Re: virtiofs and its optional xattr support vs. fs_use_xattr

[Vivek Goyal <vgoyal@redhat.com>]

On Tue, Jan 05, 2021 at 03:00:31PM +0100, Ondrej Mosnacek wrote:

[..]
> > > > > > > Okay, so I'll look into switching between use_xattr and use_genfs
> > > > > > > based on the availability of xattr support and the presence of
> > > > > > > corresponding rules in the policy. Thanks everyone for the fruitful
> > > > > > > discussion!
> > > > > >
> > > > > > Hi Ondrej,
> > > > > >
> > > > > > So this is now purely a policy change and no changes required in kernel?
> > > > > > If yes, then the patch Dan Walsh proposed, is that good enough or
> > > > > > it needs to be done in a different way.
> > > > >
> > > > > No, this needs a kernel change in SELinux to interpret the policy
> > > > > rules slightly differently *and* basically Dan's patch (modulo the
> > > > > typo in the genfscon keyword).
> > > >
> > > > Ok, thanks. Is this kernel change something you will be able to take
> > > > care of. I am afraid that I don't know enough to make this change.
> > >
> > > Yes, it's already on my todo list ;) But it might take some time as
> > > there are a lot of things competing for my attention right now...
> >
> > Hi Ondrej,
> >
> > Sorry to bother you on this. Just curious, if you got a chance to make
> > progress on this. Will like to solve the issue of SELinux blocking package
> > installation on virtiofs in VM based containers.
> 
> Hi,
> 
> I had a go at it today and I already have a tentative patch. So far
> it's passing my initial testing so I should be able to post it to the
> list soon.

Awesome. Looking forward to the final patch.

Vivek