Ah yeah, trusted.* is indeed restricted to real root usually.
@brauner think we can do a security.syscalls.intercept.setxattr.custom that would take a comma separate listed of xattrs to intercept and allow?
Ah yeah, trusted.* is indeed restricted to real root usually.
@brauner think we can do a security.syscalls.intercept.setxattr.custom that would take a comma separate listed of xattrs to intercept and allow?