diff -ru qemu-2.4.0.1-orig/hw/9pfs/virtio-9p-xattr-user.c qemu-2.4.0.1-new/hw/9pfs/virtio-9p-xattr-user.c
--- qemu-2.4.0.1-orig/hw/9pfs/virtio-9p-xattr-user.c	2015-09-23 00:00:48.000000000 +0200
+++ qemu-2.4.0.1-new/hw/9pfs/virtio-9p-xattr-user.c	2015-09-28 00:49:31.815285491 +0200
@@ -22,18 +22,21 @@
                                 const char *name, void *value, size_t size)
 {
     char *buffer;
+    char *name_buffer;
     ssize_t ret;
 
     if (strncmp(name, "user.virtfs.", 12) == 0) {
         /*
-         * Don't allow fetch of user.virtfs namesapce
+         * Map user.virtfs namespace to user.virtfs.virtfs
          * in case of mapped security
          */
-        errno = ENOATTR;
-        return -1;
+        name_buffer = g_strconcat("user.virtfs.virtfs.", name+12, NULL);
+    } else {
+        name_buffer = g_strdup(name);
     }
     buffer = rpath(ctx, path);
-    ret = lgetxattr(buffer, name, value, size);
+    ret = lgetxattr(buffer, name_buffer, value, size);
+    g_free(name_buffer);
     g_free(buffer);
     return ret;
 }
@@ -49,6 +52,11 @@
             /* adjust the name and size */
             name += 12;
             name_size -= 12;
+        } else if (strncmp(name, "user.virtfs.virtfs.", 19) == 0) {
+            /* handle nested user.virtfs namespace */
+            name += 7;
+            name_size -= 7;
+            memcpy(name, "user", 4);
         } else {
             /*
              * Don't allow fetch of user.virtfs namesapce
@@ -75,18 +83,21 @@
                             void *value, size_t size, int flags)
 {
     char *buffer;
+    char *name_buffer;
     int ret;
 
     if (strncmp(name, "user.virtfs.", 12) == 0) {
         /*
-         * Don't allow fetch of user.virtfs namesapce
+         * Map user.virtfs namespace to user.virtfs.virtfs
          * in case of mapped security
          */
-        errno = EACCES;
-        return -1;
+        name_buffer = g_strconcat("user.virtfs.virtfs.", name+12, NULL);
+    } else {
+        name_buffer = g_strdup(name);
     }
     buffer = rpath(ctx, path);
-    ret = lsetxattr(buffer, name, value, size, flags);
+    ret = lsetxattr(buffer, name_buffer, value, size, flags);
+    g_free(name_buffer);
     g_free(buffer);
     return ret;
 }
@@ -95,18 +106,21 @@
                                const char *path, const char *name)
 {
     char *buffer;
+    char *name_buffer;
     int ret;
 
     if (strncmp(name, "user.virtfs.", 12) == 0) {
         /*
-         * Don't allow fetch of user.virtfs namesapce
+         * Map user.virtfs namespace to user.virtfs.virtfs
          * in case of mapped security
          */
-        errno = EACCES;
-        return -1;
+        name_buffer = g_strconcat("user.virtfs.virtfs.", name+12, NULL);
+    } else {
+        name_buffer = g_strdup(name);
     }
     buffer = rpath(ctx, path);
-    ret = lremovexattr(buffer, name);
+    ret = lremovexattr(buffer, name_buffer);
+    g_free(name_buffer);
     g_free(buffer);
     return ret;
 }