On Wed, 2020-10-28 at 20:25 +0100, Michal Privoznik wrote:
> On 10/28/20 8:16 PM, Andrea Bolognani wrote:
> > On Mon, 2020-10-26 at 00:25 +0300, Roman Bolshakov wrote:
> > > +++ b/src/security/security_util.c
> > > @@ -56,6 +56,8 @@ VIR_LOG_INIT("security.security_util");
> > > # define XATTR_NAMESPACE "trusted"
> > > #elif defined(__FreeBSD__)
> > > # define XATTR_NAMESPACE "system"
> > > +#elif defined(__APPLE__)
> > > +# define XATTR_NAMESPACE "org"
> > > #endif
> >
> > Considering that Apple uses com.apple for its own xattrs, libvirt
> > using org.libvirt makes sense to me.
>
> One thing to consider here (and my rough googling did not help) is that
> we need the namespace to be RW only by root. If it were writable by a
> regular user (e.g "user." on linux) then a regular user could trick us
> to chown() the file to whatever user they please. Is "org" (and per your
> commit message in fact any XATTR namespace, since it doesn't look like
> mac os has any notion of namespaces after all) writable by root only?
Yeah that's a solid point, thanks for keeping an eye on me ;)
Assuming macOS doesn't have any root-only namespaces, can we simply
compile out the feature entirely on that OS? What about other targets
like Windows?
--
Andrea Bolognani / Red Hat / Virtualization
