileges. User privileges are denied and the mount is done as root user.
I would assume that’s the case, yes.
I don’t know how large the package size will be, but Torizon uses Docker, which is very resource intensive.
Would the increase in package size due to polkit have an impact?
Not sure that the increase in size would have a performance impact, but we usually try to keep our images as lean as we can. The decision to disable Polkit in TorizonCore was done a few years ago, so it could eventually be re-examined, but it’s not a priority for the team right now, so I’m afraid this won’t happen in the near future.
Would creating a udev rule for the USB flash drives be an alternative solution? These links might have some more details on how to do it:
Best regards,
Lucas Akira
LinuxBSP mounts by script, so this method can be used.
If Torizon BSP uses udisks2, the permission is determined by pokit, not by permissions. udisks2 cannot be mounted by a user in this way.
We are only asking because we don’t know why polkit is not used.
If there is no reason, we suggest that it should be changed in the future.
Best regards.
Hi @developer0916 ,
We are only asking because we don’t know why polkit is not used.
If there is no reason, we suggest that it should be changed in the future.
Sure, I’ll pass your suggestion to the TorizonCore team. Thanks for the feedback!
Best regards,
Lucas Akira