[PATCH] security: Use org namespace for xattrs on macOS
Roman Bolshakov
r.bolshakov at yadro.com
Sun Nov 1 11:47:04 UTC 2020
On Thu, Oct 29, 2020 at 12:18:13PM +0100, Michal Privoznik wrote:
> On 10/29/20 11:49 AM, Andrea Bolognani wrote:
> > On Wed, 2020-10-28 at 20:25 +0100, Michal Privoznik wrote:
> > > On 10/28/20 8:16 PM, Andrea Bolognani wrote:
> > > > On Mon, 2020-10-26 at 00:25 +0300, Roman Bolshakov wrote:
> > > > > +++ b/src/security/security_util.c
> > > > > @@ -56,6 +56,8 @@ VIR_LOG_INIT("security.security_util");
> > > > > # define XATTR_NAMESPACE "trusted"
> > > > > #elif defined(__FreeBSD__)
> > > > > # define XATTR_NAMESPACE "system"
> > > > > +#elif defined(__APPLE__)
> > > > > +# define XATTR_NAMESPACE "org"
> > > > > #endif
> > > >
> > > > Considering that Apple uses com.apple for its own xattrs, libvirt
> > > > using org.libvirt makes sense to me.
> > >
> > > One thing to consider here (and my rough googling did not help) is that
> > > we need the namespace to be RW only by root. If it were writable by a
> > > regular user (e.g "user." on linux) then a regular user could trick us
> > > to chown() the file to whatever user they please. Is "org" (and per your
> > > commit message in fact any XATTR namespace, since it doesn't look like
> > > mac os has any notion of namespaces after all) writable by root only?
> >
> > Yeah that's a solid point, thanks for keeping an eye on me ;)
> >
> > Assuming macOS doesn't have any root-only namespaces, can we simply
> > compile out the feature entirely on that OS? What about other targets
> > like Windows?
> >
>
> Roman, is there any misbehaviour you're seeing? Or is this just porting the
> feature to macOS? I'm not against it, I just don't have anywhere to test it.
>
I don't see misbehaviour. I was just trying to fix tests :) I want to
resend my old patch series that supports additional accels and I was
asked to fix tests and syntax check first. It turned out to be bigger
issue than the patch series but we're almost at the point of one failing
test and not yet working qemucapsprobe.
Thanks,
Roman
More information about the libvir-list
mailing list