squashfs-tools-ng icon indicating copy to clipboard operation
squashfs-tools-ng copied to clipboard

Published 20 hours ago verified publisher icon AgentD

Set xattr/capabilities/acl from pack-file

Open Gottox opened this issue 3 years ago • 2 comments

I'm the author of libhsqs, a BSD licensed clean room (readlonly) squashfs implementation. As the developer of this software I'd like to write proper tests. Currently I'm using mksquash to generate test images, but this tools has its limitations.

The problem I'm currently facing is, that 1. I can't unit-test the trusted and security namespaces of xattr without root and 2. the tests aren't stable across different systems and filesystems (especially tmpfs doesn't allow the user namespace).

I looked into gensquashfs, which mostly solves the need for root privileges, but it lacks a way to allow setting xattr/capabilities/acl from a pack-file. It would be awesome, if I could set those values in this file.

Gottox avatar Dec 12 '21 22:12 Gottox

Hi!

Thanks for mentioning the library. The core parts of the SquashFS reading/writing in squashfs-tools-ng are also expose in an LGPL licensed, shared library. Unit testing of the core library is sadly still largely lacking.

As I understand it, the idea of this ticket is basically what I meant in #3. Currently gensquashfs can generate SELinux xattrs from an SELinux label file. Parsing of the label file is done through libselinux. My idea for ticket #3 was to either construct something with a similar syntax, or somehow add support for that to the pack file.

As for ACLs: The SquashFS format does not support ACLs and ACLs are an independent concept from Xattrs. It's only an oddity of a few filesystems to implement ACLs through Xattrs. See also: #25 #45 #83

AgentD avatar Dec 14 '21 20:12 AgentD

Thanks for mentioning the library. The core parts of the SquashFS reading/writing in squashfs-tools-ng are also expose in an LGPL licensed, shared library. Unit testing of the core library is sadly still largely lacking.

Hey, I just learned that the library is LGPL. Maybe it would've made another decision if I had known this beforehand. Anyway, for me it was a great exercise to implement it by myself.

As for ACLs: The SquashFS format does not support ACLs and ACLs are an independent concept from Xattrs. It's only an oddity of a few filesystems to implement ACLs through Xattrs. See also: #25 #45 #83

That's interesting. I thought that it was implemented through Xattr by default. Thanks for the clarification. ACLs aren't my usecase anyway, but supporting linux-caps would be awesome.

Gottox avatar Dec 15 '21 08:12 Gottox