Date: Mon, 28 Aug 2023 11:06:46 -0700 From: James Gritton <jamie@freebsd.org> To: Alexander Leidinger <Alexander@leidinger.net> Cc: Dmitry Chagin <dchagin@freebsd.org>, current@freebsd.org Subject: Re: Possible issue with linux xattr support? Message-ID: <8c074df2316ba921aa94cbcea298641c@freebsd.org> In-Reply-To: <7ef4e05c0dc9b9e10e1dbc16f485d83c@Leidinger.net> References: <wngyoks3jy5wjrbv6tlqhv3g4jyu7z4s2broo7qcpit7iebawc@fbfb5iidxtp2> <3q2k3tje2ig2s6wzy4hzvjmoyejiecminvcvevivumtukxrgki@btnpjbztyfa6> <ZOuNvisMH_GXHHX2@heemeyer.club> <pzu4sxp4wvfpn3mzzo2giw3otvg6z5ewia6rr2tdgpkjurfcfe@aat2k6ywm6jm> <ZOuoH6Llw8PKgMJQ@heemeyer.club> <wuwg3egv3rilgfaa5hor47v3yjwzvxlt5krj4la4wvugcnhkg3@vgrtgfr7rc6i> <ZOx_uYr7qeH10uMX@heemeyer.club> <7ef4e05c0dc9b9e10e1dbc16f485d83c@Leidinger.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2023-08-28 05:17, Alexander Leidinger wrote: > Am 2023-08-28 13:06, schrieb Dmitry Chagin: >> On Sun, Aug 27, 2023 at 09:55:23PM +0200, Felix Palmen wrote: >>> * Dmitry Chagin <dchagin@freebsd.org> [20230827 22:46]: > >>> > I can fix this completely disabling exttatr for jailed proc, >>> > however, it's gonna be bullshit, though >>> >>> Would probably be better than nothing. AFAIK, "Linux jails" are used >>> a >>> lot, probably with userlands from distributions actually using xattr. >>> >> >> It might sense to allow this priv (PRIV_VFS_EXTATTR_SYSTEM) for linux >> jails by default? What do think, James? > > I think the question is more if we want to allow it in jails (not > specific to linux jails, as in: if it is ok for linux jails, it should > be ok for FreeBSD jails too). So the question is what does this > protect the hosts from, if this is not allowed in jails? Some kind of > possibility to DoS the host? It's definitely an any-jail question, as there's no kernel-level idea of a Linux jail, in that any jail on a system with the linux module loaded can run whatever Linux binaries may exist. - Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8c074df2316ba921aa94cbcea298641c>