Re: [PATCH] security: Use org namespace for xattrs on macOS
On 10/29/20 6:56 PM, Andrea Bolognani wrote:
On Thu, 2020-10-29 at 15:23 +0100, Michal Privoznik wrote:
> On 10/29/20 2:36 PM, Andrea Bolognani wrote:
>> In the former case we should modify the functions dealing with them
>> so that they become successful no-ops, in the latter we should
>> probably do what we do on Windows and not build the security drivers
>> at all on macOS.
>>
>> At least that's my current reading of the situation :)
>
> We should probably disable the test on non-Linux && non-BSD. But let's
> wait for the answer to my question.
Based on the understanding of the situation that I've gained through
your very detailed explanations (thanks!), I would say that by doing
so we'd only be papering over the issue: when actually starting
guests on macOS, we'd still attempt to store the original owner in
xattrs and fail, right?
I don't think we would fail. My assumption is that macOS has no notion
of namespaces and XATTRs can be manipulated by anybody (well, the owner
of the file + root). So we would not fail but create a huge security
hole. But then again, it all boils down to still unanswered question,
how does macOS handle XATTRs and whether there is a namespace we can
safely use.
Roman, can you chime in? We could really use your input here.
So I think on macOS we need to always behave
as if remember_owner had been set to 0 in qemu.conf.
This should be working like that already.
Michal