|
|
Log in / Subscribe / Register

A Plumber's Wish List for Linux

A Plumber's Wish List for Linux

Posted Oct 7, 2011 21:56 UTC (Fri) by dpquigl (guest, #52852)
Parent article: A Plumber's Wish List for Linux

I wonder why they want user xattrs on cgroupfs and procfs. I can see the other xattr types but it would be interesting to hear the usecases for the user xattr namespace.

to post comments

A Plumber's Wish List for Linux

Posted Oct 7, 2011 22:13 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link] (2 responses)

Easy. xattrs allow cgroups to be labeled for use with SELinux.

A Plumber's Wish List for Linux

Posted Oct 7, 2011 22:17 UTC (Fri) by dpquigl (guest, #52852) [Link] (1 responses)

Those aren't user xattrs though. The user. xattr namespace is unprivileged. The SMACK and SELinux xattrs are in the security. namespace.

A Plumber's Wish List for Linux

Posted Oct 7, 2011 23:30 UTC (Fri) by dpquigl (guest, #52852) [Link]

Its worth noting that procfs supports the security name space but cgroupfs doesn't yet. cgroupfs security xattr support should be implemented in the same way that the sysfs xattr support is done instead of proc.

A Plumber's Wish List for Linux

Posted Oct 10, 2011 17:17 UTC (Mon) by mezcalero (subscriber, #45103) [Link] (1 responses)

Having user xattrs on cgroupfs and procfs allows userspace to attach meta information to processes and services (the latter because in systemd each service gets a cgroup of its own). THis can be useful for a multitude of things. For example, in systemd we'd like to allow processes to mark themselves as "don't kill me on shutdown during killall" (which some borked DM software might need), and it would be really pretty if they could just set "trusted.dont-kill-me" or so as xattr on their procfs dir /proc/self, so that it actually is really the process that is marked that way, instead of having a side channel for this. But the fact that this way we can attach meta info to processes and services has a lot of other benefits too. For example, Gtk programs could expose their app name and icon via an xattr on /proc/self and gnome-system-monitor could use it to show a pretty name in the process view and so on.

In fact, attaching meta information to OS objects like cgroups and processes is probably a lot more useful then simply attaching it to normal files as we have supported now since so long.

A Plumber's Wish List for Linux

Posted Oct 11, 2011 1:00 UTC (Tue) by ebiederm (subscriber, #35028) [Link]

Shudder. I hate to thing about what it would take to implement xatts on files inder /proc/$PID. And only for a little convinience. Shudder


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds