On Mon, Dec 07, 2020 at 10:03:24AM -0500, Paul Moore wrote: > On Mon, Dec 7, 2020 at 9:43 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > > > > Hi everyone, > > > > In [1] we ran into a problem with the current handling of filesystem > > labeling rules. Basically, it is only possible to specify either > > genfscon or fs_use_xattr for a given filesystem, but in the case of > > virtiofs, certain mounts may support security xattrs, while other ones > > may not. > [ cc virtio-fs list and miklos ] > Quickly skimming the linked GH issue, it appears that the problem > really lies in the fact that virtiofs allows one to enable/disable > xattrs at mount time. What isn't clear to me is why one would need to > disable xattrs, can you explain that use case? Why does enabling > xattrs in virtiofs cause problems? Its not exactly a mount time option. Its a virtiofs file server option. xattr support by default is disabled because it has performance penalty. Users can enable it if they want to. So if virtiofsd starts without xattr support and somebody runs a VM with SELinux enabled, they should still be able to mount virtiofs, I guess (instead of failing it). Thanks Vivek
