On Wed, Dec 21, 2011 at 07:19:52PM +0900, Taku Izumi wrote:
Thank you for your comment.
We could do with a feature like this for LXC too. Though I'd prefer the XML to be a little more concise. Perhaps
<process> <cap_sys_rawio/> </process>
One potential concern is that the capability names are OS specific, so perhaps rather than allow them as element names, we should use string attribute values for them
<process> <cap name='sys_rawio'/> </process>
I'll take in your idea.
and declare the attribute values are potentially OS dependant, and then expose the list of allowed OS capabilities values in the capabilities XML.
I plan on adding "process_capabilities" child element to "host" element of the capabilities XML like the following:
# virsh capabilities <capabilities> <host> ... <process_capabilities>
For consistency, I'd just use <process> here too
<cap name='chown'/> <cap name='dac_override'/> <cap name='dac_read_search'/> ... </process_capabilities> </host> ...
Is this what you mean?
Yes you got it Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|