Re: [PATCH v2 3/6] tools/virtiofsd: xattr name mappings: Add option

["Ján Tomko" <jtomko@redhat.com>]

[-- Attachment #1: Type: text/plain, Size: 3671 bytes --]

On a Thursday in 2020, Dr. David Alan Gilbert (git) wrote:
>From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
>
>Add an option to define mappings of xattr names so that
>the client and server filesystems see different views.
>This can be used to have different SELinux mappings as
>seen by the guest, to run the virtiofsd with less privileges
>(e.g. in a case where it can't set trusted/system/security
>xattrs but you want the guest to be able to), or to isolate
>multiple users of the same name; e.g. trusted attributes
>used by stacking overlayfs.
>
>A mapping engine is used wit 3 simple rules; the rules can
>be combined to allow most useful mapping scenarios.
>The ruleset is defined by -o xattrmap='rules...'.
>
>This patch doesn't use the rule maps yet.
>
>Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
>---
> docs/tools/virtiofsd.rst         |  55 ++++++++++++
> tools/virtiofsd/passthrough_ll.c | 148 +++++++++++++++++++++++++++++++
> 2 files changed, 203 insertions(+)
>
>diff --git a/docs/tools/virtiofsd.rst b/docs/tools/virtiofsd.rst
>index 824e713491..2efa16d3c5 100644
>--- a/docs/tools/virtiofsd.rst
>+++ b/docs/tools/virtiofsd.rst
>@@ -107,6 +107,60 @@ Options
>   performance.  ``auto`` acts similar to NFS with a 1 second metadata cache
>   timeout.  ``always`` sets a long cache lifetime at the expense of coherency.
>
>+xattr-mapping
>+-------------
>+
>+By default the name of xattr's used by the client are passed through to the server
>+file system.  This can be a problem where either those xattr names are used
>+by something on the server (e.g. selinux client/server confusion) or if the
>+virtiofsd is running in a container with restricted priviliges where it cannot

privileges

>+access some attributes.
>+
>+A mapping of xattr names can be made using -o xattrmap=mapping where the ``mapping``
>+string consists of a series of rules.
>+
>+The first matching rule terminates the mapping.
>+
>+Each rule consists of a number of fields separated with a separator that is the
>+first non-white space character in the rule.  This separator must then be used
>+for the whole rule.
>+White space may be added before and after each rule.
>+Using ':' as the separator a rule is of the form:
>+
>+``:scope:type:key:prepend:``
>+
>+**scope** is:
>+
>+- 'client' - match 'key' against a xattr name from the client for
>+             setxattr/getxattr/removexattr
>+- 'server' - match 'prepend' against a xattr name from the server
>+             for listxattr
>+- 'all' - can be used to match both cases.
>+
>+**type** is one of:
>+
>+- 'prefix' - If 'key' matches the client then the 'prepend'
>+  is added before the name is passed to the server.
>+  For a server case, the prepend is tested and stripped
>+  if matching.
>+
>+- 'ok' - The attribute name is OK and passed through to
>+  the server unchanged.
>+
>+- 'bad' - If a client tries to use this name it's
>+  denied using EPERM; when the server passes an attribute
>+  name matching it's hidden.
>+
>+**key** is a string tested as a prefix on an attribute name originating
>+on the client.  It maybe empty in which case a 'client' rule
>+will always match on client names.
>+
>+**prepend** is a string tested as a prefix on an attribute name originiating

originating

>+on the server, and used as a new prefix.  It maybe empty

may be

>+in which case a 'server' rule will always match on all names from
>+the server.
>+
>+
> Examples
> --------
>
>@@ -123,3 +177,4 @@ Export ``/var/lib/fs/vm001/`` on vhost-user UNIX domain socket
>       -numa node,memdev=mem \
>       ...
>   guest# mount -t virtiofs myfs /mnt
>+

git complains about trailing whitespace at EOF

Jano

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]