From nobody Wed Aug 30 04:55:14 2023 X-Original-To: current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RbBnv4zDDz4rgY9 for ; Wed, 30 Aug 2023 04:56:03 +0000 (UTC) (envelope-from Alexander@Leidinger.net) Received: from mailgate.Leidinger.net (bastille.leidinger.net [89.238.82.207]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature ECDSA (P-256) client-digest SHA256) (Client CN "mailgate.leidinger.net", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RbBnv2TsYz4Pr7; Wed, 30 Aug 2023 04:56:03 +0000 (UTC) (envelope-from Alexander@Leidinger.net) Authentication-Results: mx1.freebsd.org; none Received: from webmail2.leidinger.net (roundcube.Leidinger.net [192.168.1.123]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: Alexander@Leidinger.net) by outgoing.leidinger.net (Postfix) with ESMTPSA id BE231534; Wed, 30 Aug 2023 06:55:14 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=leidinger.net; s=outgoing-alex; t=1693371349; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=SOze0zuqzT5YWC9Cge/yHcG+/oI6VsSCNKx6xWCYnak=; b=DwvjZyCMkWoNKU4hFJzm2sx2IWQO/PpQp1cv4qZzmlWpLfdf1eprEquFKbI83INGoCIBHY 5kDFUdGcRnxHneDkWrRoLlWtcDjFiWzwVYLvxG4bOh1SAwJwVWdc6PlFiCcuJNqBCnZ+Vb dOZ/HQ7dxzBCoSzmekT+9H6sFH5IE4N425y6R7O5IutWrdmAp3zdpbyF7whIH9FVP97j/R RW36fcCo68sHCdGIDEqqaxmRJaC+dkMYX5MfPKpmLI9+4PmnhP+dnlswv8Ct2k3aAoUwop g+RAS6mP6SoTobfDgXJ8Nl1/B/uJCdejb0UlxmJhaQ+j1bR/f3yO2IhbBiXPKg== List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@freebsd.org MIME-Version: 1.0 Date: Wed, 30 Aug 2023 06:55:14 +0200 From: Alexander Leidinger To: Shawn Webb Cc: Dmitry Chagin , current@freebsd.org Subject: Re: Possible issue with linux xattr support? In-Reply-To: <20230829190258.uc67572553e4fq3v@mutt-hbsd> References: <3q2k3tje2ig2s6wzy4hzvjmoyejiecminvcvevivumtukxrgki@btnpjbztyfa6> <20230829190258.uc67572553e4fq3v@mutt-hbsd> Message-ID: <8b49a01cfc32aa0a4bb9d0e9aebbe7be@Leidinger.net> X-Sender: Alexander@Leidinger.net Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:34240, ipnet:89.238.64.0/18, country:DE] X-Rspamd-Queue-Id: 4RbBnv2TsYz4Pr7 Am 2023-08-29 21:02, schrieb Shawn Webb: > Back in 2019, I had a similar issue: I needed access to be able to > read/write to the system extended attribute namespace from within a > jailed context. I wrote a rather simple patch that provides that > support on a per-jail basis: > > https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/96c85982b45e44a6105664c7068a92d0a61da2a3 You enabled it by default. I would assume you had a thought about the implications... any memories about it? What I'm after is: - What can go wrong if we enable it by default? - Why would we like to disable it (or any ideas why it is disabled by default in FreeBSD)? Depending in the answers we may even use a simpler patch and have it allowed in jails even without the possibility to configure it. Bye, Alexander. -- http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF