Stefan Berger <stef...@linux.vnet.ibm.com> writes: > On 07/13/2017 01:49 PM, Eric W. Biederman wrote: > > > My big question right now is can you implement Ted's suggested > > restriction. Only one security.foo or secuirty.foo@... attribute ?
> We need to raw-list the xattrs and do the check before writing them. I am > fairly sure this can be done. > > So now you want to allow security.foo and one security.foo@uid=<> or just a > single one security.foo(@[[:print:]]*)? > The latter. Eric
