<def-group>
  <definition class="compliance" id="mount_option_%MOUNTOPTION%_removable_partitions" version="4">
    <metadata>
      <title>Add %MOUNTOPTION% Option to Removable Media Partitions</title>
      <affected family="unix">
        <platform>multi_platform_rhel</platform>
        <platform>multi_platform_fedora</platform>
        <platform>multi_platform_wrlinux</platform>
      </affected>
      <description>The %MOUNTOPTION% option should be enabled for all removable devices mounts in /etc/fstab.</description>
    </metadata>
    <criteria operator="OR">
      <!-- First check if specified removable partition truly exists on the system. If not, don't check /etc/fstab & runtime configuration
           since there's no device to check against -->
      <extend_definition comment="Check if removable partition really exists on the system"
      definition_ref="removable_partition_doesnt_exist" />
      <!-- Removable device exists. Check if it's CD/DVD drive. If so, verify that at least one from all of the possible its alternative
           names in /etc/fstab & runtime configuration are configured with '%MOUNTOPTION%' option -->
      <criteria operator="AND">
        <extend_definition comment="Check if removable partition value represents CD/DVD drive"
        definition_ref="var_removable_partition_is_cd_dvd_drive" />
        <criteria operator="OR">
          <criteria operator="AND">
            <criterion test_ref="test_%MOUNTOPTION%_etc_fstab_cd_dvd_drive"
            comment="Check if at least one from CD/DVD drive alternative names is using '%MOUNTOPTION%' mount option in /etc/fstab" />
            <criterion test_ref="test_%MOUNTOPTION%_runtime_cd_dvd_drive"
            comment="Check if at least one from CD/DVD drive alternative names is using '%MOUNTOPTION%' mount option in runtime configuration" />
          </criteria>
          <extend_definition definition_ref="no_cd_dvd_drive_in_etc_fstab"
          comment="Check if CD/DVD drive is not configured to automount in /etc/fstab" />
        </criteria>
      </criteria>
      <!-- Removable device exists & isn't CD/DVD drive. Check the particular devices is configured with '%MOUNTOPTION%' mount option in both
           /etc/fstab & runtime configuration -->
      <criteria operator="AND">
        <criterion test_ref="test_%MOUNTOPTION%_etc_fstab_not_cd_dvd_drive"
        comment="Check if removable partition is using '%MOUNTOPTION%' mount option in /etc/fstab" />
        <criterion test_ref="test_%MOUNTOPTION%_runtime_not_cd_dvd_drive"
        comment="Check if removable partition is using '%MOUNTOPTION%' mount option in runtime configuration" />
      </criteria>
    </criteria>
  </definition>

  <!-- If specified removable partition represents CD / DVD drive, create a variable
       holding also alternative names for CD / DVD block special device as used by udev -->
  <constant_variable id="variable_cd_dvd_drive_alternative_names_%MOUNTOPTION%" datatype="string" comment="CD/DVD drive alternative names whitelist" version="1">
    <value>/dev/cdrom</value>
    <value>/dev/dvd</value>
    <value>/dev/scd0</value>
    <value>/dev/sr0</value>
  </constant_variable>

  <!-- For each of the CD / DVD drive alternative names create regular expression pattern
       to be used in textfilecontent54_object below -->
  <local_variable id="variable_cd_dvd_drive_regex_pattern_%MOUNTOPTION%" datatype="string" comment="Regular expression pattern for CD / DVD drive alternative names" version="1">
    <concat>
      <literal_component>^[\s]*</literal_component>
      <variable_component var_ref="variable_cd_dvd_drive_alternative_names_%MOUNTOPTION%" />
      <!-- Capture the mount options field (4-th column of /etc/fstab) -->
      <literal_component>[\s]+[/\w]+[\s]+[\w]+[\s]+([^\s]+)(?:[\s]+[\d]+){2}$</literal_component>
    </concat>
  </local_variable>

  <!-- If specified removable partition represents CD / DVD drive, use all alternative
       names to check /etc/fstab & runtime settings -->
  <ind:textfilecontent54_test id="test_%MOUNTOPTION%_etc_fstab_cd_dvd_drive" check_existence="any_exist" check="all" comment="'%MOUNTOPTION%' mount option used for at least one CD / DVD drive alternative names in /etc/fstab" version="1">
    <ind:object object_ref="object_%MOUNTOPTION%_etc_fstab_cd_dvd_drive" />
    <ind:state state_ref="state_%MOUNTOPTION%_etc_fstab_cd_dvd_drive" />
  </ind:textfilecontent54_test>

  <ind:textfilecontent54_object id="object_%MOUNTOPTION%_etc_fstab_cd_dvd_drive" version="1">
    <ind:filepath>/etc/fstab</ind:filepath>
    <ind:pattern operation="pattern match" datatype="string" var_ref="variable_cd_dvd_drive_regex_pattern_%MOUNTOPTION%" var_check="at least one" />
    <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
  </ind:textfilecontent54_object>

  <ind:textfilecontent54_state id="state_%MOUNTOPTION%_etc_fstab_cd_dvd_drive" version="1">
    <ind:subexpression operation="pattern match" datatype="string">^.*,?%MOUNTOPTION%,?.*$</ind:subexpression>
  </ind:textfilecontent54_state>

