A new sysctl entry fs.ve-xattr-policy
has been implemented and is available in RHEL5 kernels since 028stab0644.4. It allows you to control how to react when xattr changes from inside a Container.
Three options can be used:
- 0
- accept any xattr modifications (Container 0 always and regular containers by default)
- 1
- ignore
- 2
- reject
Note: If you assign any other value to "ve-xattr-policy", the policy will be set to "accept". |