On Thu, 2020-10-29 at 12:18 +0100, Michal Privoznik wrote:
On 10/29/20 11:49 AM, Andrea Bolognani wrote:
> Assuming macOS doesn't have any root-only namespaces, can we simply
> compile out the feature entirely on that OS? What about other targets
> like Windows?
What do you mean by compile out? The whole security_uitl.c is divided
into two parts: the actual implementation if XATTR_NAMESPACE is set
(which is currently only on Linux + BSD) and stubs which do nothing but
report an error.
Then, these internal APIs are called only from the secdrivers which we
don't build on Windows, do we?
Roman, is there any misbehaviour you're seeing? Or is this just porting
the feature to macOS? I'm not against it, I just don't have anywhere to
test it.
The issue Roman is trying to address with this patch is that
qemusecuritytest fails reporting a bunch of
Security Driver error : Extended attributes are not supported on
this system: Function not implemented
messages.
I'm not very familiar with security drivers but I guess the question
is: are xattrs a critical part of the security story, without which
no isolation is possible at all, or is it conceivable to have
security drivers that provide some amount of protection on macOS even
though they can't go as far as they can on Linux and FreeBSD?
In the former case we should modify the functions dealing with them
so that they become successful no-ops, in the latter we should
probably do what we do on Windows and not build the security drivers
at all on macOS.
At least that's my current reading of the situation :)
--
Andrea Bolognani / Red Hat / Virtualization