Udev rule to automount media devices stopped working after systemd was updated to version 239

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
1
down vote

favorite












For some time I had a working udev rule to automount media devices.



/etc/udev/rules.d/61-mount_media_by_label.rules



#
# To propagate udev's mountpoint to the user space, MountFlags must have a value "shared" in the /usr/lib/systemd/system/systemd-udevd.service.
#

# Ignore devices that aren't storage block-devices and block-devices that are already listed in /etc/fstab.
KERNEL!="sd[a-z][1-9]*", GOTO="mount_media_by_label_end"
PROGRAM="/bin/grep -e '^UUID=%EID_FS_UUID' /etc/fstab", RESULT!="", GOTO="mount_media_by_label_end"

# Decide the name for device's mountpoint directory, based on device's label.
ENVID_FS_LABEL!="", ENVmountpoint="%EID_FS_LABEL"
ENVID_FS_LABEL=="", ENVmountpoint="usb-%k"

# If device is being plugged in, set options for mount command.
ACTION=="add", ENVmount_options="relatime"
ACTION=="add", ENVID_FS_TYPE=="vfat|ntfs", ENVmount_options="%Emount_options,utf8,gid=100,umask=002"

# If device is being plugged in, create mountpoint directory in /media and mount device node to it.
ACTION=="add", RUN+="/bin/mkdir -p /media/%Emountpoint", RUN+="/bin/mount -o %Emount_options /dev/%k /media/%Emountpoint"

# If device is being plugged out, unmount it and delete its mountpoint directory.
ACTION=="remove", ENVmountpoint!="", RUN+="/bin/umount -l /media/%Emountpoint", RUN+="/bin/rmdir /media/%Emountpoint"

# Label for early exit.
LABEL="mount_media_by_label_end"


To make this rule work, I only had to change the value of MountFlags option to shared in
/usr/lib/systemd/system/systemd-udevd.service

After I updated systemd to version 239, this file looks different.

I noticed 2 changes that might be problematic:



  1. The MountFlags option is not specified in default settings.

  2. There is a new option PrivateMounts set to yes.

From systemd's documentation I figured that now I only need to set PrivateMounts=no and propagation of mountpoint would reach the user space.



However, this is not the case.

I have tried



  1. Changing PrivateMounts=no

  2. Changing PrivateMounts=no and adding MountFlags=shared

but neither works.



What is the correct way to mount media devices from udev rules in systemd v239 and later?






mount systemd udev automounting







share|improve this question





















  • weird, it worked for someone else. github.com/systemd/systemd/issues/9873#issuecomment-413058745
    – sourcejedi
    Aug 26 at 20:38










  • you remembered to both reload systemd and restart udev, right?
    – sourcejedi
    Aug 26 at 20:39










  • I rebooted the whole system and assume that is good enough?
    – Iskustvo
    Aug 26 at 20:43










  • Can you compare the output of eval "$(systemctl show -p MainPID systemd-udevd)"; sudo ls -l /proc/$MainPID/ns/mnt with the unchanged service file from v239, v.s. with the modification from case 1, v.s. ls -l /proc/self/ns/mnt ?
    – sourcejedi
    Aug 26 at 20:43










  • whole-system reboot is good enough, thanks.
    – sourcejedi
    Aug 26 at 20:44














up vote
1
down vote

favorite












For some time I had a working udev rule to automount media devices.



/etc/udev/rules.d/61-mount_media_by_label.rules



#
# To propagate udev's mountpoint to the user space, MountFlags must have a value "shared" in the /usr/lib/systemd/system/systemd-udevd.service.
#

# Ignore devices that aren't storage block-devices and block-devices that are already listed in /etc/fstab.
KERNEL!="sd[a-z][1-9]*", GOTO="mount_media_by_label_end"
PROGRAM="/bin/grep -e '^UUID=%EID_FS_UUID' /etc/fstab", RESULT!="", GOTO="mount_media_by_label_end"

# Decide the name for device's mountpoint directory, based on device's label.
ENVID_FS_LABEL!="", ENVmountpoint="%EID_FS_LABEL"
ENVID_FS_LABEL=="", ENVmountpoint="usb-%k"

# If device is being plugged in, set options for mount command.
ACTION=="add", ENVmount_options="relatime"
ACTION=="add", ENVID_FS_TYPE=="vfat|ntfs", ENVmount_options="%Emount_options,utf8,gid=100,umask=002"

