Wanted to update this should anyone run across it - selinux is the issue...
Hi, I would like to know why I can see but not read files in NFS mounts unless they are in the primary storage location(internal storage - /data/media/0) and viewed from an app not running elevated privileges. (problem is if you have the mountpoint at a location you can only access with a file explorer running as root, you can see the files but not read them, and if you aren't root of course you can't get to the mountpoint). You can only read the files when running as a regular user which seems counter-intuitive to my understanding of the basic linux principal of root. This has only started recently, I am guessing android 4.2+
I am able to mount and read off NFS shares with stock kernel on CM10.2 (GS3), but it is a hassle because I have to switch my file explorers from root access to nonroot all the time.
the relevant line for my mounted share example from /etc/exports from server at local ip address 192.168.1.117:
Code:
/home/myth/myth1 192.168.1.0/24(rw,insecure,no_subtree_check,async)
I use smanage app (script manager) (and for some reason script must be run off of /storage/sdcard1 -- external sdcard, not internal memory) and flag it as "su"(root) and "boot"(makes it run at boot).
I have it set up so that I create the folders at boot, then either mount or unmount the network share with 3 different scripts that I can create widgets for on my home screen, but basic language should be same (note change "myth/myth1" to whatever folder names you have, and you only need the primary folder not a secondary, i just set it up this way because I have multiple mounts)
directory creation language:
Code:
mkdir /data/media/0/myth
mkdir /data/media/0/myth/myth1
mount language:
Code:
busybox mount -t nfs 192.168.1.117:/home/myth/myth1 /data/media/0/myth/myth1 -o nolock,rsize=8192,wsize=8192
language to unmount:
Code:
umount /data/media/0/myth/myth1
Now some important things:
1- This server setup (etc/exports) worked fine and had no issues before android 4.2
2- I have had severe issues trying to mount at other points other than /data/media/0, so I can not recommend mounting anywhere else, though it may be possible
3- Starting with Android 4.2, there are major issues seeing things such as NFS mounts among different applications. For some reason I can see, but NOT READ files on the NFS share when the file explore app is running as ROOT/SU. This is why I have only recently been able to get it to work at /data/media/0, and that is because I figured out that the mountpoint has to be accessible by an app when it is not running root privileges. People have hinted that this has something to do with the new multiuser namespaces : see the bottom of this page: http://source.android.com/devices/tech/storage/index.html
any thoughts or understandings would be greatly appreciated on this so I can keep my NFS shares working with further changes
Related
I posted this in the nook touch forum by mistake. Please read below and let me know what you think.
One of the biggest issues I had with my nook was the 16/1GB division between content I can load and content from B&N/etc. Not being able to use that 16GB how I wanted was something I set forth to fix. Here is my solution to make this usable to non-rooted apps.
1) Root if not already rooted.
2) Make a directory inside of /data. I chose /data/usrdata.
3) remount / as RW with the command mount -o remount,rw -t rootfs rootfs / (credit to Indirect for this, as I could't find the command to do so)
4) mkdir /mnt/internal . We need somewhere to mount /data/usrdata/ and /mnt is public enough.
5) busybox mount -o bind /data/usrdata /mnt/internal. Mounts /data/usrdata to /mnt/internal.
6) For good measure, chmod 777 /mnt/internal and chmod 777 /data/usrdata.
Now, /mnt/internal should have whatever free space /data has, and should be read/write accessible from any program. A quick test with touch+terminal emulator shows new files as being created with RW permissions for all.
Alternatives: When I was initially thinking about ways to do this, my first reaction was to just open up /data to be read only to all, then have my usrdata folder be read/write all. However, I know part of android's app security model depends on some of these permissions. While I can't think of anything breaking or sensitive data being leaked, I decided against it. If anyone has any thoughts as to that scenario, I am very interested in hearing about it.
USB support: This will *not* be mountable under USB. Unfortunately you are still limited to transfering the data from a computer to the B&N internal storage or SDcard first, then moving the data internally. The problem that I see with this is similar to my understanding of the galaxy nexus situation, where the system can't unmount its /data partition and let the USB host take over. Another alternative to this could be to write an image file and mount that over usb (I've done this on my Evo, it worked so-so). Problem with that is that it really wouldn't grow/shrink with the storage. I suppose you could do some shell trickery and pipe it through gzip somehow, but that wouldn't help very much.
