Date: Mon, 10 Jun 2013 18:10:10 +0300 (EEST) From: priit@cc.ttu.ee To: freebsd-security@freebsd.org Subject: libarchive and MAC labels Message-ID: <alpine.LNX.2.03.1306101748380.429@chu>
next in thread | raw e-mail | index | archive | help
I've created a patch for libarchive that allows storing and restoring MAC labels from/to a multilabel filesystem using bsdtar. Now before going anywhere with this I had a few questions: - how much general interest is there in such a feature? Would this be a welcome addition to libarchive, either "upstream" or as integrated in the system source tree. I would be especially interested in the opinion of people who have already been involved with the MAC development. - right now the labels are stored silently, similar to ACL-s and extended attributes. They are not extracted by default, only when the '-p' option is specified (default as root). This seems consistent, however it would also be possible to add a switch so that the labels wouldn't be archived unless explicitly requested. - the labels are stored in text representation, as converted by mac_to_text(). This could potentially cause some future breakage, if the text representation ever changes. Also, restoring a label partially (let's say a biba+MLS label with only biba enabled) does not work. Any thoughts on that? Thanks, Priit.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.LNX.2.03.1306101748380.429>