# If device is being plugged in, create mountpoint directory in /media and mount device node to it.
ACTION=="add", RUN+="/bin/mkdir -p /media/%Emountpoint", RUN+="/bin/mount -o %Emount_options /dev/%k /media/%Emountpoint"

# If device is being plugged out, unmount it and delete its mountpoint directory.
ACTION=="remove", ENVmountpoint!="", RUN+="/bin/umount -l /media/%Emountpoint", RUN+="/bin/rmdir /media/%Emountpoint"

# Label for early exit.
LABEL="mount_media_by_label_end"


To make this rule work, I only had to change the value of MountFlags option to shared in
/usr/lib/systemd/system/systemd-udevd.service

After I updated systemd to version 239, this file looks different.

I noticed 2 changes that might be problematic:



  1. The MountFlags option is not specified in default settings.

  2. There is a new option PrivateMounts set to yes.

From systemd's documentation I figured that now I only need to set PrivateMounts=no and propagation of mountpoint would reach the user space.



However, this is not the case.

I have tried



  1. Changing PrivateMounts=no

  2. Changing PrivateMounts=no and adding MountFlags=shared

but neither works.



What is the correct way to mount media devices from udev rules in systemd v239 and later?






mount systemd udev automounting







share|improve this question





















  • weird, it worked for someone else. github.com/systemd/systemd/issues/9873#issuecomment-413058745
    – sourcejedi
    Aug 26 at 20:38










  • you remembered to both reload systemd and restart udev, right?
    – sourcejedi
    Aug 26 at 20:39










  • I rebooted the whole system and assume that is good enough?
    – Iskustvo
    Aug 26 at 20:43










  • Can you compare the output of eval "$(systemctl show -p MainPID systemd-udevd)"; sudo ls -l /proc/$MainPID/ns/mnt with the unchanged service file from v239, v.s. with the modification from case 1, v.s. ls -l /proc/self/ns/mnt ?
    – sourcejedi
    Aug 26 at 20:43










  • whole-system reboot is good enough, thanks.
    – sourcejedi
    Aug 26 at 20:44












up vote
1
down vote

favorite









up vote
1
down vote

favorite











For some time I had a working udev rule to automount media devices.



/etc/udev/rules.d/61-mount_media_by_label.rules



#
# To propagate udev's mountpoint to the user space, MountFlags must have a value "shared" in the /usr/lib/systemd/system/systemd-udevd.service.
#

# Ignore devices that aren't storage block-devices and block-devices that are already listed in /etc/fstab.
KERNEL!="sd[a-z][1-9]*", GOTO="mount_media_by_label_end"
PROGRAM="/bin/grep -e '^UUID=%EID_FS_UUID' /etc/fstab", RESULT!="", GOTO="mount_media_by_label_end"

# Decide the name for device's mountpoint directory, based on device's label.
ENVID_FS_LABEL!="", ENVmountpoint="%EID_FS_LABEL"
ENVID_FS_LABEL=="", ENVmountpoint="usb-%k"

# If device is being plugged in, set options for mount command.
ACTION=="add", ENVmount_options="relatime"
ACTION=="add", ENVID_FS_TYPE=="vfat|ntfs", ENVmount_options="%Emount_options,utf8,gid=100,umask=002"

# If device is being plugged in, create mountpoint directory in /media and mount device node to it.
ACTION=="add", RUN+="/bin/mkdir -p /media/%Emountpoint", RUN+="/bin/mount -o %Emount_options /dev/%k /media/%Emountpoint"

# If device is being plugged out, unmount it and delete its mountpoint directory.
ACTION=="remove", ENVmountpoint!="", RUN+="/bin/umount -l /media/%Emountpoint", RUN+="/bin/rmdir /media/%Emountpoint"

# Label for early exit.
LABEL="mount_media_by_label_end"


To make this rule work, I only had to change the value of MountFlags option to shared in
/usr/lib/systemd/system/systemd-udevd.service

After I updated systemd to version 239, this file looks different.

I noticed 2 changes that might be problematic:



  1. The MountFlags option is not specified in default settings.

  2. There is a new option PrivateMounts set to yes.

From systemd's documentation I figured that now I only need to set PrivateMounts=no and propagation of mountpoint would reach the user space.



However, this is not the case.

I have tried



  1. Changing PrivateMounts=no

  2. Changing PrivateMounts=no and adding MountFlags=shared

but neither works.



What is the correct way to mount media devices from udev rules in systemd v239 and later?






mount systemd udev automounting







share|improve this question













For some time I had a working udev rule to automount media devices.



/etc/udev/rules.d/61-mount_media_by_label.rules



#
# To propagate udev's mountpoint to the user space, MountFlags must have a value "shared" in the /usr/lib/systemd/system/systemd-udevd.service.
#

# Ignore devices that aren't storage block-devices and block-devices that are already listed in /etc/fstab.
KERNEL!="sd[a-z][1-9]*", GOTO="mount_media_by_label_end"
PROGRAM="/bin/grep -e '^UUID=%EID_FS_UUID' /etc/fstab", RESULT!="", GOTO="mount_media_by_label_end"

# Decide the name for device's mountpoint directory, based on device's label.
ENVID_FS_LABEL!="", ENVmountpoint="%EID_FS_LABEL"
ENVID_FS_LABEL=="", ENVmountpoint="usb-%k"

# If device is being plugged in, set options for mount command.
ACTION=="add", ENVmount_options="relatime"
ACTION=="add", ENVID_FS_TYPE=="vfat|ntfs", ENVmount_options="%Emount_options,utf8,gid=100,umask=002"

# If device is being plugged in, create mountpoint directory in /media and mount device node to it.
ACTION=="add", RUN+="/bin/mkdir -p /media/%Emountpoint", RUN+="/bin/mount -o %Emount_options /dev/%k /media/%Emountpoint"

# If device is being plugged out, unmount it and delete its mountpoint directory.
ACTION=="remove", ENVmountpoint!="", RUN+="/bin/umount -l /media/%Emountpoint", RUN+="/bin/rmdir /media/%Emountpoint"

# Label for early exit.
LABEL="mount_media_by_label_end"


To make this rule work, I only had to change the value of MountFlags option to shared in
/usr/lib/systemd/system/systemd-udevd.service

After I updated systemd to version 239, this file looks different.

I noticed 2 changes that might be problematic:



  1. The MountFlags option is not specified in default settings.

  2. There is a new option PrivateMounts set to yes.

From systemd's documentation I figured that now I only need to set PrivateMounts=no and propagation of mountpoint would reach the user space.



However, this is not the case.

I have tried



  1. Changing PrivateMounts=no

  2. Changing PrivateMounts=no and adding MountFlags=shared

but neither works.



What is the correct way to mount media devices from udev rules in systemd v239 and later?






mount systemd udev automounting




mount systemd udev automounting






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Aug 26 at 20:20









Iskustvo

672218




672218











  • weird, it worked for someone else. github.com/systemd/systemd/issues/9873#issuecomment-413058745
    – sourcejedi
    Aug 26 at 20:38










  • you remembered to both reload systemd and restart udev, right?
    – sourcejedi
    Aug 26 at 20:39










  • I rebooted the whole system and assume that is good enough?
    – Iskustvo
    Aug 26 at 20:43










  • Can you compare the output of eval "$(systemctl show -p MainPID systemd-udevd)"; sudo ls -l /proc/$MainPID/ns/mnt with the unchanged service file from v239, v.s. with the modification from case 1, v.s. ls -l /proc/self/ns/mnt ?
    – sourcejedi
    Aug 26 at 20:43










  • whole-system reboot is good enough, thanks.
    – sourcejedi
    Aug 26 at 20:44
















  • weird, it worked for someone else. github.com/systemd/systemd/issues/9873#issuecomment-413058745
    – sourcejedi
    Aug 26 at 20:38










  • you remembered to both reload systemd and restart udev, right?
    – sourcejedi
    Aug 26 at 20:39










  • I rebooted the whole system and assume that is good enough?
    – Iskustvo
    Aug 26 at 20:43










  • Can you compare the output of eval "$(systemctl show -p MainPID systemd-udevd)"; sudo ls -l /proc/$MainPID/ns/mnt with the unchanged service file from v239, v.s. with the modification from case 1, v.s. ls -l /proc/self/ns/mnt ?
    – sourcejedi
    Aug 26 at 20:43










