This is ported from the C version. Right now for xattr remapping, we support types of "prefix", "ok" or "bad". Type "bad" returns -EPERM on getxattr()/setxattr() and hides xattr in listxattr().
A new semantics is needed where if an xattr is unsupported, then getxattr()/setxattr() return -ENOTSUP and listxattr() should hide the xattr. And, for getxattr(), when the mapping code returns -EPERM, for type "bad", getxattr() code converts it to -ENODATA. This is needed to simulate that security.selinux is not supported by virtiofs filesystem and in that case client falls back to some default label specified by policy. So add a new type "unsupported" which returns -ENOTSUP on getxattr() and setxattr() and hides xattrs in listxattr(). For example, one can use following mapping rule to not support security.selinux xattr and allow others. "-o xattrmap=/unsupported/all/security.selinux/security.selinux//ok/all///" --- https://gitlab.com/virtio-fs/virtiofsd/-/merge_requests/67 _______________________________________________ Virtio-fs mailing list Virtio-fs@redhat.com https://listman.redhat.com/mailman/listinfo/virtio-fs
