[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v3 4/5] tools/virtiofsd: xattr name mapping examples

From: Dr. David Alan Gilbert (git)
Subject: [PATCH v3 4/5] tools/virtiofsd: xattr name mapping examples
Date: Wed, 14 Oct 2020 19:02:08 +0100

From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>

Add a few examples of xattrmaps to the documentation.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
 docs/tools/virtiofsd.rst | 50 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)

diff --git a/docs/tools/virtiofsd.rst b/docs/tools/virtiofsd.rst
index a3a120da2f..5cb64612ed 100644
--- a/docs/tools/virtiofsd.rst
+++ b/docs/tools/virtiofsd.rst
@@ -163,6 +163,56 @@ in which case a 'server' rule will always match on all 
names from
 the server.
+xattr-mapping Examples
+1) Prefix all attributes with 'user.virtiofs.'
+-o xattrmap=":prefix:all::user.virtiofs.::bad:all:::"
+This uses two rules, using : as the field separator;
+the first rule prefixes and strips 'user.virtiofs.',
+the second rule hides any non-prefixed attributes that
+the host set.
+2) Prefix 'trusted.' attributes, allow others through
+   "/prefix/all/trusted./user.virtiofs./
+    /bad/server//trusted./
+    /bad/client/user.virtiofs.//
+    /ok/all///"
+Here there are four rules, using / as the field
+separator, and also demonstrating that new lines can
+be included between rules.
+The first rule is the prefixing of 'trusted.' and
+stripping of 'user.virtiofs.'.
+The second rule hides unprefixed 'trusted.' attributes
+on the host.
+The third rule stops a guest from explicitly setting
+the 'user.viritofs.' path directly.
+Finally, the fourth rule lets all remaining attributes
+3) Hide 'security.' attributes, and allow everything else
+    "/bad/all/security./security./
+     /ok/all///'
+The first rule combines what could be separate client and server
+rules into a single 'all' rule, matching 'security.' in either
+client arguments or lists returned from the host.  This stops
+the client seeing any 'security.' attributes on the server and
+stops it setting any.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]