[PATCH] security: Use org namespace for xattrs on macOS
Roman Bolshakov
r.bolshakov at yadro.com
Sun Nov 1 11:38:16 UTC 2020
On Wed, Oct 28, 2020 at 08:25:46PM +0100, Michal Privoznik wrote:
> On 10/28/20 8:16 PM, Andrea Bolognani wrote:
> > On Mon, 2020-10-26 at 00:25 +0300, Roman Bolshakov wrote:
> > > There're no guidelines on what namespace should be used but it seems
> > > thirdparty apps can select the one they like [1], i.e. freedekstop
> > > xattrs are prefixed with xdg.
> > >
> > > qemusecuritytest passes after that.
> > >
> > > 1. https://www.freedesktop.org/wiki/CommonExtendedAttributes/
> > >
> > > Signed-off-by: Roman Bolshakov <r.bolshakov at yadro.com>
> > > ---
> > > src/security/security_util.c | 2 ++
> > > 1 file changed, 2 insertions(+)
> > >
> > > diff --git a/src/security/security_util.c b/src/security/security_util.c
> > > index 7fa5163fe4..5d50acb574 100644
> > > --- a/src/security/security_util.c
> > > +++ b/src/security/security_util.c
> > > @@ -56,6 +56,8 @@ VIR_LOG_INIT("security.security_util");
> > > # define XATTR_NAMESPACE "trusted"
> > > #elif defined(__FreeBSD__)
> > > # define XATTR_NAMESPACE "system"
> > > +#elif defined(__APPLE__)
> > > +# define XATTR_NAMESPACE "org"
> > > #endif
> >
> > Considering that Apple uses com.apple for its own xattrs, libvirt
> > using org.libvirt makes sense to me.
> >
>
> One thing to consider here (and my rough googling did not help) is that we
> need the namespace to be RW only by root. If it were writable by a regular
> user (e.g "user." on linux) then a regular user could trick us to chown()
> the file to whatever user they please. Is "org" (and per your commit message
> in fact any XATTR namespace, since it doesn't look like mac os has any
> notion of namespaces after all) writable by root only?
>
After investigation of xnu kernel, I've found com.apple.system namespace
that can be used to store system attributes but it can't be
set/received/listed from userspace.
$ xattr -w com.apple.system.libvirt bar foo
xattr: [Errno 1] Operation not permitted: 'foo'
$ sudo xattr -w com.apple.system.libvirt bar foo
xattr: [Errno 1] Operation not permitted: 'foo
I haven't found any kind of "trusted"/"system" namespace that can be
used from user-space. But I'm not sure if libvirt on macOS is going to
be used from root, rather from a user account.
The feature the tests exists for is:
https://patchew.org/Libvirt/cover.1544618362.git.mprivozn@redhat.com/
https://www.redhat.com/archives/libvir-list/2019-November/msg00862.html
What do you think if the tests will be skipped on macOS?
Thanks,
Roman
More information about the libvir-list
mailing list