[libvirt] [PATCH 2/3] lxc domain from xml: convert lxc.cap.drop

--- src/lxc/lxc_native.c | 27 ++++++++++++++ tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml | 39 ++++++++++++++++++++ tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml | 39 ++++++++++++++++++++ tests/lxcconf2xmldata/lxcconf2xml-cputune.xml | 39 ++++++++++++++++++++ tests/lxcconf2xmldata/lxcconf2xml-idmap.xml | 39 ++++++++++++++++++++ .../lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml | 41 ++++++++++++++++++++++ tests/lxcconf2xmldata/lxcconf2xml-memtune.xml | 39 ++++++++++++++++++++ tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml | 41 ++++++++++++++++++++++ tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml | 39 ++++++++++++++++++++ tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml | 41 ++++++++++++++++++++++ tests/lxcconf2xmldata/lxcconf2xml-simple.xml | 41 ++++++++++++++++++++++ tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml | 41 ++++++++++++++++++++++ 12 files changed, 466 insertions(+) diff --git a/src/lxc/lxc_native.c b/src/lxc/lxc_native.c index f4c4556..9cb3bce 100644 --- a/src/lxc/lxc_native.c +++ b/src/lxc/lxc_native.c @@ -838,6 +838,30 @@ lxcSetBlkioTune(virDomainDefPtr def, virConfPtr properties) return 0; } +static void +lxcSetCapDrop(virDomainDefPtr def, virConfPtr properties) +{ + virConfValuePtr value; + char **toDrop = NULL; + const char *capString; + int i; + + if ((value = virConfGetValue(properties, "lxc.cap.drop")) && value->str) + toDrop = virStringSplit(value->str, " ", 0); + + for (i = 0; i < VIR_DOMAIN_CAPS_FEATURE_LAST; i++) { + capString = virDomainCapsFeatureTypeToString(i); + if (toDrop != NULL && virStringArrayHasString(toDrop, capString)) + def->caps_features[i] = VIR_DOMAIN_FEATURE_STATE_OFF; + else + def->caps_features[i] = VIR_DOMAIN_FEATURE_STATE_ON; + } + + def->features[VIR_DOMAIN_FEATURE_CAPABILITIES] = VIR_DOMAIN_FEATURE_STATE_ON; + + virStringFreeList(toDrop); +} + virDomainDefPtr lxcParseConfigString(const char *config) { @@ -935,6 +959,9 @@ lxcParseConfigString(const char *config) if (lxcSetBlkioTune(vmdef, properties) < 0) goto error; + /* lxc.cap.drop */ + lxcSetCapDrop(vmdef, properties); + goto cleanup; error: diff --git a/tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml b/tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml index 36b8e52..34a3830 100644 --- a/tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml +++ b/tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml @@ -25,6 +25,45 @@ </os> <features> <privnet/> + <capabilities> + <audit_control state='on'/> + <audit_write state='on'/> + <block_suspend state='on'/> + <chown state='on'/> + <dac_override state='on'/> + <dac_read_search state='on'/> + <fowner state='on'/> + <fsetid state='on'/> + <ipc_lock state='on'/> + <ipc_owner state='on'/> + <kill state='on'/> + <lease state='on'/> + <linux_immutable state='on'/> + <mac_admin state='on'/> + <mac_override state='on'/> + <mknod state='on'/> + <net_admin state='on'/> + <net_bind_service state='on'/> + <net_broadcast state='on'/> + <net_raw state='on'/> + <setgid state='on'/> + <setfcap state='on'/> + <setpcap state='on'/> + <setuid state='on'/> + <sys_admin state='on'/> + <sys_boot state='on'/> + <sys_chroot state='on'/> + <sys_module state='on'/> + <sys_nice state='on'/> + <sys_pacct state='on'/> + <sys_ptrace state='on'/> + <sys_rawio state='on'/> + <sys_resource state='on'/> + <sys_time state='on'/> + <sys_tty_config state='on'/> + <syslog state='on'/> + <wake_alarm state='on'/> + </capabilities> </features> <clock