AgentD
commented
2 years ago Hi!
Thanks for mentioning the library. The core parts of the SquashFS reading/writing in squashfs-tools-ng are also expose in an LGPL licensed, shared library. Unit testing of the core library is sadly still largely lacking.
As I understand it, the idea of this ticket is basically what I meant in #3. Currently gensquashfs can generate SELinux xattrs from an SELinux label file. Parsing of the label file is done through libselinux. My idea for ticket #3 was to either construct something with a similar syntax, or somehow add support for that to the pack file.
As for ACLs: The SquashFS format does not support ACLs and ACLs are an independent concept from Xattrs. It's only an oddity of a few filesystems to implement ACLs through Xattrs. See also: #25 #45 #83
Gottox
I'm the author of libhsqs, a BSD licensed clean room (readlonly) squashfs implementation. As the developer of this software I'd like to write proper tests. Currently I'm using mksquash to generate test images, but this tools has its limitations.
The problem I'm currently facing is, that 1. I can't unit-test the
trustedandsecuritynamespaces of xattr without root and 2. the tests aren't stable across different systems and filesystems (especially tmpfs doesn't allow theusernamespace).I looked into gensquashfs, which mostly solves the need for root privileges, but it lacks a way to allow setting xattr/capabilities/acl from a pack-file. It would be awesome, if I could set those values in this file.