On Fri, Nov 23, 2018 at 09:43:21AM +0100, Michal Privoznik wrote: > +/* There are four namespaces available (xattr(7)): s/available/available on Linux/ FreeBSD only supports 'user' and 'system' namespaces > + * > + * user - can be modified by anybody, > + * system - used by ACLs > + * security - used by SELinux > + * trusted - accessibly by CAP_SYS_ADMIN processes only > + * > + * Looks like the last one is way to go. That prevents the QEMU driver using this functionality on any non-Linux host. The key problem we obviously face is that of the QEMU process being able to modify the xattrs maliciously. 'trusted' namespace solves this for Linux but unsolved for BSD/macOS. I can only think of two alternative ways to deal with this - Use a sidecar file. eg $FILEPATH.libvirt.json Works ok for plain files. Troublesome for device nodes. Would have to use a file in /var/run/libvirt/devs/$DEVNODE perhaps ? - Use 'user' label but add a cryptographic signature as a further attribute. Doesn't prevent tampering but lets us throw away the data when tempering is detected. Did you consider either of these, or any other possible options ? I'm still loathe to bake in a solution that will only work on Linux, despite 99% of our userbase being Linux. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
