[libvirt] [PATCH] docs: add a mention for start a vm with rawio = 'yes'

When we start a vm which have rawio = 'yes' settings without any file caps settings for qemu, qemu process still cannot use this caps (CAP_SYS_RAWIO) and the /proc/pidofqemu/status like this: CapInh: 0000000000020000 CapPrm: 0000000000000000 CapEff: 0000000000000000 CapBnd: 0000001fffffffff this is because we do not set file caps for qemu (see man 7 capabilities), although laine have mentioned this in commit e11451, i think it will be good if we add this in docs. Signed-off-by: Luyao Huang <lhuang(a)redhat.com&gt; --- docs/formatdomain.html.in | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index fb0a0d1..2bcb59d 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -1886,7 +1886,10 @@ than that (per-process basis, affects all the domain disks). To confine the capability as much as possible for QEMU driver as this stage, <code>sgio</code> is recommended, it's more - secure than <code>rawio</code>. + secure than <code>rawio</code>. If you really want use rawio + = 'yes', please also add file caps for qemu (like this + 'setcap "cap_sys_rawio+ie" /usr/libexec/qemu-kvm', for more details + please see capabilities(7)). </dd> <dt><code>sgio</code> attribute <span class="since">since 1.0.2</span></dt> -- 1.8.3.1