  <linux:partition_test id="test_%MOUNTOPTION%_runtime_cd_dvd_drive" check="all" comment="'%MOUNTOPTION%' mount option used for at least one CD / DVD drive alternative names in runtime configuration" version="1">
    <linux:object object_ref="object_%MOUNTOPTION%_runtime_cd_dvd_drive" />
  </linux:partition_test>

  <linux:partition_object id="object_%MOUNTOPTION%_runtime_cd_dvd_drive" version="1">
    <!-- CD / DVD drive can be mounted under any mount_point. We don't know ahead its exact name.
         => Capture all & filter out only the relevant ones via the corresponding state -->
    <linux:mount_point operation="pattern match">^.*$</linux:mount_point>
    <!-- Therefore from all the captured mount points select only those having
         device set to some CD / DVD drive alternative name and simultaneously
         having '%MOUNTOPTION%' mount option used -->
    <filter action="include">state_%MOUNTOPTION%_runtime_cd_dvd_drive</filter>
  </linux:partition_object>

  <linux:partition_state id="state_%MOUNTOPTION%_runtime_cd_dvd_drive" version="1">
    <linux:device datatype="string" operation="equals" var_ref="variable_cd_dvd_drive_alternative_names_%MOUNTOPTION%" var_check="at least one" />
    <linux:mount_options datatype="string" entity_check="at least one" operation="equals">%MOUNTOPTION%</linux:mount_options>
  </linux:partition_state>

  <!-- Specified removable partition exists & doesn't represent a CD/DVD drive.
       Check if configured with '%MOUNTOPTION%' mount option in both /etc/fstab & runtime configuration -->
  <ind:textfilecontent54_test id="test_%MOUNTOPTION%_etc_fstab_not_cd_dvd_drive" check="at least one" check_existence="all_exist" comment="Check if removable partition is configured with '%MOUNTOPTION%' mount option in /etc/fstab" version="1">
    <ind:object object_ref="object_%MOUNTOPTION%_etc_fstab_not_cd_dvd_drive" />
    <ind:state state_ref="state_%MOUNTOPTION%_etc_fstab_not_cd_dvd_drive" />
  </ind:textfilecontent54_test>

  <!-- Create regular expression pattern for the device to be used in the
       textfilecontent54_object below -->
  <local_variable id="variable_not_cd_dvd_drive_regex_pattern_%MOUNTOPTION%" datatype="string" comment="Regular expression pattern for removable block special device other than CD / DVD drive" version="1">
    <concat>
      <literal_component>^[\s]*</literal_component>
      <variable_component var_ref="var_removable_partition" />
      <!-- Capture the mount options field (4-th column of /etc/fstab) -->
      <literal_component>[\s]+[/\w]+[\s]+[\w]+[\s]+([^\s]+)(?:[\s]+[\d]+){2}$</literal_component>
    </concat>
  </local_variable>

  <ind:textfilecontent54_object id="object_%MOUNTOPTION%_etc_fstab_not_cd_dvd_drive" version="1">
    <ind:filepath>/etc/fstab</ind:filepath>
    <ind:pattern operation="pattern match" datatype="string" var_ref="variable_not_cd_dvd_drive_regex_pattern_%MOUNTOPTION%" var_check="at least one" />
    <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
  </ind:textfilecontent54_object>

  <ind:textfilecontent54_state id="state_%MOUNTOPTION%_etc_fstab_not_cd_dvd_drive" version="1">
    <ind:subexpression operation="pattern match" datatype="string">^.*,?%MOUNTOPTION%,?.*</ind:subexpression>
  </ind:textfilecontent54_state>

  <linux:partition_test id="test_%MOUNTOPTION%_runtime_not_cd_dvd_drive" check="all" check_existence="all_exist" comment="'%MOUNTOPTION%' mount option used for removable partition in runtime configuration" version="1">
    <linux:object object_ref="object_%MOUNTOPTION%_runtime_not_cd_dvd_drive" />
  </linux:partition_test>

  <linux:partition_object id="object_%MOUNTOPTION%_runtime_not_cd_dvd_drive" version="1">
    <!-- Removable partition can be mounted under any mount point. We don't know it's
         exact name ahead => Capture all & filter out only those relevant later via state -->
    <linux:mount_point operation="pattern match">^.*$</linux:mount_point>
    <!-- From all the captured mount points select only those having device equal
         to 'var_removable_partition' variable value and simultaneously having
         '%MOUNTOPTION%' mount option set -->
    <filter action="include">state_%MOUNTOPTION%_runtime_not_cd_dvd_drive</filter>
  </linux:partition_object>

  <linux:partition_state id="state_%MOUNTOPTION%_runtime_not_cd_dvd_drive" version="1">
    <linux:device datatype="string" operation="equals" var_ref="var_removable_partition" var_check="at least one" />
    <linux:mount_options datatype="string" entity_check="at least one" operation="equals">%MOUNTOPTION%</linux:mount_options>
  </linux:partition_state>

  <external_variable comment="removable partition" datatype="string" id="var_removable_partition" version="1" />

</def-group>