  • whole-system reboot is good enough, thanks.
    – sourcejedi
    Aug 26 at 20:44















weird, it worked for someone else. github.com/systemd/systemd/issues/9873#issuecomment-413058745
– sourcejedi
Aug 26 at 20:38




weird, it worked for someone else. github.com/systemd/systemd/issues/9873#issuecomment-413058745
– sourcejedi
Aug 26 at 20:38












you remembered to both reload systemd and restart udev, right?
– sourcejedi
Aug 26 at 20:39




you remembered to both reload systemd and restart udev, right?
– sourcejedi
Aug 26 at 20:39












I rebooted the whole system and assume that is good enough?
– Iskustvo
Aug 26 at 20:43




I rebooted the whole system and assume that is good enough?
– Iskustvo
Aug 26 at 20:43












Can you compare the output of eval "$(systemctl show -p MainPID systemd-udevd)"; sudo ls -l /proc/$MainPID/ns/mnt with the unchanged service file from v239, v.s. with the modification from case 1, v.s. ls -l /proc/self/ns/mnt ?
– sourcejedi
Aug 26 at 20:43




Can you compare the output of eval "$(systemctl show -p MainPID systemd-udevd)"; sudo ls -l /proc/$MainPID/ns/mnt with the unchanged service file from v239, v.s. with the modification from case 1, v.s. ls -l /proc/self/ns/mnt ?
– sourcejedi
Aug 26 at 20:43












whole-system reboot is good enough, thanks.
– sourcejedi
Aug 26 at 20:44




whole-system reboot is good enough, thanks.
– sourcejedi
Aug 26 at 20:44










1 Answer
1






active

oldest

votes

















up vote
1
down vote



accepted










This approach may be sub-optimal. For example, if you support mounting writable NTFS using ntfs-3g, the ntfs-3g process will be killed whenever you restart udev.



Note that modern security doctrine suggests desktops should start using FUSE for mounting all removable filesystems. https://lwn.net/Articles/755593/



It would be preferable if you could work out how to launch (and stop?) a separate systemd unit ... and write this up as the preferred approach, in whatever peculiar documents keep suggesting Arch users to use this pattern :-). Using a separate systemd unit will avoid the restrictions applied to the udev service.



For example, launch a command in a systemd scope unit using systemd-run --no-block --scope -- my mount command here.



Unfortunately, if you want the unit that contains ntfs-3g to have an identifiable name, it's not immediately obvious what the 100% correct way is. If an old unit with that name is still tracked as "active" but the process has just exited, then simply asking the service to start won't do anything. You could ignore the problem, generate a random suffix for the name, or try to rule out this sequence of events... but maybe there's a better way.



I have not tested this with FUSE, but I think the way to do this would be the systemd-mount command.



A SuperUser answer suggests that using systemd-mount on a device while the udev rule is still running, might not work correctly. This would require rather baroque workarounds. (RUN+="/path/to/my/script %k" which runs systemd-run --no-block --scope --unit=mount-$1 sh -c "systemctl start /dev/$1; systemd-mount ...").



I think the way to do this would look something like



ENVSYSTEMD_WANTS=my-mounter@%k.service



# /etc/systemd/system/my-mounter@.service
[Service]
Type=oneshot
ExecStart=systemd-mount %I

#!/bin/sh
# /usr/local/lib/my-mounter
# You can make this as complicated as you want.
# (Although curiously systemd-mount also reads SYSTEMD_MOUNT_WHERE and
# SYSTEMD_MOUNT_OPTIONS properties if you set them on the udev device.)
# You could also read udev properties yourself using 
# eval "$(udevadm info --query=property --export)"

DEVNAME="$1"
systemd-mount "/dev/$DEVNAME"


The defaults for systemd-mount cause the filesystem to be unmounted automatically on removal, but they do not cleanup the automatically-created mount point directory afterwards (!).



There were two separate changes in v239 - two separate directives that you must revert to get the old behaviour.




  1. PrivateMounts=yes. Replace this with PrivateMounts=no.


  2. SystemCallFilter=@system-service @module @raw-io



    The use of this directive is new in v239. Therefore the simplest way to regain the previous behaviour is to remove it entirely.







share|improve this answer






















    Your Answer







    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f464959%2fudev-rule-to-automount-media-devices-stopped-working-after-systemd-was-updated-t%23new-answer', 'question_page');

    );

    Post as a guest

















    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    1
    down vote



    accepted










    This approach may be sub-optimal. For example, if you support mounting writable NTFS using ntfs-3g, the ntfs-3g process will be killed whenever you restart udev.



