From 1d84a0213a2ec7094abe6d896ce0ec0b5aa0cacf Mon Sep 17 00:00:00 2001 From: "Dr. David Alan Gilbert" Date: Fri, 23 Oct 2020 17:58:12 +0100 Subject: tools/virtiofsd: xattr name mappings: Simple 'map' The mapping rule system implemented in the last few patches is extremely flexible, but not easy to use. Add a simple 'map' type as a sprinkling of sugar to make it easy. e.g. -o xattrmap=":map::user.virtiofs.:" would be sufficient to prefix all xattr's or -o xattrmap=":map:trusted.:user.virtiofs.:" would just prefix 'trusted.' xattr's and leave everything else alone. Signed-off-by: Dr. David Alan Gilbert Message-Id: <20201023165812.36028-6-dgilbert@redhat.com> Reviewed-by: Stefan Hajnoczi Signed-off-by: Dr. David Alan Gilbert --- docs/tools/virtiofsd.rst | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'docs') diff --git a/docs/tools/virtiofsd.rst b/docs/tools/virtiofsd.rst index d80c078..34a9e40 100644 --- a/docs/tools/virtiofsd.rst +++ b/docs/tools/virtiofsd.rst @@ -147,6 +147,7 @@ Each rule consists of a number of fields separated with a separator that is the first non-white space character in the rule. This separator must then be used for the whole rule. White space may be added before and after each rule. + Using ':' as the separator a rule is of the form: ``:type:scope:key:prepend:`` @@ -219,6 +220,14 @@ e.g.: would hide 'security.' xattr's in listxattr from the server. +A simpler 'map' type provides a shorter syntax for the common case: + +``:map:key:prepend:`` + +The 'map' type adds a number of separate rules to add **prepend** as a prefix +to the matched **key** (or all attributes if **key** is empty). +There may be at most one 'map' rule and it must be the last rule in the set. + xattr-mapping Examples ---------------------- @@ -234,6 +243,11 @@ the first rule prefixes and strips 'user.virtiofs.', the second rule hides any non-prefixed attributes that the host set. +This is equivalent to the 'map' rule: + +:: +-o xattrmap=":map::user.virtiofs.:" + 2) Prefix 'trusted.' attributes, allow others through :: @@ -256,6 +270,11 @@ the 'user.virtiofs.' path directly. Finally, the fourth rule lets all remaining attributes through. +This is equivalent to the 'map' rule: + +:: +-o xattrmap="/map/trusted./user.virtiofs./" + 3) Hide 'security.' attributes, and allow everything else :: -- cgit v1.1