[v2] virtiofsd xattr name mappings

[PATCH v2 6/6] tools/virtiofsd: xattr name mapping examples

Posted by Dr. David Alan Gilbert (git) 5 years, 2 months ago

From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>

Add a few examples of xattrmaps to the documentation.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
---
 docs/tools/virtiofsd.rst | 49 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)

diff --git a/docs/tools/virtiofsd.rst b/docs/tools/virtiofsd.rst
index 2efa16d3c5..a138549862 100644
--- a/docs/tools/virtiofsd.rst
+++ b/docs/tools/virtiofsd.rst
@@ -161,6 +161,55 @@ in which case a 'server' rule will always match on all names from
 the server.
 
 
+xattr-mapping Examples
+----------------------
+
+1) Prefix all attributes with 'user.virtiofs.'
+
+::
+
+-o xattrmap=":all:prefix::user.virtiofs.::all:bad:::"
+
+
+This uses two rules, using : as the field separator;
+the first rule prefixes and strips 'user.virtiofs.',
+the second rule hides any non-prefixed attributes that
+the host set.
+
+2) Prefix 'trusted.' attributes, allow others through
+
+::
+
+   "/all/prefix/trusted./user.virtiofs./
+    /server/bad//trusted./
+    /client/bad/user.virtiofs.trusted.//
+    /all/ok///"
+
+
+Here there are four rules, using / as the field
+separator, and also demonstrating that new lines can
+be included between rules.
+The first rule is the prefixing of 'trusted.'.
+The second rule hides unprefixed 'trusted.' attributes
+on the host.
+The third rule stops a guest from explicitily setting
+the 'user.viritofs.trusted.' path directly.
+Finally, the fourth rule lets all remaining attributes
+through.
+
+3) Hide 'security.' attributes, and allow everything else
+
+::
+
+    "/all/bad/security./security./
+     /all/ok///'
+
+The first rule combines what could be separate client and server
+rules into a single 'all' rule, matching 'security.' in either
+client arguments or lists returned from the host.  This stops
+the client seeing any 'security.' attributes on the server and
+stops it setting  any.
+
 Examples
 --------
 
-- 
2.26.2

Re: [PATCH v2 6/6] tools/virtiofsd: xattr name mapping examples

Posted by Ján Tomko 5 years, 2 months ago

On a Thursday in 2020, Dr. David Alan Gilbert (git) wrote:
>From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
>
>Add a few examples of xattrmaps to the documentation.
>
>Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
>---
> docs/tools/virtiofsd.rst | 49 ++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 49 insertions(+)
>
>diff --git a/docs/tools/virtiofsd.rst b/docs/tools/virtiofsd.rst
>index 2efa16d3c5..a138549862 100644
>--- a/docs/tools/virtiofsd.rst
>+++ b/docs/tools/virtiofsd.rst
>@@ -161,6 +161,55 @@ in which case a 'server' rule will always match on all names from
> the server.
>
>
>+xattr-mapping Examples
>+----------------------
>+
>+1) Prefix all attributes with 'user.virtiofs.'
>+
>+::
>+
>+-o xattrmap=":all:prefix::user.virtiofs.::all:bad:::"
>+
>+
>+This uses two rules, using : as the field separator;
>+the first rule prefixes and strips 'user.virtiofs.',
>+the second rule hides any non-prefixed attributes that
>+the host set.
>+
>+2) Prefix 'trusted.' attributes, allow others through
>+
>+::
>+
>+   "/all/prefix/trusted./user.virtiofs./
>+    /server/bad//trusted./
>+    /client/bad/user.virtiofs.trusted.//
>+    /all/ok///"
>+
>+
>+Here there are four rules, using / as the field
>+separator, and also demonstrating that new lines can
>+be included between rules.
>+The first rule is the prefixing of 'trusted.'.
>+The second rule hides unprefixed 'trusted.' attributes
>+on the host.
>+The third rule stops a guest from explicitily setting

explicitly

>+the 'user.viritofs.trusted.' path directly.
>+Finally, the fourth rule lets all remaining attributes
>+through.
>+
>+3) Hide 'security.' attributes, and allow everything else
>+
>+::
>+
>+    "/all/bad/security./security./
>+     /all/ok///'
>+
>+The first rule combines what could be separate client and server
>+rules into a single 'all' rule, matching 'security.' in either
>+client arguments or lists returned from the host.  This stops
>+the client seeing any 'security.' attributes on the server and
>+stops it setting  any.

extra space.