offset='utc'/> <on_poweroff>destroy</on_poweroff> diff --git a/tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml b/tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml index 932ab61..400498c 100644 --- a/tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml +++ b/tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml @@ -13,6 +13,45 @@ </os> <features> <privnet/> + <capabilities> + <audit_control state='on'/> + <audit_write state='on'/> + <block_suspend state='on'/> + <chown state='on'/> + <dac_override state='on'/> + <dac_read_search state='on'/> + <fowner state='on'/> + <fsetid state='on'/> + <ipc_lock state='on'/> + <ipc_owner state='on'/> + <kill state='on'/> + <lease state='on'/> + <linux_immutable state='on'/> + <mac_admin state='on'/> + <mac_override state='on'/> + <mknod state='on'/> + <net_admin state='on'/> + <net_bind_service state='on'/> + <net_broadcast state='on'/> + <net_raw state='on'/> + <setgid state='on'/> + <setfcap state='on'/> + <setpcap state='on'/> + <setuid state='on'/> + <sys_admin state='on'/> + <sys_boot state='on'/> + <sys_chroot state='on'/> + <sys_module state='on'/> + <sys_nice state='on'/> + <sys_pacct state='on'/> + <sys_ptrace state='on'/> + <sys_rawio state='on'/> + <sys_resource state='on'/> + <sys_time state='on'/> + <sys_tty_config state='on'/> + <syslog state='on'/> + <wake_alarm state='on'/> + </capabilities> </features> <clock offset='utc'/> <on_poweroff>destroy</on_poweroff> diff --git a/tests/lxcconf2xmldata/lxcconf2xml-cputune.xml b/tests/lxcconf2xmldata/lxcconf2xml-cputune.xml index 1bab1c6..fccd6f1 100644 --- a/tests/lxcconf2xmldata/lxcconf2xml-cputune.xml +++ b/tests/lxcconf2xmldata/lxcconf2xml-cputune.xml @@ -15,6 +15,45 @@ </os> <features> <privnet/> + <capabilities> + <audit_control state='on'/> + <audit_write state='on'/> + <block_suspend state='on'/> + <chown state='on'/> + <dac_override state='on'/> + <dac_read_search state='on'/> + <fowner state='on'/> + <fsetid state='on'/> + <ipc_lock state='on'/> + <ipc_owner state='on'/> + <kill state='on'/> + <lease state='on'/> + <linux_immutable state='on'/> + <mac_admin state='on'/> + <mac_override state='on'/> + <mknod state='on'/> + <net_admin state='on'/> + <net_bind_service state='on'/> + <net_broadcast state='on'/> + <net_raw state='on'/> + <setgid state='on'/> + <setfcap state='on'/> + <setpcap state='on'/> + <setuid state='on'/> + <sys_admin state='on'/> + <sys_boot state='on'/> + <sys_chroot state='on'/> + <sys_module state='on'/> + <sys_nice state='on'/> + <sys_pacct state='on'/> + <sys_ptrace state='on'/> + <sys_rawio state='on'/> + <sys_resource state='on'/> + <sys_time state='on'/> + <sys_tty_config state='on'/> + <syslog state='on'/> + <wake_alarm state='on'/> + </capabilities> </features> <clock offset='utc'/> <on_poweroff>destroy</on_poweroff> diff --git a/tests/lxcconf2xmldata/lxcconf2xml-idmap.xml b/tests/lxcconf2xmldata/lxcconf2xml-idmap.xml index 050ccd6..a6154b5 100644 --- a/tests/lxcconf2xmldata/lxcconf2xml-idmap.xml +++ b/tests/lxcconf2xmldata/lxcconf2xml-idmap.xml @@ -14,6 +14,45 @@ </idmap> <features> <privnet/> + <capabilities> + <audit_control state='on'/> + <audit_write state='on'/> + <block_suspend state='on'/> + <chown state='on'/> + <dac_override state='on'/> + <dac_read_search state='on'/> + <fowner state='on'/> + <fsetid state='on'/> + <ipc_lock state='on'/> + <ipc_owner state='on'/> + <kill state='on'/> + <lease state='on'/> + <linux_immutable state='on'/> + <mac_admin state='on'/> + <mac_override state='on'/> + <mknod state='on'/> + <net_admin