xattr mapping add a new type "unsupported" (!67) · Merge requests · virtio-fs / virtiofsd

German Maglione requested to merge ghm-virtio-fs/virtiofsd:xattr_unsupported into main Jan 17, 2022

This is ported from the C version.

Right now for xattr remapping, we support types of "prefix", "ok" or "bad". Type "bad" returns -EPERM on getxattr()/setxattr() and hides xattr in listxattr().

A new semantics is needed where if an xattr is unsupported, then getxattr()/setxattr() return -ENOTSUP and listxattr() should hide the xattr. And, for getxattr(), when the mapping code returns -EPERM, for type "bad", getxattr() code converts it to -ENODATA.

This is needed to simulate that security.selinux is not supported by virtiofs filesystem and in that case client falls back to some default label specified by policy.

So add a new type "unsupported" which returns -ENOTSUP on getxattr() and setxattr() and hides xattrs in listxattr().

For example, one can use following mapping rule to not support security.selinux xattr and allow others.

"-o xattrmap=/unsupported/all/security.selinux/security.selinux//ok/all///"

xattr mapping add a new type "unsupported"

Merge request reports