    Note that modern security doctrine suggests desktops should start using FUSE for mounting all removable filesystems. https://lwn.net/Articles/755593/



    It would be preferable if you could work out how to launch (and stop?) a separate systemd unit ... and write this up as the preferred approach, in whatever peculiar documents keep suggesting Arch users to use this pattern :-). Using a separate systemd unit will avoid the restrictions applied to the udev service.



    For example, launch a command in a systemd scope unit using systemd-run --no-block --scope -- my mount command here.



    Unfortunately, if you want the unit that contains ntfs-3g to have an identifiable name, it's not immediately obvious what the 100% correct way is. If an old unit with that name is still tracked as "active" but the process has just exited, then simply asking the service to start won't do anything. You could ignore the problem, generate a random suffix for the name, or try to rule out this sequence of events... but maybe there's a better way.



    I have not tested this with FUSE, but I think the way to do this would be the systemd-mount command.



    A SuperUser answer suggests that using systemd-mount on a device while the udev rule is still running, might not work correctly. This would require rather baroque workarounds. (RUN+="/path/to/my/script %k" which runs systemd-run --no-block --scope --unit=mount-$1 sh -c "systemctl start /dev/$1; systemd-mount ...").



    I think the way to do this would look something like



    ENVSYSTEMD_WANTS=my-mounter@%k.service



    # /etc/systemd/system/my-mounter@.service
    [Service]
    Type=oneshot
    ExecStart=systemd-mount %I

    #!/bin/sh
    # /usr/local/lib/my-mounter
    # You can make this as complicated as you want.
    # (Although curiously systemd-mount also reads SYSTEMD_MOUNT_WHERE and
    # SYSTEMD_MOUNT_OPTIONS properties if you set them on the udev device.)
    # You could also read udev properties yourself using 
    # eval "$(udevadm info --query=property --export)"

    DEVNAME="$1"
    systemd-mount "/dev/$DEVNAME"


    The defaults for systemd-mount cause the filesystem to be unmounted automatically on removal, but they do not cleanup the automatically-created mount point directory afterwards (!).



    There were two separate changes in v239 - two separate directives that you must revert to get the old behaviour.




    1. PrivateMounts=yes. Replace this with PrivateMounts=no.


    2. SystemCallFilter=@system-service @module @raw-io



      The use of this directive is new in v239. Therefore the simplest way to regain the previous behaviour is to remove it entirely.







    share|improve this answer


























      up vote
      1
      down vote



      accepted










      This approach may be sub-optimal. For example, if you support mounting writable NTFS using ntfs-3g, the ntfs-3g process will be killed whenever you restart udev.



      Note that modern security doctrine suggests desktops should start using FUSE for mounting all removable filesystems. https://lwn.net/Articles/755593/



      It would be preferable if you could work out how to launch (and stop?) a separate systemd unit ... and write this up as the preferred approach, in whatever peculiar documents keep suggesting Arch users to use this pattern :-). Using a separate systemd unit will avoid the restrictions applied to the udev service.



      For example, launch a command in a systemd scope unit using systemd-run --no-block --scope -- my mount command here.



      Unfortunately, if you want the unit that contains ntfs-3g to have an identifiable name, it's not immediately obvious what the 100% correct way is. If an old unit with that name is still tracked as "active" but the process has just exited, then simply asking the service to start won't do anything. You could ignore the problem, generate a random suffix for the name, or try to rule out this sequence of events... but maybe there's a better way.



      I have not tested this with FUSE, but I think the way to do this would be the systemd-mount command.



      A SuperUser answer suggests that using systemd-mount on a device while the udev rule is still running, might not work correctly. This would require rather baroque workarounds. (RUN+="/path/to/my/script %k" which runs systemd-run --no-block --scope --unit=mount-$1 sh -c "systemctl start /dev/$1; systemd-mount ...").



