[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 0/2] virtiofsd: Add capability to block xattrs
|
From: |
Dr. David Alan Gilbert |
|
Subject: |
Re: [PATCH 0/2] virtiofsd: Add capability to block xattrs |
|
Date: |
Wed, 22 Sep 2021 12:00:17 +0100 |
|
User-agent: |
Mutt/2.0.7 (2021-05-04) |
* Vivek Goyal (vgoyal@redhat.com) wrote:
> As of now we have a knob "-o xattr/no_xattr" which either enables
> all xattrs or disables all xattrs.
Hi Vivek,
Thanks for this.
> We need something more fine grained where we can selectively disable
> only certain xattrs (and not all).
>
> For example, in some cases we want to disable "security.selinux"
> xattr. This is equivalent to virtiofs not supporting security.selinux
> and guest kernel will fallback to a single label for whole fs
> (virtiofs_t).
>
> So add an option "-o block_xattr=<list-of-xattrs>" which will allow
> specifying a list of xattrs to block.
This is quite interesting; I'd not noticed you had the exisitng blocking
mechanism, however, as discussed, I think my preference is if this could
be done as a modification of the xattrmap it would avoid another set of
options.
The mapping code already has 'type's of:
prefix, ok, bad
I think you just need to add a 'reject' type
that produces the error code you need.
Dave
> Vivek Goyal (2):
> virtiofsd: Add an array to keep track of blocked xattrs
> virtiofsd: Add option "block_xattr=" to block certain xattrs
>
> docs/tools/virtiofsd.rst | 17 ++++
> tools/virtiofsd/helper.c | 3 +
> tools/virtiofsd/passthrough_ll.c | 166 ++++++++++++++++++++++++++++---
> 3 files changed, 171 insertions(+), 15 deletions(-)
>
> --
> 2.31.1
>
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
- Re: [PATCH 0/2] virtiofsd: Add capability to block xattrs,
Dr. David Alan Gilbert <=