Implement support for storing security info in extended attributes
Some user cannot use user namespaces for uid/gid mapping. Storing the security information (i.e., uid, gid, mode, etc.) in extending attributes will provide a similar functionality (although partial) than user namespaces.
Features that will not work:
- posix acls: killpriv_v2 has no clear boundary between what should be done in the guest and host, so we still rely on the host for certain actions.
Features that probably will not work:
- selinux support
- file capabilities
Edited by German Maglione