[PATCH] security: Use org namespace for xattrs on macOS

Michal Privoznik mprivozn at redhat.com
Thu Oct 29 18:28:23 UTC 2020

On 10/29/20 6:56 PM, Andrea Bolognani wrote:
> On Thu, 2020-10-29 at 15:23 +0100, Michal Privoznik wrote:
>> On 10/29/20 2:36 PM, Andrea Bolognani wrote:
>>> In the former case we should modify the functions dealing with them
>>> so that they become successful no-ops, in the latter we should
>>> probably do what we do on Windows and not build the security drivers
>>> at all on macOS.
>>> At least that's my current reading of the situation :)
>> We should probably disable the test on non-Linux && non-BSD. But let's
>> wait for the answer to my question.
> Based on the understanding of the situation that I've gained through
> your very detailed explanations (thanks!), I would say that by doing
> so we'd only be papering over the issue: when actually starting
> guests on macOS, we'd still attempt to store the original owner in
> xattrs and fail, right? 

I don't think we would fail. My assumption is that macOS has no notion 
of namespaces and XATTRs can be manipulated by anybody (well, the owner 
of the file + root). So we would not fail but create a huge security 
hole. But then again, it all boils down to still unanswered question, 
how does macOS handle XATTRs and whether there is a namespace we can 
safely use.

Roman, can you chime in? We could really use your input here.

> So I think on macOS we need to always behave
> as if remember_owner had been set to 0 in qemu.conf.

This should be working like that already.


More information about the libvir-list mailing list