virtiofs: drop remapped security.capability xattr as needed

[mirror_qemu.git] / docs / tools / virtiofsd.rst

diff --git a/docs/tools/virtiofsd.rst b/docs/tools/virtiofsd.rst
index 34a9e40146434026077d846033e4158859dd73e3..00554c75bd75785689e08a16086d87959264ee26 100644 (file)
--- a/docs/tools/virtiofsd.rst
+++ b/docs/tools/virtiofsd.rst
@@ -174,7 +174,7 @@ Using ':' as the separator a rule is of the form:
 - 'bad' - If a client tries to use a name matching 'key' it's
   denied using EPERM; when the server passes an attribute
   name matching 'prepend' it's hidden.  In many ways it's use is very like
-  'ok' as either an explict terminator or for special handling of certain
+  'ok' as either an explicit terminator or for special handling of certain
   patterns.
 
 **key** is a string tested as a prefix on an attribute name originating
@@ -228,6 +228,10 @@ The 'map' type adds a number of separate rules to add **prepend** as a prefix
 to the matched **key** (or all attributes if **key** is empty).
 There may be at most one 'map' rule and it must be the last rule in the set.
 
+Note: When the 'security.capability' xattr is remapped, the daemon has to do
+extra work to remove it during many operations, which the host kernel normally
+does itself.
+
 xattr-mapping Examples
 ----------------------