From nobody Mon Aug 28 12:17:18 2023 X-Original-To: current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RZ8hJ4W11z4rV0b for ; Mon, 28 Aug 2023 12:17:36 +0000 (UTC) (envelope-from Alexander@Leidinger.net) Received: from mailgate.Leidinger.net (bastille.leidinger.net [89.238.82.207]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature ECDSA (P-256) client-digest SHA256) (Client CN "mailgate.leidinger.net", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RZ8hH2Q7Nz3gNv; Mon, 28 Aug 2023 12:17:35 +0000 (UTC) (envelope-from Alexander@Leidinger.net) Authentication-Results: mx1.freebsd.org; none Received: from webmail2.leidinger.net (roundcube.Leidinger.net [192.168.1.123]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: Alexander@Leidinger.net) by outgoing.leidinger.net (Postfix) with ESMTPSA id D469D88; Mon, 28 Aug 2023 14:17:18 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=leidinger.net; s=outgoing-alex; t=1693225041; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=mQ2MeBWpantUTXP61qjmsUqAE1pW40hL8VcoviFwpyg=; b=em/fNb5CoMo1h5SIBywtpJHmFeFKN7ywi/suZ6lX5kevBEhZemLHkqfxoCF6nQbW1HIZGH XQ2lrBoAy3TfwUSYZj92EvnYI8QuDbatPn/lod+jmRrzFif4aI5tafi3ZC8Tr+6EhzOWev 8if6qq0qH966x5hFnLVXIUfTpgPL5ubaQ4A2BiLxrvznYH/ZymnOOKb+RyFMlr8Dp1RiaQ ji9xKbNZGEkhg/5S3Va2J+uj5B6ZG6PF2slRvciuw+KQH9qJ5Jcvbcmn/GrqvRi8QlPWiV G/2KcwHWZjj/5xs9RiiHkp5btfKdg9qDoqxHgiJXCFFiplGnVAFnP3rSp7f2fw== List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@freebsd.org MIME-Version: 1.0 Date: Mon, 28 Aug 2023 14:17:18 +0200 From: Alexander Leidinger To: Dmitry Chagin Cc: current@freebsd.org, jamie@freebsd.org Subject: Re: Possible issue with linux xattr support? In-Reply-To: References: <3q2k3tje2ig2s6wzy4hzvjmoyejiecminvcvevivumtukxrgki@btnpjbztyfa6> Message-ID: <7ef4e05c0dc9b9e10e1dbc16f485d83c@Leidinger.net> X-Sender: Alexander@Leidinger.net Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4RZ8hH2Q7Nz3gNv X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:34240, ipnet:89.238.64.0/18, country:DE] Am 2023-08-28 13:06, schrieb Dmitry Chagin: > On Sun, Aug 27, 2023 at 09:55:23PM +0200, Felix Palmen wrote: >> * Dmitry Chagin [20230827 22:46]: >> > I can fix this completely disabling exttatr for jailed proc, >> > however, it's gonna be bullshit, though >> >> Would probably be better than nothing. AFAIK, "Linux jails" are used a >> lot, probably with userlands from distributions actually using xattr. >> > > It might sense to allow this priv (PRIV_VFS_EXTATTR_SYSTEM) for linux > jails by default? What do think, James? I think the question is more if we want to allow it in jails (not specific to linux jails, as in: if it is ok for linux jails, it should be ok for FreeBSD jails too). So the question is what does this protect the hosts from, if this is not allowed in jails? Some kind of possibility to DoS the host? Bye, Alexander. -- http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF