[systemd-devel] [PATCH] tmpfiles, man: Add xattr support to tmpfiles

[Karol Lewandowski]

2013/6/17 Lennart Poettering <lennart at poettering.net>:
> On Mon, 17.06.13 16:27, Maciej Wereski (m.wereski at partner.samsung.com) wrote:
>
>> This patch makes it possible to set extended attributes on files created
>> by tmpfiles. This can be especially used to set SMACK security labels on
>> volatile files and directories.
>>
>> To keep backwards compatibility Argument field is used. If word starts
>> with "xattr=", then it is cut out from Argument and parsed. There may be
>> many xattrs. Full format is:
>>
>> xattr=name=value
>>
>> If value contains spaces, then it must be surrounded by quotation marks.
>> User can also put quotation mark in value by escaping it with
>> backslash.
>
> I think adding this certainly makes sense, but I am not sure I like the
> syntax. Maybe it would be simpler to add an extra char for this ("a" or
> so?). That way creating a dir and applying an xattr would require two
> lines instead of one, but the stuff isn't atomic anyway.
>
> Admittedly adding a new "a" isn't particularly nice either, but I have
> no better idea than that...

FWIW, I would like note that we might see similar problem if... when
somebody will try to extend tmpfiles with ACLs. That would result
in another type and another line.

Maybe "Type" argument could be extended to contain one primary
type and 0 to n optional subtypes where n-th subtype would parse
n-th semicolon-terminated argument, i.e.

fa   /tmp/foobar -    -    -    -   /dev/null ; security.SMACK=foo
fxa /tmp/foobar -    -    -    -   /dev/null ; security.SMACK=foo ; lmctl=rwx

x - xattrs, a - acls

I do agree this is a bit abusive...

Cheers

[ Lennart, sorry for two copies - first one didn't contain ML. ]