On Fri, Nov 23, 2018 at 09:43:21AM +0100, Michal Privoznik wrote:
+/* There are four namespaces available (xattr(7)):
s/available/available on Linux/
FreeBSD only supports 'user' and 'system' namespaces
+ *
+ * user - can be modified by anybody,
+ * system - used by ACLs
+ * security - used by SELinux
+ * trusted - accessibly by CAP_SYS_ADMIN processes only
+ *
+ * Looks like the last one is way to go.
That prevents the QEMU driver using this functionality on any
non-Linux host.
The key problem we obviously face is that of the QEMU process
being able to modify the xattrs maliciously. 'trusted' namespace
solves this for Linux but unsolved for BSD/macOS.
I can only think of two alternative ways to deal with this
- Use a sidecar file. eg $FILEPATH.libvirt.json
Works ok for plain files. Troublesome for device nodes.
Would have to use a file in /var/run/libvirt/devs/$DEVNODE
perhaps ?
- Use 'user' label but add a cryptographic signature
as a further attribute. Doesn't prevent tampering
but lets us throw away the data when tempering is
detected.
Did you consider either of these, or any other possible
options ? I'm still loathe to bake in a solution that will
only work on Linux, despite 99% of our userbase being Linux.
Regards,
Daniel
--
|:
https://berrange.com -o-
https://www.flickr.com/photos/dberrange :|
|:
https://libvirt.org -o-
https://fstop138.berrange.com :|
|:
https://entangle-photo.org -o-
https://www.instagram.com/dberrange :|