Reviewed-by: Ján Tomko <jtomko@redhat.com>

Jano

Re: [PATCH v2 6/6] tools/virtiofsd: xattr name mapping examples

Posted by Dr. David Alan Gilbert 5 years, 2 months ago

* JÃ¡n Tomko (jtomko@redhat.com) wrote:
> On a Thursday in 2020, Dr. David Alan Gilbert (git) wrote:
> > From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
> > 
> > Add a few examples of xattrmaps to the documentation.
> > 
> > Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
> > ---
> > docs/tools/virtiofsd.rst | 49 ++++++++++++++++++++++++++++++++++++++++
> > 1 file changed, 49 insertions(+)
> > 
> > diff --git a/docs/tools/virtiofsd.rst b/docs/tools/virtiofsd.rst
> > index 2efa16d3c5..a138549862 100644
> > --- a/docs/tools/virtiofsd.rst
> > +++ b/docs/tools/virtiofsd.rst
> > @@ -161,6 +161,55 @@ in which case a 'server' rule will always match on all names from
> > the server.
> > 
> > 
> > +xattr-mapping Examples
> > +----------------------
> > +
> > +1) Prefix all attributes with 'user.virtiofs.'
> > +
> > +::
> > +
> > +-o xattrmap=":all:prefix::user.virtiofs.::all:bad:::"
> > +
> > +
> > +This uses two rules, using : as the field separator;
> > +the first rule prefixes and strips 'user.virtiofs.',
> > +the second rule hides any non-prefixed attributes that
> > +the host set.
> > +
> > +2) Prefix 'trusted.' attributes, allow others through
> > +
> > +::
> > +
> > +   "/all/prefix/trusted./user.virtiofs./
> > +    /server/bad//trusted./
> > +    /client/bad/user.virtiofs.trusted.//
> > +    /all/ok///"
> > +
> > +
> > +Here there are four rules, using / as the field
> > +separator, and also demonstrating that new lines can
> > +be included between rules.
> > +The first rule is the prefixing of 'trusted.'.
> > +The second rule hides unprefixed 'trusted.' attributes
> > +on the host.
> > +The third rule stops a guest from explicitily setting
> 
> explicitly

Thanks, I'll save that spare 'i' for another time.

> > +the 'user.viritofs.trusted.' path directly.
> > +Finally, the fourth rule lets all remaining attributes
> > +through.
> > +
> > +3) Hide 'security.' attributes, and allow everything else
> > +
> > +::
> > +
> > +    "/all/bad/security./security./
> > +     /all/ok///'
> > +
> > +The first rule combines what could be separate client and server
> > +rules into a single 'all' rule, matching 'security.' in either
> > +client arguments or lists returned from the host.  This stops
> > +the client seeing any 'security.' attributes on the server and
> > +stops it setting  any.
> 
> extra space.

Gone.

> Reviewed-by: JÃ¡n Tomko <jtomko@redhat.com>

Thanks!

> 
> Jano


-- 
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK

[PATCH v2 1/6] virtiofsd: Silence gcc warning
[PATCH v2 2/6] virtiofsd: Add printf checking to fuse_log
[PATCH v2 3/6] tools/virtiofsd: xattr name mappings: Add option
[PATCH v2 4/6] tools/virtiofsd: xattr name mappings: Map client xattr names
[PATCH v2 5/6] tools/virtiofsd: xattr name mappings: Map server xattr names
[PATCH v2 6/6] tools/virtiofsd: xattr name mapping examples