[Virtio-fs] virtiofs and its optional xattr support vs. fs_use_xattr
Paul Moore
paul at paul-moore.com
Tue Dec 8 23:41:17 UTC 2020
On Mon, Dec 7, 2020 at 3:52 PM Vivek Goyal <vgoyal at redhat.com> wrote:
> On Mon, Dec 07, 2020 at 10:03:24AM -0500, Paul Moore wrote:
> > On Mon, Dec 7, 2020 at 9:43 AM Ondrej Mosnacek <omosnace at redhat.com> wrote:
> > >
> > > Hi everyone,
> > >
> > > In [1] we ran into a problem with the current handling of filesystem
> > > labeling rules. Basically, it is only possible to specify either
> > > genfscon or fs_use_xattr for a given filesystem, but in the case of
> > > virtiofs, certain mounts may support security xattrs, while other ones
> > > may not.
>
> [ cc virtio-fs list and miklos ]
> > Quickly skimming the linked GH issue, it appears that the problem
> > really lies in the fact that virtiofs allows one to enable/disable
> > xattrs at mount time. What isn't clear to me is why one would need to
> > disable xattrs, can you explain that use case? Why does enabling
> > xattrs in virtiofs cause problems?
>
> Its not exactly a mount time option. Its a virtiofs file server option.
>
> xattr support by default is disabled because it has performance
> penalty. Users can enable it if they want to.
Oh the number of sins against security that have been committed under
the banner of performance! ;)
Regardless, thanks for the explanation, that helps.
--
paul moore
www.paul-moore.com
More information about the Virtio-fs
mailing list