      I think the way to do this would look something like



      ENVSYSTEMD_WANTS=my-mounter@%k.service



      # /etc/systemd/system/my-mounter@.service
      [Service]
      Type=oneshot
      ExecStart=systemd-mount %I

      #!/bin/sh
      # /usr/local/lib/my-mounter
      # You can make this as complicated as you want.
      # (Although curiously systemd-mount also reads SYSTEMD_MOUNT_WHERE and
      # SYSTEMD_MOUNT_OPTIONS properties if you set them on the udev device.)
      # You could also read udev properties yourself using 
      # eval "$(udevadm info --query=property --export)"

      DEVNAME="$1"
      systemd-mount "/dev/$DEVNAME"


      The defaults for systemd-mount cause the filesystem to be unmounted automatically on removal, but they do not cleanup the automatically-created mount point directory afterwards (!).



      There were two separate changes in v239 - two separate directives that you must revert to get the old behaviour.




      1. PrivateMounts=yes. Replace this with PrivateMounts=no.


      2. SystemCallFilter=@system-service @module @raw-io



        The use of this directive is new in v239. Therefore the simplest way to regain the previous behaviour is to remove it entirely.







      share|improve this answer
























        up vote
        1
        down vote



        accepted







        up vote
        1
        down vote



        accepted






        This approach may be sub-optimal. For example, if you support mounting writable NTFS using ntfs-3g, the ntfs-3g process will be killed whenever you restart udev.



        Note that modern security doctrine suggests desktops should start using FUSE for mounting all removable filesystems. https://lwn.net/Articles/755593/



        It would be preferable if you could work out how to launch (and stop?) a separate systemd unit ... and write this up as the preferred approach, in whatever peculiar documents keep suggesting Arch users to use this pattern :-). Using a separate systemd unit will avoid the restrictions applied to the udev service.



        For example, launch a command in a systemd scope unit using systemd-run --no-block --scope -- my mount command here.



        Unfortunately, if you want the unit that contains ntfs-3g to have an identifiable name, it's not immediately obvious what the 100% correct way is. If an old unit with that name is still tracked as "active" but the process has just exited, then simply asking the service to start won't do anything. You could ignore the problem, generate a random suffix for the name, or try to rule out this sequence of events... but maybe there's a better way.



        I have not tested this with FUSE, but I think the way to do this would be the systemd-mount command.



        A SuperUser answer suggests that using systemd-mount on a device while the udev rule is still running, might not work correctly. This would require rather baroque workarounds. (RUN+="/path/to/my/script %k" which runs systemd-run --no-block --scope --unit=mount-$1 sh -c "systemctl start /dev/$1; systemd-mount ...").



        I think the way to do this would look something like



        ENVSYSTEMD_WANTS=my-mounter@%k.service



        # /etc/systemd/system/my-mounter@.service
        [Service]
        Type=oneshot
        ExecStart=systemd-mount %I

        #!/bin/sh
        # /usr/local/lib/my-mounter
        # You can make this as complicated as you want.
        # (Although curiously systemd-mount also reads SYSTEMD_MOUNT_WHERE and
        # SYSTEMD_MOUNT_OPTIONS properties if you set them on the udev device.)
        # You could also read udev properties yourself using 
        # eval "$(udevadm info --query=property --export)"

        DEVNAME="$1"
        systemd-mount "/dev/$DEVNAME"


        The defaults for systemd-mount cause the filesystem to be unmounted automatically on removal, but they do not cleanup the automatically-created mount point directory afterwards (!).



        There were two separate changes in v239 - two separate directives that you must revert to get the old behaviour.




        1. PrivateMounts=yes. Replace this with PrivateMounts=no.


        2. SystemCallFilter=@system-service @module @raw-io



          The use of this directive is new in v239. Therefore the simplest way to regain the previous behaviour is to remove it entirely.







        share|improve this answer














        This approach may be sub-optimal. For example, if you support mounting writable NTFS using ntfs-3g, the ntfs-3g process will be killed whenever you restart udev.



        Note that modern security doctrine suggests desktops should start using FUSE for mounting all removable filesystems. https://lwn.net/Articles/755593/



        It would be preferable if you could work out how to launch (and stop?) a separate systemd unit ... and write this up as the preferred approach, in whatever peculiar documents keep suggesting Arch users to use this pattern :-). Using a separate systemd unit will avoid the restrictions applied to the udev service.



        For example, launch a command in a systemd scope unit using systemd-run --no-block --scope -- my mount command here.



