Function read_filesystem_filtered

Source

pub fn read_filesystem_filtered<ObjectID, F>(
    dirfd: impl AsFd,
    path: &Path,
    repo: Option<&Repository<ObjectID>>,
    xattr_filter: F,
) -> Result<FileSystem<ObjectID>>where
    ObjectID: FsVerityHashValue,
    F: Fn(&OsStr) -> bool,

Expand description

Load a filesystem tree from the given path, filtering xattrs with a predicate.

This is a wrapper around read_filesystem that filters extended attributes using the provided predicate. Only xattrs for which the predicate returns true are retained. This is useful when reading from a mounted filesystem where host xattrs may leak into the image.

§Example

use composefs::fs::{read_filesystem_filtered, CONTAINER_XATTR_ALLOWLIST};

// Filter to only allow security.capability
let fs = read_filesystem_filtered(dirfd, path, repo, |name| {
    name.as_encoded_bytes() == b"security.capability"
})?;

read_filesystem_filtered

Function read_filesystem_filtered Copy item path

§Example

Function read_filesystem_filtered