On Wed, Oct 28, 2020 at 08:25:46PM +0100, Michal Privoznik wrote: > On 10/28/20 8:16 PM, Andrea Bolognani wrote: > > On Mon, 2020-10-26 at 00:25 +0300, Roman Bolshakov wrote: > > > There're no guidelines on what namespace should be used but it seems > > > thirdparty apps can select the one they like [1], i.e. freedekstop > > > xattrs are prefixed with xdg. > > > > > > qemusecuritytest passes after that. > > > > > > 1. https://www.freedesktop.org/wiki/CommonExtendedAttributes/ > > > > > > Signed-off-by: Roman Bolshakov <r.bolshakov@xxxxxxxxx> > > > --- > > > src/security/security_util.c | 2 ++ > > > 1 file changed, 2 insertions(+) > > > > > > diff --git a/src/security/security_util.c b/src/security/security_util.c > > > index 7fa5163fe4..5d50acb574 100644 > > > --- a/src/security/security_util.c > > > +++ b/src/security/security_util.c > > > @@ -56,6 +56,8 @@ VIR_LOG_INIT("security.security_util"); > > > # define XATTR_NAMESPACE "trusted" > > > #elif defined(__FreeBSD__) > > > # define XATTR_NAMESPACE "system" > > > +#elif defined(__APPLE__) > > > +# define XATTR_NAMESPACE "org" > > > #endif > > > > Considering that Apple uses com.apple for its own xattrs, libvirt > > using org.libvirt makes sense to me. > > > > One thing to consider here (and my rough googling did not help) is that we > need the namespace to be RW only by root. If it were writable by a regular > user (e.g "user." on linux) then a regular user could trick us to chown() > the file to whatever user they please. Is "org" (and per your commit message > in fact any XATTR namespace, since it doesn't look like mac os has any > notion of namespaces after all) writable by root only? > After investigation of xnu kernel, I've found com.apple.system namespace that can be used to store system attributes but it can't be set/received/listed from userspace. $ xattr -w com.apple.system.libvirt bar foo xattr: [Errno 1] Operation not permitted: 'foo' $ sudo xattr -w com.apple.system.libvirt bar foo xattr: [Errno 1] Operation not permitted: 'foo I haven't found any kind of "trusted"/"system" namespace that can be used from user-space. But I'm not sure if libvirt on macOS is going to be used from root, rather from a user account. The feature the tests exists for is: https://patchew.org/Libvirt/cover.1544618362.git.mprivozn@xxxxxxxxxx/ https://www.redhat.com/archives/libvir-list/2019-November/msg00862.html What do you think if the tests will be skipped on macOS? Thanks, Roman
