Date: Mon, 28 Aug 2023 14:17:18 +0200 From: Alexander Leidinger <Alexander@Leidinger.net> To: Dmitry Chagin <dchagin@freebsd.org> Cc: current@freebsd.org, jamie@freebsd.org Subject: Re: Possible issue with linux xattr support? Message-ID: <7ef4e05c0dc9b9e10e1dbc16f485d83c@Leidinger.net> In-Reply-To: <ZOx_uYr7qeH10uMX@heemeyer.club> References: <wngyoks3jy5wjrbv6tlqhv3g4jyu7z4s2broo7qcpit7iebawc@fbfb5iidxtp2> <3q2k3tje2ig2s6wzy4hzvjmoyejiecminvcvevivumtukxrgki@btnpjbztyfa6> <ZOuNvisMH_GXHHX2@heemeyer.club> <pzu4sxp4wvfpn3mzzo2giw3otvg6z5ewia6rr2tdgpkjurfcfe@aat2k6ywm6jm> <ZOuoH6Llw8PKgMJQ@heemeyer.club> <wuwg3egv3rilgfaa5hor47v3yjwzvxlt5krj4la4wvugcnhkg3@vgrtgfr7rc6i> <ZOx_uYr7qeH10uMX@heemeyer.club>
next in thread | previous in thread | raw e-mail | index | archive | help
Am 2023-08-28 13:06, schrieb Dmitry Chagin: > On Sun, Aug 27, 2023 at 09:55:23PM +0200, Felix Palmen wrote: >> * Dmitry Chagin <dchagin@freebsd.org> [20230827 22:46]: >> > I can fix this completely disabling exttatr for jailed proc, >> > however, it's gonna be bullshit, though >> >> Would probably be better than nothing. AFAIK, "Linux jails" are used a >> lot, probably with userlands from distributions actually using xattr. >> > > It might sense to allow this priv (PRIV_VFS_EXTATTR_SYSTEM) for linux > jails by default? What do think, James? I think the question is more if we want to allow it in jails (not specific to linux jails, as in: if it is ok for linux jails, it should be ok for FreeBSD jails too). So the question is what does this protect the hosts from, if this is not allowed in jails? Some kind of possibility to DoS the host? Bye, Alexander. -- http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7ef4e05c0dc9b9e10e1dbc16f485d83c>