Linux-Fsdevel Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Christian Schoenebeck <qemu_oss@crudebyte.com>
To: Greg Kurz <groug@kaod.org>
Cc: "Dr. David Alan Gilbert" <dgilbert@redhat.com>,
linux-fsdevel@vger.kernel.org, stefanha@redhat.com,
mszeredi@redhat.com, vgoyal@redhat.com, gscrivan@redhat.com,
dwalsh@redhat.com, chirantan@chromium.org
Subject: Re: xattr names for unprivileged stacking?
Date: Tue, 28 Jul 2020 15:55:51 +0200 [thread overview]
Message-ID: <2071310.X8v6e1yvPo@silver> (raw)
In-Reply-To: <20200728150859.0ad6ea79@bahia.lan>
On Dienstag, 28. Juli 2020 15:08:59 CEST Greg Kurz wrote:
> On Tue, 28 Jul 2020 11:55:03 +0100
>
> "Dr. David Alan Gilbert" <dgilbert@redhat.com> wrote:
> > Hi,
> >
> > Are there any standards for mapping xattr names/classes when
> >
> > a restricted view of the filesystem needs to think it's root?
> >
> > e.g. VMs that mount host filesystems, remote filesystems etc and the
> > client kernel tries to set a trusted. or security. xattr and you want
> > to store that on an underlying normal filesystem, but your
> > VM system doesn't want to have CAP_SYS_ADMIN and/or doesn't want to
> > interfere with the real hosts security.
> >
> > I can see some existing examples:
> > 9p in qemu
> >
> > maps system.posix_acl_* to user.virtfs.system.posix_acl_*
> >
> > stops the guest accessing any user.virtfs.*
Not that they were remapped, but the 'local' 9pfs fs driver also actively
interprets:
user.virtfs.uid
user.virtfs.gid
user.virtfs.mode
user.virtfs.rdev
> > overlayfs
> >
> > uses trusted.overlay.* on upper layer and blocks that from
> >
> > clients
> >
> > fuse-overlayfs
> >
> > uses trusted.overlay.* for compatibiltiy if it has perms,
> > otherwise falls back to user.fuseoverlayfs.*
> >
> > crosvm's virtiofs
> >
> > maps "security.sehash" to "user.virtiofs.security.sehash"
> > and blocks the guest from accessing user.virtiofs.*
> >
> > Does anyone know of any others?
Well, depends on how large you draw the scope here. For instance Samba has a
bunch VFS modules which also uses and hence prohibits certain xattrs. For
instance for supporting (NTFS) alternate data streams (a.k.a. resource forks)
of Windows clients it uses user.DosStream.*:
https://www.samba.org/samba/docs/current/man-html/vfs_streams_xattr.8.html
as well as "user.DOSATTRIB".
And as macOS heavily relies on resource forks (i.e. macOS doesn't work without
them), there are a bunch of xattr remappings in the dedicated Apple VFS
module, like "aapl_*":
https://www.samba.org/samba/docs/current/man-html/vfs_fruit.8.html
https://github.com/samba-team/samba/blob/master/source3/modules/vfs_fruit.c
Best regards,
Christian Schoenebeck
next prev parent reply other threads:[~2020-07-28 14:22 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-28 10:55 Dr. David Alan Gilbert
2020-07-28 13:08 ` Greg Kurz
2020-07-28 13:55 ` Christian Schoenebeck [this message]
2020-08-04 11:28 ` Dr. David Alan Gilbert
2020-08-04 13:51 ` Christian Schoenebeck
2020-08-12 11:18 ` Dr. David Alan Gilbert
2020-08-12 13:34 ` Christian Schoenebeck
2020-08-12 14:33 ` Dr. David Alan Gilbert
2020-08-13 9:01 ` Christian Schoenebeck
2020-08-16 22:56 ` Dave Chinner
2020-08-16 23:09 ` Matthew Wilcox
2020-08-17 0:29 ` Dave Chinner
2020-08-17 10:37 ` file forks vs. xattr (was: xattr names for unprivileged stacking?) Christian Schoenebeck
2020-08-23 23:40 ` Dave Chinner
2020-08-24 15:30 ` Christian Schoenebeck
2020-08-24 20:01 ` Miklos Szeredi
2020-08-24 21:26 ` Frank van der Linden
2020-08-24 22:29 ` Theodore Y. Ts'o
2020-08-25 15:12 ` Christian Schoenebeck
2020-08-25 15:32 ` Miklos Szeredi
2020-08-27 12:02 ` Christian Schoenebeck
2020-08-27 12:25 ` Matthew Wilcox
2020-08-27 13:48 ` Christian Schoenebeck
2020-08-27 14:01 ` Matthew Wilcox
2020-08-27 14:23 ` Christian Schoenebeck
2020-08-27 14:25 ` Matthew Wilcox
2020-08-27 14:44 ` Al Viro
2020-08-27 16:29 ` Dr. David Alan Gilbert
2020-08-27 16:35 ` Matthew Wilcox
2020-08-28 9:11 ` Christian Schoenebeck
2020-08-28 14:46 ` Theodore Y. Ts'o
2020-08-27 15:22 ` xattr names for unprivileged stacking? Matthew Wilcox
2020-08-27 22:24 ` Dave Chinner
2020-08-29 16:07 ` Matthew Wilcox
2020-08-29 16:13 ` Al Viro
2020-08-29 17:51 ` Miklos Szeredi
2020-08-29 18:04 ` Al Viro
2020-08-29 18:22 ` Christian Schoenebeck
2020-08-29 19:13 ` Miklos Szeredi
2020-08-29 19:25 ` Al Viro
2020-08-30 19:05 ` Miklos Szeredi
2020-08-30 19:10 ` Matthew Wilcox
2020-08-31 7:34 ` Miklos Szeredi
2020-08-31 11:37 ` Matthew Wilcox
2020-08-31 11:51 ` Miklos Szeredi
2020-08-31 13:23 ` Matthew Wilcox
2020-08-31 14:21 ` Miklos Szeredi
2020-08-31 14:25 ` Theodore Y. Ts'o
2020-08-31 14:45 ` Matthew Wilcox
2020-08-31 14:49 ` Miklos Szeredi
2020-09-01 3:34 ` Dave Chinner
2020-09-01 14:52 ` Theodore Y. Ts'o
2020-09-01 15:14 ` Theodore Y. Ts'o
2020-09-02 5:19 ` Dave Chinner
2020-08-31 18:02 ` Andreas Dilger
2020-09-01 3:48 ` Dave Chinner
2020-08-29 19:17 ` Matthew Wilcox
2020-08-29 19:40 ` Al Viro
2020-08-29 20:12 ` Matthew Wilcox
2020-08-31 14:23 ` Theodore Y. Ts'o
2020-08-31 14:40 ` Matthew Wilcox
2020-08-31 16:11 ` Christian Schoenebeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2071310.X8v6e1yvPo@silver \
--to=qemu_oss@crudebyte.com \
--cc=chirantan@chromium.org \
--cc=dgilbert@redhat.com \
--cc=dwalsh@redhat.com \
--cc=groug@kaod.org \
--cc=gscrivan@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=mszeredi@redhat.com \
--cc=stefanha@redhat.com \
--cc=vgoyal@redhat.com \
--subject='Re: xattr names for unprivileged stacking?' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).