state='on'/> + <net_bind_service state='on'/> + <net_broadcast state='on'/> + <net_raw state='on'/> + <setgid state='on'/> + <setfcap state='on'/> + <setpcap state='on'/> + <setuid state='on'/> + <sys_admin state='on'/> + <sys_boot state='on'/> + <sys_chroot state='on'/> + <sys_module state='on'/> + <sys_nice state='on'/> + <sys_pacct state='on'/> + <sys_ptrace state='on'/> + <sys_rawio state='on'/> + <sys_resource state='on'/> + <sys_time state='on'/> + <sys_tty_config state='on'/> + <syslog state='on'/> + <wake_alarm state='on'/> + </capabilities> </features> <clock offset='utc'/> <on_poweroff>destroy</on_poweroff> diff --git a/tests/lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml b/tests/lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml index 996c0f7..1111bf9 100644 --- a/tests/lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml +++ b/tests/lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml @@ -8,6 +8,47 @@ <type>exe</type> <init>/sbin/init</init> </os> + <features> + <capabilities> + <audit_control state='on'/> + <audit_write state='on'/> + <block_suspend state='on'/> + <chown state='on'/> + <dac_override state='on'/> + <dac_read_search state='on'/> + <fowner state='on'/> + <fsetid state='on'/> + <ipc_lock state='on'/> + <ipc_owner state='on'/> + <kill state='on'/> + <lease state='on'/> + <linux_immutable state='on'/> + <mac_admin state='on'/> + <mac_override state='on'/> + <mknod state='on'/> + <net_admin state='on'/> + <net_bind_service state='on'/> + <net_broadcast state='on'/> + <net_raw state='on'/> + <setgid state='on'/> + <setfcap state='on'/> + <setpcap state='on'/> + <setuid state='on'/> + <sys_admin state='on'/> + <sys_boot state='on'/> + <sys_chroot state='on'/> + <sys_module state='on'/> + <sys_nice state='on'/> + <sys_pacct state='on'/> + <sys_ptrace state='on'/> + <sys_rawio state='on'/> + <sys_resource state='on'/> + <sys_time state='on'/> + <sys_tty_config state='on'/> + <syslog state='on'/> + <wake_alarm state='on'/> + </capabilities> + </features> <clock offset='utc'/> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> diff --git a/tests/lxcconf2xmldata/lxcconf2xml-memtune.xml b/tests/lxcconf2xmldata/lxcconf2xml-memtune.xml index b7c919e..a735786 100644 --- a/tests/lxcconf2xmldata/lxcconf2xml-memtune.xml +++ b/tests/lxcconf2xmldata/lxcconf2xml-memtune.xml @@ -15,6 +15,45 @@ </os> <features> <privnet/> + <capabilities> + <audit_control state='on'/> + <audit_write state='on'/> + <block_suspend state='on'/> + <chown state='on'/> + <dac_override state='on'/> + <dac_read_search state='on'/> + <fowner state='on'/> + <fsetid state='on'/> + <ipc_lock state='on'/> + <ipc_owner state='on'/> + <kill state='on'/> + <lease state='on'/> + <linux_immutable state='on'/> + <mac_admin state='on'/> + <mac_override state='on'/> + <mknod state='on'/> + <net_admin state='on'/> + <net_bind_service state='on'/> + <net_broadcast state='on'/> + <net_raw state='on'/> + <setgid state='on'/> + <setfcap state='on'/> + <setpcap state='on'/> + <setuid state='on'/> + <sys_admin state='on'/> + <sys_boot state='on'/> + <sys_chroot state='on'/> + <sys_module state='on'/> + <sys_nice state='on'/> + <sys_pacct state='on'/> + <sys_ptrace state='on'/> + <sys_rawio state='on'/> + <sys_resource state='on'/> + <sys_time state='on'/> + <sys_tty_config state='on'/> + <syslog state='on'/> + <wake_alarm state='on'/> + </capabilities> </features> <clock offset='utc'/> <on_poweroff>destroy</on_poweroff> diff --git a/tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml b/tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml index 6d9e16d..cdb0861 100644 --- a/tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml +++ b/tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml @@ -8,6 +8,47 @@ <type>exe</type> <init>/sbin/init</init> </os> + <features> + <capabilities> + <audit_control state='on'/> + <audit_write state='on'/> + <block_suspend state='on'/> + <chown state='on'/> + <dac_override state='on'/> + <dac_read_search state='on'/> + <fowner state='on'/> + <fsetid state='on'/> + <ipc_lock state='on'/> + <ipc_owner state='on'/> + <kill state='on'/> + <lease state='on'/> + <linux_immutable state='on'/> + <mac_admin state='on'/> + <mac_override state='on'/> + <mknod state='on'/> + <net_admin state='on'/> + <net_bind_service state='on'/> + <net_broadcast state='on'/> + <net_raw state='on'/> + <setgid state='on'/> + <setfcap state='on'/> + <setpcap state='on'/> + <setuid state='on'/> + <sys_admin state='on'/> + <sys_boot state='on'/> + <sys_chroot state='on'/> + <sys_module state='on'/> + <sys_nice state='on'/> + <sys_pacct state='on'/> + <sys_ptrace state='on'/> + <sys_rawio state='on'/> + <sys_resource state='on'/> + <sys_time state='on'/> + <sys_tty_config state='on'/> + <syslog state='on'/> + <wake_alarm state='on'/> + </capabilities> + </features> <clock offset='utc'/> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> diff --git a/tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml b/tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml index 101324a..ea45fc6 100644 --- a/tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml +++ b/tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml @@ -10,6 +10,45 @@ </os> <features> <privnet/> + <capabilities> + <audit_control state='on'/> + <audit_write state='on'/> + <block_suspend state='on'/> + <chown state='on'/> + <dac_override state='on'/> + <dac_read_search state='on'/> + <fowner state='on'/> + <fsetid state='on'/> + <ipc_lock state='on'/> + <ipc_owner state='on'/> + <kill state='on'/> + <lease state='on'/> + <linux_immutable state='on'/> + <mac_admin state='on'/> + <mac_override state='on'/> + <mknod state='on'/> + <net_admin state='on'/> + <net_bind_service state='on'/> + <net_broadcast state='on'/> + <net_raw state='on'/> + <setgid state='on'/> + <setfcap state='on'/> + <setpcap state='on'/> + <setuid state='on'/> + <sys_admin state='on'/> + <sys_boot state='on'/> + <sys_chroot state='on'/> + <sys_module state='on'/> + <sys_nice state='on'/> + <sys_pacct state='on'/> + <sys_ptrace state='on'/> + <sys_rawio state='on'/> + <sys_resource state='on'/> + <sys_time state='on'/> + <sys_tty_config state='on'/> + <syslog state='on'/> + <wake_alarm state='on'/> + </capabilities> </features> <clock offset='utc'/> <on_poweroff>destroy</on_poweroff> diff --git a/tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml b/tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml index 5fe1b03..15ccd72 100644 --- a/tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml +++ b/tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml @@ -8,6 +8,47 @@ <type>exe</type> <init>/sbin/init</init> </os> + <features> + <capabilities> + <audit_control state='on'/> + <audit_write state='on'/> + <block_suspend state='on'/> + <chown state='on'/> + <dac_override state='on'/> + <dac_read_search state='on'/> + <fowner state='on'/> + <fsetid state='on'/> + <ipc_lock state='on'/> + <ipc_owner state='on'/> + <kill state='on'/> + <lease state='on'/> + <linux_immutable state='on'/> + <mac_admin state='on'/> + <mac_override state='on'/> + <mknod