[Bugs] [Bug 764245] [FEAT] glusterfs requires CAP_SYS_ADMIN capability for "trusted" extended attributes - container unfriendly
bugzilla at redhat.com
bugzilla at redhat.com
Mon Dec 14 11:35:59 UTC 2020
https://bugzilla.redhat.com/show_bug.cgi?id=764245
Andrew Miller <redhatbugzilla at amxl.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |redhatbugzilla at amxl.com
--- Comment #5 from Andrew Miller <redhatbugzilla at amxl.com> ---
I have written a tiny library which you can load with LD_PRELOAD that
translates attribute names - trusted. into user.tr. - and will test how well
GlusterFS behaves when glusterd is run for all bricks in an unprivileged / no
CAP_SYS_ADMIN docker container, with xattr names under user.
Initial testing of it hasn't found anything broken by it.
Here is my library in case other people want to try it:
https://gitlab.com/A1kmm/fake-trusted-xattr
You could consider either incorporating this approach into the Docker
container, or potentially making it an option in GlusterFS itself.
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
More information about the Bugs
mailing list