From 8018bf62ba5db591ad179ef6a2236bd6179fc4d6 Mon Sep 17 00:00:00 2001
From: Chong Cai <chongc@google.com>
Date: Mon, 8 Mar 2021 16:54:17 -0800
Subject: Internal change.

PiperOrigin-RevId: 361689477
---
 runsc/cmd/gofer.go | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'runsc/cmd')

diff --git a/runsc/cmd/gofer.go b/runsc/cmd/gofer.go
index 444153674..639b2219c 100644
--- a/runsc/cmd/gofer.go
+++ b/runsc/cmd/gofer.go
@@ -165,7 +165,8 @@ func (g *Gofer) Execute(_ context.Context, f *flag.FlagSet, args ...interface{})
 	// Start with root mount, then add any other additional mount as needed.
 	ats := make([]p9.Attacher, 0, len(spec.Mounts)+1)
 	ap, err := fsgofer.NewAttachPoint("/", fsgofer.Config{
-		ROMount: spec.Root.Readonly || conf.Overlay,
+		ROMount:     spec.Root.Readonly || conf.Overlay,
+		EnableXattr: conf.Verity,
 	})
 	if err != nil {
 		Fatalf("creating attach point: %v", err)
@@ -177,8 +178,9 @@ func (g *Gofer) Execute(_ context.Context, f *flag.FlagSet, args ...interface{})
 	for _, m := range spec.Mounts {
 		if specutils.Is9PMount(m) {
 			cfg := fsgofer.Config{
-				ROMount: isReadonlyMount(m.Options) || conf.Overlay,
-				HostUDS: conf.FSGoferHostUDS,
+				ROMount:     isReadonlyMount(m.Options) || conf.Overlay,
+				HostUDS:     conf.FSGoferHostUDS,
+				EnableXattr: conf.Verity,
 			}
 			ap, err := fsgofer.NewAttachPoint(m.Destination, cfg)
 			if err != nil {
-- 
cgit v1.2.3