* Christian Schoenebeck (qemu_oss@xxxxxxxxxxxxx) wrote: > On Dienstag, 28. Juli 2020 15:08:59 CEST Greg Kurz wrote: > > On Tue, 28 Jul 2020 11:55:03 +0100 > > > > "Dr. David Alan Gilbert" <dgilbert@xxxxxxxxxx> wrote: > > > Hi, > > > > > > Are there any standards for mapping xattr names/classes when > > > > > > a restricted view of the filesystem needs to think it's root? > > > > > > e.g. VMs that mount host filesystems, remote filesystems etc and the > > > client kernel tries to set a trusted. or security. xattr and you want > > > to store that on an underlying normal filesystem, but your > > > VM system doesn't want to have CAP_SYS_ADMIN and/or doesn't want to > > > interfere with the real hosts security. > > > > > > I can see some existing examples: > > > 9p in qemu > > > > > > maps system.posix_acl_* to user.virtfs.system.posix_acl_* > > > > > > stops the guest accessing any user.virtfs.* > > Not that they were remapped, but the 'local' 9pfs fs driver also actively > interprets: > > user.virtfs.uid > user.virtfs.gid > user.virtfs.mode > user.virtfs.rdev > > > > overlayfs > > > > > > uses trusted.overlay.* on upper layer and blocks that from > > > > > > clients > > > > > > fuse-overlayfs > > > > > > uses trusted.overlay.* for compatibiltiy if it has perms, > > > otherwise falls back to user.fuseoverlayfs.* > > > > > > crosvm's virtiofs > > > > > > maps "security.sehash" to "user.virtiofs.security.sehash" > > > and blocks the guest from accessing user.virtiofs.* > > > > > > Does anyone know of any others? > > Well, depends on how large you draw the scope here. For instance Samba has a > bunch VFS modules which also uses and hence prohibits certain xattrs. For > instance for supporting (NTFS) alternate data streams (a.k.a. resource forks) > of Windows clients it uses user.DosStream.*: > > https://www.samba.org/samba/docs/current/man-html/vfs_streams_xattr.8.html > > as well as "user.DOSATTRIB". > > And as macOS heavily relies on resource forks (i.e. macOS doesn't work without > them), there are a bunch of xattr remappings in the dedicated Apple VFS > module, like "aapl_*": > > https://www.samba.org/samba/docs/current/man-html/vfs_fruit.8.html > https://github.com/samba-team/samba/blob/master/source3/modules/vfs_fruit.c Thanks; what I've added to virtiofsd at the moment is a generic remapping thing that lets me add any prefix and block/drop any xattr. The other samba-ism I found was mvxattr(1) which lets you rename xattr's ona directory tree; which is quite useful. Dave > Best regards, > Christian Schoenebeck > > -- Dr. David Alan Gilbert / dgilbert@xxxxxxxxxx / Manchester, UK