        Unfortunately, if you want the unit that contains ntfs-3g to have an identifiable name, it's not immediately obvious what the 100% correct way is. If an old unit with that name is still tracked as "active" but the process has just exited, then simply asking the service to start won't do anything. You could ignore the problem, generate a random suffix for the name, or try to rule out this sequence of events... but maybe there's a better way.



        I have not tested this with FUSE, but I think the way to do this would be the systemd-mount command.



        A SuperUser answer suggests that using systemd-mount on a device while the udev rule is still running, might not work correctly. This would require rather baroque workarounds. (RUN+="/path/to/my/script %k" which runs systemd-run --no-block --scope --unit=mount-$1 sh -c "systemctl start /dev/$1; systemd-mount ...").



        I think the way to do this would look something like



        ENVSYSTEMD_WANTS=my-mounter@%k.service



        # /etc/systemd/system/my-mounter@.service
        [Service]
        Type=oneshot
        ExecStart=systemd-mount %I

        #!/bin/sh
        # /usr/local/lib/my-mounter
        # You can make this as complicated as you want.
        # (Although curiously systemd-mount also reads SYSTEMD_MOUNT_WHERE and
        # SYSTEMD_MOUNT_OPTIONS properties if you set them on the udev device.)
        # You could also read udev properties yourself using 
        # eval "$(udevadm info --query=property --export)"

        DEVNAME="$1"
        systemd-mount "/dev/$DEVNAME"


        The defaults for systemd-mount cause the filesystem to be unmounted automatically on removal, but they do not cleanup the automatically-created mount point directory afterwards (!).



        There were two separate changes in v239 - two separate directives that you must revert to get the old behaviour.




        1. PrivateMounts=yes. Replace this with PrivateMounts=no.


        2. SystemCallFilter=@system-service @module @raw-io



          The use of this directive is new in v239. Therefore the simplest way to regain the previous behaviour is to remove it entirely.








        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Aug 27 at 10:52

























        answered Aug 27 at 9:39









        sourcejedi

        20.2k42886




        20.2k42886



























             

            draft saved


            draft discarded















































             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f464959%2fudev-rule-to-automount-media-devices-stopped-working-after-systemd-was-updated-t%23new-answer', 'question_page');

            );

            Post as a guest
































































            -

            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Image
            Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Sep 26 at 0:12 ToanLuong 49 9 add a comment  |  up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Se
            Read more

            Bahrain

            Image
            For other uses, see Bahrain (disambiguation). Sovereign island state in the Persian Gulf Kingdom of Bahrain مملكة البحرين   (Arabic) Mamlakat al-Baḥrayn Flag Coat of arms Anthem:  نشيد البحرين الوطني Bahrainona Our Bahrain Location of   Bahrain    (circled in red) Capital and largest city Manama 26°13′N 50°35′E  /  26.217°N 50.583°E  / 26.217; 50.583 Official languages Arabic Ethnic groups (2010 [1] ) 50.7% Arab (46% Bahrani, 4.7% other Arabs) 45.5% Asian 1% European 1.2% Others Religion Islam Demonym(s) Bahraini Government Unitary constitutional monarchy • King Hamad bin Isa Al Khalifa • Crown Prince Salman bin Hamad bin Isa Al Khalifa • Prime Minister Khalifa bin Salman Al Khalifa Legislature National Assembly • Upper house Consultative Council • Lower house Council of Representatives Independence • Declared Independence [2] 14 August 1971 • from United Kingdom [1] 15 August 1971 • Admitted to the United Nations 21 September 1971 • Kingdom of Bahrain 14 February 2002
            Read more

            Postfix configuration issue with fips on centos 7; mailgun relay

            Image
            Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite I am trying to setup postfix to relay all mail generated on the local machine via SMTP to a mailgun relay. I have used the mailgun relay before with success on an ubuntu server, but I am migrating to a Centos 7 server which I will be running in FIPS mode. There error log is below, slightly sanitized. I have a small enough network that I choose to have each machine reach out to mailgun individually (this the loopback-only, 127.0.0.0/8 restrictions) and no firewall open port allowing smtp in to the machine. I assume the FIPS mode (and with it disabling of MD5) is causing problems, but I don't know how to overcome it or if it is even possible for tls_fprint to use some supported hash such as sha256 or sha512. However, the relay=none is slightly concerning since I have relayhost set, but perhaps that is because the smtp process is failing? Any help would be appreciated! postconf -n: alias_database = hash:/etc/alia
            Read more