state='on'/> + <net_admin state='on'/> + <net_bind_service state='on'/> + <net_broadcast state='on'/> + <net_raw state='on'/> + <setgid state='on'/> + <setfcap state='on'/> + <setpcap state='on'/> + <setuid state='on'/> + <sys_admin state='on'/> + <sys_boot state='on'/> + <sys_chroot state='on'/> + <sys_module state='on'/> + <sys_nice state='on'/> + <sys_pacct state='on'/> + <sys_ptrace state='on'/> + <sys_rawio state='on'/> + <sys_resource state='on'/> + <sys_time state='on'/> + <sys_tty_config state='on'/> + <syslog state='on'/> + <wake_alarm state='on'/> + </capabilities> + </features> <clock offset='utc'/> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> diff --git a/tests/lxcconf2xmldata/lxcconf2xml-simple.xml b/tests/lxcconf2xmldata/lxcconf2xml-simple.xml index b3c3659..5892072 100644 --- a/tests/lxcconf2xmldata/lxcconf2xml-simple.xml +++ b/tests/lxcconf2xmldata/lxcconf2xml-simple.xml @@ -8,6 +8,47 @@ <type arch='i686'>exe</type> <init>/sbin/init</init> </os> + <features> + <capabilities> + <audit_control state='on'/> + <audit_write state='on'/> + <block_suspend state='on'/> + <chown state='on'/> + <dac_override state='on'/> + <dac_read_search state='on'/> + <fowner state='on'/> + <fsetid state='on'/> + <ipc_lock state='on'/> + <ipc_owner state='on'/> + <kill state='on'/> + <lease state='on'/> + <linux_immutable state='on'/> + <mac_admin state='off'/> + <mac_override state='off'/> + <mknod state='off'/> + <net_admin state='on'/> + <net_bind_service state='on'/> + <net_broadcast state='on'/> + <net_raw state='on'/> + <setgid state='on'/> + <setfcap state='on'/> + <setpcap state='on'/> + <setuid state='on'/> + <sys_admin state='on'/> + <sys_boot state='on'/> + <sys_chroot state='on'/> + <sys_module state='off'/> + <sys_nice state='on'/> + <sys_pacct state='on'/> + <sys_ptrace state='on'/> + <sys_rawio state='on'/> + <sys_resource state='on'/> + <sys_time state='on'/> + <sys_tty_config state='on'/> + <syslog state='on'/> + <wake_alarm state='on'/> + </capabilities> + </features> <clock offset='utc'/> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> diff --git a/tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml b/tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml index 45348ed..88da048 100644 --- a/tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml +++ b/tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml @@ -8,6 +8,47 @@ <type>exe</type> <init>/sbin/init</init> </os> + <features> + <capabilities> + <audit_control state='on'/> + <audit_write state='on'/> + <block_suspend state='on'/> + <chown state='on'/> + <dac_override state='on'/> + <dac_read_search state='on'/> + <fowner state='on'/> + <fsetid state='on'/> + <ipc_lock state='on'/> + <ipc_owner state='on'/> + <kill state='on'/> + <lease state='on'/> + <linux_immutable state='on'/> + <mac_admin state='on'/> + <mac_override state='on'/> + <mknod state='on'/> + <net_admin state='on'/> + <net_bind_service state='on'/> + <net_broadcast state='on'/> + <net_raw state='on'/> + <setgid state='on'/> + <setfcap state='on'/> + <setpcap state='on'/> + <setuid state='on'/> + <sys_admin state='on'/> + <sys_boot state='on'/> + <sys_chroot state='on'/> + <sys_module state='on'/> + <sys_nice state='on'/> + <sys_pacct state='on'/> + <sys_ptrace state='on'/> + <sys_rawio state='on'/> + <sys_resource state='on'/> + <sys_time state='on'/> + <sys_tty_config state='on'/> + <syslog state='on'/> + <wake_alarm state='on'/> + </capabilities> + </features> <clock offset='utc'/> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> -- 1.8.4.5