do not automatically mount unmaintained file systems

[mbiebl]

Hi,

there is this downstream discussion which you might be interested in and for which I'd appreciate your feedback as upstream.
In that issue, it is requested that udisks (downstream) ships this udev rule /usr/lib/udev/rules.d/75-insecure-fs.rules:

# Do not automatically mount these file systems because their drivers are
# marked as "orphan" or "odd fixes" in the kernel MAINTAINERS file and so
# are more at risk of having security-sensitive defects which could be
# exploited by a crafted file system.
SUBSYSTEM!="block", GOTO="udisks_insecure_fs_end"

ENV{ID_FS_TYPE}=="affs", ENV{UDISKS_AUTO}="0"
ENV{ID_FS_TYPE}=="ecryptfs", ENV{UDISKS_AUTO}="0"
ENV{ID_FS_TYPE}=="efs", ENV{UDISKS_AUTO}="0"
ENV{ID_FS_TYPE}=="hfs", ENV{UDISKS_AUTO}="0"
ENV{ID_FS_TYPE}=="hfsplus", ENV{UDISKS_AUTO}="0"
ENV{ID_FS_TYPE}=="jffs2", ENV{UDISKS_AUTO}="0"
ENV{ID_FS_TYPE}=="jfs", ENV{UDISKS_AUTO}="0"
ENV{ID_FS_TYPE}=="qnx6", ENV{UDISKS_AUTO}="0"
ENV{ID_FS_TYPE}=="sysv", ENV{UDISKS_AUTO}="0"

LABEL="udisks_insecure_fs_end"

[tbzatek]

I think it's mostly similar to #1094, just an inverted logic.

[mbiebl]

Do you have any concerns/objections if I (for now) ship this udev rule in the Debian/Ubuntu package?
I'll certainly keep an eye on #1094

[tbzatek]

Do you have any concerns/objections if I (for now) ship this udev rule in the Debian/Ubuntu package? I'll certainly keep an eye on #1094

Well, it's still a valid and supported use case, just on a larger scale.

The only potential effect on upstream I can think of might be to remember there's something custom in place when dealing with bugreports, though we typically ask for udevadm info that would quickly reveal an extra udev rule in place. Sometimes it's not obvious where the problem is and we'd like to minimize the time spent on bugreport investigation as developers' time on this project is currently very limited.