diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2 index 8263bde1f..e77092fce 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library.j2 +++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2 @@ -8,39 +8,49 @@ # # # by Tim Moody tim@timmoody.com +# Jerry Vonau jvonau3@gmail.com +# +# exported from usbmount +# UM_DEVICE="/$DEVNAME" +# UM_MOUNTPOINT="$mountpoint" +# UM_FILESYSTEM="$fstype" +# UM_MOUNTOPTIONS="$options" +# UM_VENDOR="$vendor" +# UM_MODEL="$model" +# UM_MOUNTPOINT is documented at: https://github.com/rbrito/usbmount#hook-scripts # Better to set this in /etc/usbmount/usbmount.conf # VERBOSE=yes -# UM_MOUNTPOINT is documented at: https://github.com/rbrito/usbmount#hook-scripts UM_DEV=$(findmnt -no source $UM_MOUNTPOINT) # 2022-06-16 better security thanks to @tim-moody and @jvonau: # https://github.com/iiab/iiab/pull/3254 LIB_DEV=$(findmnt -no source /library | cut -d '[' -f 1) -ROOT_DEV=$(findmnt -no source /) -BOOT_DEV=$(findmnt -no source /boot) -BOOTFW_DEV=$(findmnt -no source /boot/firmware) +# excluded from mounting in usbmount +#ROOT_DEV=$(findmnt -no source /) +#BOOT_DEV=$(findmnt -no source /boot) +#BOOTFW_DEV=$(findmnt -no source /boot/firmware) # Verbose logging to illuminate occasional boot bugginess: logger -t "usb_lib (70-usb-library)" "UM_DEV is: $UM_DEV" logger -t "usb_lib (70-usb-library)" "LIB_DEV is: $LIB_DEV" -logger -t "usb_lib (70-usb-library)" "ROOT_DEV is: $ROOT_DEV" -logger -t "usb_lib (70-usb-library)" "BOOT_DEV is: $BOOT_DEV" -logger -t "usb_lib (70-usb-library)" "BOOTFW_DEV is: $BOOTFW_DEV" +#logger -t "usb_lib (70-usb-library)" "ROOT_DEV is: $ROOT_DEV" +#logger -t "usb_lib (70-usb-library)" "BOOT_DEV is: $BOOT_DEV" +#logger -t "usb_lib (70-usb-library)" "BOOTFW_DEV is: $BOOTFW_DEV" if [ "$UM_DEV" == "$LIB_DEV" ]; then logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing /library" exit 1 -elif [ "$UM_DEV" == "$ROOT_DEV" ]; then - logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing rootfs" - exit 1 -elif [ "$UM_DEV" == "$BOOT_DEV" ]; then - logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing /boot" - exit 1 -elif [ "$UM_DEV" == "$BOOTFW_DEV" ]; then - logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing /boot/firmware" - exit 1 +#elif [ "$UM_DEV" == "$ROOT_DEV" ]; then +# logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing rootfs" +# exit 1 +#elif [ "$UM_DEV" == "$BOOT_DEV" ]; then +# logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing /boot" +# exit 1 +#elif [ "$UM_DEV" == "$BOOTFW_DEV" ]; then +# logger -t "usb_lib (70-usb-library)" "Skipping $UM_MOUNTPOINT containing /boot/firmware" +# exit 1 fi # 2025-01-25: Check for existence of folder PUBLIC on USB stick: if found, the stick will not be completely browsable.