Re: [libvirt] [PATCH 0/4] RFC: grant KVM guests retain arbitrary capabilities
Thank you for your comment.
We could do with a feature like this for LXC too. Though I'd
prefer
the XML to be a little more concise. Perhaps
<process>
<cap_sys_rawio/>
</process>
One potential concern is that the capability names are OS specific,
so perhaps rather than allow them as element names, we should use
string attribute values for them
<process>
<cap name='sys_rawio'/>
</process>
I'll take in your idea.
and declare the attribute values are potentially OS dependant, and
then expose the list of allowed OS capabilities values in the capabilities
XML.
I plan on adding "process_capabilities" child element to "host"
element of
the capabilities XML like the following:
# virsh capabilities
<capabilities>
<host>
...
<process_capabilities>
<cap name='chown'/>
<cap name='dac_override'/>
<cap name='dac_read_search'/>
...
</process_capabilities>
</host>
...
Is this what you mean?
--
Best regards,
Taku Izumi <izumi.taku(a)jp.fujitsu.com>