Let me know what you think and if you have any ways to improve this.
UPDATE: Persistance:
To make this persistant across reboots, run these commands as root:
1) mount -o rw,remount -t ext4 /dev/block/platform/mmci-omap-hs.1/by-name/system /system
2) echo mount -o remount,rw -t rootfs rootfs / >> /system/bin/clrbootcount.sh
3) echo mkdir /mnt/internal >> /system/bin/clrbootcount.sh
4) echo busybox mount -o bind /data/usrdata /mnt/internal >> /system/bin/clrbootcount.sh
5) echo mount -o remount,ro -t rootfs rootfs / >> /system/bin/clrbootcount.sh
All this does is put the following at the end of clrbootcount.sh
mount -o remount,rw -t rootfs rootfs / #Remounts root as RW. Root is regenerated at each reboot, so /mnt/internal is never going exist on a fresh startup
mkdir /mnt/internal #make /mnt/internal, see above
busybox mount -o bind /data/usrdata /mnt/internal #Binds the directory
mount -o remount,ro -t rootfs rootfs / #remounts root as RO. Unsure if this is necessary, but since it runs as RO, its probably better safe than sorry.
Thanks to eded333 for mentioning a good place for the script.
Click to expand...
Click to collapse
I was the one who wrote the script gameman. >.>'
Very nicely done.
Does Android possess a fstab? If so, could these changes (also) be made there and still be persistent?
this is a good work around
Am I understanding this correctly in that if I follow these guidelines I can move my data over to the Barnes and noble alotted storage that we were complaining about not having available?
Sent from my Nook Tablet using Tapatalk
downsay said:
Am I understanding this correctly in that if I follow these guidelines I can move my data over to the Barnes and noble alotted storage that we were complaining about not having available?
Sent from my Nook Tablet using Tapatalk
Click to expand...
Click to collapse
That is correct, from what I understand as well.
Sent from my BNTV250 using Tapatalk
liquidzoo said:
Very nicely done.
Does Android possess a fstab? If so, could these changes (also) be made there and still be persistent?
Click to expand...
Click to collapse
From what I could tell, it does, but its not the normal /etc/fstab. It looks like they have a daemon or something that mounts the sdcard and the media (1gb) drive. When I first looked at its version of the fstab, it looked like it only took a block device, which doesn't quite work for the directory binding.
downsay said:
Am I understanding this correctly in that if I follow these guidelines I can move my data over to the Barnes and noble alotted storage that we were complaining about not having available?
Click to expand...
Click to collapse
Yes that is correct. You still cannot mount it under USB, however. If you have some other way of getting the files there, however, its open as an option. I've been using swiFTP (in the market) to do that. Could also copy and move from the media/sd cards that do mount to the PC, but thats a two step process. I've thought about getting MTP setup so that you can see that folder via USB, but haven't really had a chance to look into how that would work.
*Note, when using swiFTP and other programs more than likely, you may get some file permissions errors or other odd errors about corrupt files. These are just the file permissions that the program defaulted to, and can be fixed by doing a 'chmod -R 777 /mnt/internal/'. Don't have this problem on sdcard or media because they are just FAT32 formatted, which don't support permissions.
Trying to understand ...
gameman733 said:
I posted this in the nook touch forum by mistake. Please read below and let me know what you think.
Click to expand...
Click to collapse
I don't understand the purpose of the mounts. Why not just create /data/usrdata and put your stuff in there?
I know /data has "access-only/no-read" access for non-system apps, but anything in /data/usrdata/ should be visible (and no need to modify clrbootcount.sh).
If you need "/mnt/internal" (I don't see the need for that either), why not just use a soft link (which is permanent)???
The primary reason for using the mounts was that I was originally planning on trying to mount it in a way that would ignore file permissions, but didn't know at the time that you can't do that with a bind mount. Using a simple link would be just as effective in this case.
However.. / is Read only. Even when remounted read-write, this filesystem is actually regenerated every boot. So nothing in /mnt would stay past the next restart.
The purpose for having it in /mnt (could have been anywhere, I suppose, but it seemed a little more appropriate) was for apps that can't browse /data. For example, gameboid and related programs would get to /data and show nothing, because you can't browse it as a non-rooted app. Having a symlink or bind mount elsewhere in the filesystem where they can browse helps with that. The alternative was to remove the no-browsing permissions from /data. I didn't feel comfortable with doing this, however, as I'm sure there are some security risks to doing this. It probably isn't a big deal, but since we have the tools to do it while maintaining those existing permissions, why not go ahead and do that?
