However, when you log in to GNOME then gnome-volume-manager, in the default configuration, mounts all the drives as the user who is logging in. And unmounts them at logout. I think this is sane given the options put in /etc/fstab.
/dev/sda1 /media/compact_flash vfat rw,sync,noatime,nodiratime,nosuid,nodev,uid=500,gid=500,fmask=0022,dmask=0022 0
0
Note the nosuid,nodev options thanks to having user in the fstab line.
So, I hope we can agree this is pretty safe?
The damage comes from xattr. Suppose I have a machine that boots Mandrake, debian, and FC3. I use the /opt as a pass between the the various OS's. It is on its own partition. One of these days, the mount count triggers a fsck. I don't want it to write anything to the drive if it can mess it up. Again, the problem is xattrs and the older OS's not handling them.
<rant> Its too late now, but I think allowing xattrs into ext3 was a big mistake from a backwards compatibility stance. It should have been ext4. Sure, the bugs in ext3 would still be there waiting to bite you, but you won't face them every single day.</rant>
Can you detect a ext3 drive that doesn't have xattrs applied? If so, the work around is not to write anything related to xattrs to that drive.
I'm not sure how well turning off media detection works presently
Something changed after yesterday's updates. I set everything to false yesterday and there were no entries in /media and fstab. Today they are there.
(I test it once in a while though) and I think g-v-m ignores the automount hint. When Nautilus and GNOME VFS is ready, this will be supported as well [1].
Then the answer is not to make the drive available. There should probably be a configuration option that says do not update fstab with detected media and another for do not create mount points for detected media. This way, people that cannot afford to get a corrupted partition from xattrs being written to a partition that a NON-SE Linux OS must access can avoid damage.
There is supposed to be a /media/cdrom mount point if you got a CD-ROM drive;
OK, I don't see one. The following is from an earlier e-mail to the list that I didn't get a chance to answer:
This should work. What does 'udevinfo -r -q name -p /block/hdc' say?
/dev/hdc
Does running 'service haldaemon stop; udevstart; service haldaemon start' solve your problem?
No. [root@buildhost root]# ls /media/ idedisk idedisk1 scsidisk scsidisk1
[root@buildhost root]# service haldaemon stop Stopping HAL daemon: [FAILED] [root@buildhost root]# udevstart [root@buildhost root]# service haldaemon start Starting HAL daemon: [ OK ] /etc/init.d/haldaemon: line 31: /var/run/hald/pid: No such file or directory
Otherwise you need to file a bug against hal to we can fix it
Does the above look like a bug? If so I will file one.
Thanks, -Steve Grubb
__________________________________ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail