Re: [libvirt] [PATCH 0/4] RFC: grant KVM guests retain arbitrary capabilities
On Wed, Dec 21, 2011 at 07:19:52PM +0900, Taku Izumi wrote:
Thank you for your comment.
> We could do with a feature like this for LXC too. Though I'd prefer
> the XML to be a little more concise. Perhaps
>
> <process>
> <cap_sys_rawio/>
> </process>
>
> One potential concern is that the capability names are OS specific,
> so perhaps rather than allow them as element names, we should use
> string attribute values for them
>
> <process>
> <cap name='sys_rawio'/>
> </process>
>
I'll take in your idea.
> and declare the attribute values are potentially OS dependant, and
> then expose the list of allowed OS capabilities values in the capabilities
> XML.
I plan on adding "process_capabilities" child element to "host"
element of
the capabilities XML like the following:
# virsh capabilities
<capabilities>
<host>
...
<process_capabilities>
For consistency, I'd just use <process> here too
<cap name='chown'/>
<cap name='dac_override'/>
<cap name='dac_read_search'/>
...
</process_capabilities>
</host>
...
Is this what you mean?
Yes you got it
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|