Is there a solution that does not require being rooted?
[I was gonna start a thread about this 1.0 GB vs 16GB issue. Glad someone
beat me to it. ]
A day or two ago, I side-loaded a couple of movies, each about 400-MB in size,
and was surprised to notice that I had only 20% of my 1.0GB remaining.
I haven't 'bitten the bullet', and got brave enough to 'root' my Nook yet.
(Still not sure yet whether my wife will keep it, and it's an XMAS-gift for her.)
But, I'm quite fluent in Linux, so if we DO keep it, I'll definitely get around
to doing the 'root'.
Meanwhile, if anyone does find a way, without rooting, to re-allocate these
built-in assigned storage quotas, please post it in this thread.
Cheers...
gameman733 said:
The primary reason for using the mounts was that I was originally planning on trying to mount it in a way that would ignore file permissions, but didn't know at the time that you can't do that with a bind mount.
Click to expand...
Click to collapse
To solve this issue I've compiled fuse kernel module and bindfs userspace utility. Bindfs is similar to "mount -o bind" but can override permissions and ownerships. I can share how-to instruction and compiled binaries if you want
Hi !
I have an application (CamScanner) with large amount of data (~8Gb). This app doesn't support transfering data do external SD card, so I checked mount -o bind command to bind directory with data stored on external SD to directory in /sdcard and it's working correctly. Question is where I can put this command so that system will run it at boot time after external sd card is ready. There is no /etc/init.d directory on my SGS2 (stock XXKI4). I prefer not to install any applications to perform such a simple task...
Thanks for help, regards !
slig said:
I prefer not to install any applications to perform such a simple task...
Click to expand...
Click to collapse
I think you have no choice, as stock kernels do not have init.d support. You'd need to go down the route of either using an app to run a script on boot, install a kernel with init.d support, or stick with your current method of manually running a script when you need to use the app.
Also, you could try asking the developers kindly to allow saving to external_sd. There's an Email Developer link on the Android market, and a Contact Us link on their website
Thanks for response. I found script named init.rc located in "/", it has several mount commands inside, wonder if it can be used...
Also discovered that app Tasked has ability to run shell scripts with root privileges (at boot or at application start). I suppose I have to put this shell script in /system because in /sdcard owner permissions cannot be set so that file cannot be modified (vfat does not support that) and a security hole would be created...
I think that I'll also ask developer for this feature as You suggest.
slig said:
Thanks for response. I found script named init.rc located in "/", it has several mount commands inside, wonder if it can be used...
Click to expand...
Click to collapse
Everything in "/" is initramfs, a volatile ramdisk changes to which would be lost
on reboot. Only exception are directories in which actual partitions are mounted,
like /system and /data (you can check which directories with "mount" command).
Have you tried just using symbolic link?
INFO
This may be the best solution, try something like:
Code:
mkdir /sdcard/AppFolder
ln -s /sdcard/AppFolder /data/data/com.your.application.data.folder
Just in case you don't know, you can execute those command using
Terminal Emulator. You were considering modifications to /, so I guess you already have root.
Yes, I have rooted my SGS2 via ZergRush.
I didn't know that / is volatile initramfs, thanks for that information.
As for symbolic link - unfortunately on my stock ROM both /sdcard and /sdcard/external_sd filesystems are vfat and don't support symbolic linking. Only working way I discovered is bind mount.
In my case, I have the following:
mount -o bind /sdcard/external_sd/CamScanner /sdcard/CamScanner
And application runs OK, all data is accessible and doesn't consume internal flash memory.
I'll take a look how hard would be to write some small application to do just this task - define some pairs of source and target directories and mount - bind them at start.
I've somehow missed the fact that you're need redirection from /sdcard
to /sdcard/external_sd, I was thinking about symlink on /data...
Anyways, there another nice trick you can do - if you can devote your SD card
to this one application, then just edit /system/etc/vold.fstab to make SD card
mount in /sdcard/CamScanner instead of /sdcard/external_sd.
I have liliopop CM12 installed on my Note3, I have a encrypted partition, which I mount using luks, I have the mount working now with out issues so the encrypted part can be ignored, if any one is interested I can explain how I did what I did and post the actual scripts used.
The problem is that if I su - from juicessh and then mount the partition the partition is mounted, but only the juice su'ed user can see it. I can log this user out and back in and still see it, but only this users sees it.
For instance
$whoami
10211
#su -
0
#exit
$whoami
10211
now if I run:
$su -l --shell /system/bin/sh -c 'mkdir /storage/sdcard2 ; chmod 777 /storage/sdcard2 ; mount -t ext4 /dev/sda1 /storage/sdcard2 ; df ; exit' ; df
Now this will show that /storage/sdcard2 is mounted when I'm root
when I'm non-root (AKA not ID 0) then I do not see the mount.
Now I login as root using sshdroid:
#whoami
root
#df
does not show sdcard2
Lastly via "Root explorer":
does not see anything mount in /storage/sdcard2 either.
So the issue I'm facing is that I can mount a partition as root and access it, but only as the user I mounted it as, in fact what even makes less sense is that root via sshdroid and root via juicessh can not see what the other user did (mount wise), though if I create a root accessible file that is fine. I used to do this is CM11 using the same commands (different mount points do to the OS change) without any issue. It is as if each root user is unique which is fine on the surface, but since I need access to this encrypted partition, only when accessing documents for work, which normally it is not mounted, but once mounted I need it to be accessible as any other sdcard. Any suggestions?
Thanks,
ERIC
Partly working
I got it partly working if I disable "Mount namespace separation", however I still have an issue that /storage/emulated/0 does not exist, until I use a program like Root Explorer, I mean it exists, but the shell script can not change to it (mount point not found exception), I'm assuming this is also something to do with Lilipop, but I'm not sure what or how to resolve it.
ERIC
Hi,
I state that they are not very knowledgeable about linux commands.
I have installed on my SM-G900F ROM cm12 and it works!
I created a second user, but it does not have root privileges.
I would like, however, to know how you can create a secono user with root privileges?
Thanks for the reply
Hi all,
So I've spent hours trying to solve this, using everything I have found on the Internet. (This problem isn't exclusive to CIFS mounts by the way, it's all FS types. CIFS mount is what I require)
Basically I have an android box that's running 4.4.2. I need to mount a NAS box onto the file system. I can do this no problem using Terminal as SU. As soon as I use another App to navigate to the location, the mounted location isn't visible. I know that it is a known bug/security restriction after 4.2, and is due to multiusers or something. People have suggested including the mount command into /system/bin/debuggerd because the start command is a system command that has higher privileges or something. Anyway, I've tried this by just removing the contents of debuggerd and typing the following:
#!/bin/sh
mount -o username=JOELB,password=password -t cifs //192.168.1.252/PUBLIC /data/media/0/NAS
However, this doesn't work on boot, or if i run 'start debuggerd'
Apparently /data/media/0 is the location I should be mounting to, due to the bug/security flaw. Apps like mount manager are useless because they only work for that app.
Can anyone help me on this... It's killing me!!
Many thanks
Joel
Reasons:
0.) You know, apps like messing up internal storage.
1.) I have installed dozens of ROMs flashed with DualBoot Patcher(It's a great tool), and all of them share the same /sdcard path( /data/media/0, actually it's /raw/data/media/0 ), it's a terriable mess.
2.) Android Nougat does NOT have xposed yet, so I cannot use xposed module XInternalSD to do this.
Due to /sdcard being linked to /storage/emulated/0, I should mount -o bing $another_path to /storage/emulated/0.
What I want to do is:
remount $data_partition_mount_point/media/$my_path to /storage/emulated/0 when the phone is booting, so my system can use another path for internal storage
I want to unmount the default /storage/emulated and only to mount /storage/emulated/0 to keep /storage/emulated clean.
CAN I ?
But after too many times failed, I failed again. I CANNOT mount $my_path as Internal Storage again. It ends up with "Access Denied",or "cross-device link", or seperated permissions(not as a sdcard)
Also, I tried to modify install-recovery.sh to let my scripts execute when booting, but sepolicy denied my orders (like mkdir, mount, setenforce ). So, I run my scripts via APP "Boot Shell".
Is there anyone who know how to do this? Or, can a script change the default Internal Storage path?