* [Virtio-fs] [virtiofsd] MR merged: xattr mapping add a new type "unsupported"
@ 2022-01-21 9:41 virtiofs-bot
0 siblings, 0 replies; only message in thread
From: virtiofs-bot @ 2022-01-21 9:41 UTC (permalink / raw)
To: virtio-fs
This is ported from the C version.
Right now for xattr remapping, we support types of "prefix", "ok" or
"bad". Type "bad" returns -EPERM on getxattr()/setxattr() and hides xattr in
listxattr().
A new semantics is needed where if an xattr is unsupported, then
getxattr()/setxattr() return -ENOTSUP and listxattr() should hide
the xattr. And, for getxattr(), when the mapping code returns -EPERM,
for type "bad", getxattr() code converts it to -ENODATA.
This is needed to simulate that security.selinux is not
supported by virtiofs filesystem and in that case client falls back
to some default label specified by policy.
So add a new type "unsupported" which returns -ENOTSUP on getxattr()
and setxattr() and hides xattrs in listxattr().
For example, one can use following mapping rule to not support
security.selinux xattr and allow others.
"-o xattrmap=/unsupported/all/security.selinux/security.selinux//ok/all///"
---
https://gitlab.com/virtio-fs/virtiofsd/-/merge_requests/67
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-01-21 9:41 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-21 9:41 [Virtio-fs] [virtiofsd] MR merged: xattr mapping add a new type "unsupported" virtiofs-bot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.