On 2013年01月04日 05:25, Eric Blake wrote:
On 01/02/2013 07:37 AM, Osier Yang wrote:
This introduces new XML tag "sgio" for disk, its valid values are "filtered" and "unfiltered", setting it as "filtered" will set the disk's unpriv_sgio to 0, and "unfiltered" to set it as 1, which allows the unprivileged SG_IO commands. --- docs/formatdomain.html.in | 14 ++++++++++- docs/schemas/domaincommon.rng | 54 +++++++++++++++++++++++++++------------- 2 files changed, 49 insertions(+), 19 deletions(-)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 94df6f8..5e37b92 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -1395,7 +1395,19 @@ rawio='yes', rawio capability will be enabled for all disks in the domain (because, in the case of QEMU, this capability can only be set on a per-process basis). This attribute is only - valid when device is "lun". + valid when device is "lun". NB,<code>rawio</code> intends to + confine the capability per-device, however, current QEMU + implementation gives the domain process broader capability + than that (per-process basis, affects all the domain disks). + To confine the capability as much as possible for QEMU driver + as this stage,<code>sgio</code> is recommended, it's more + secure than<code>rawio</code>. + The optional<code>sgio</code> attribute indicates whether the
For consistency with how we did it for 'rawio':
The optional<code>sgio</code> attribute (<span class="since">since 1.0.2</span>) indicates...
Okay,
+ kernel will filter unprivileged SG_IO commands for the disk, + valid settings are "filtered" or "unfiltered". Defaults to + "filtered". Same with<code>rawio</code>,<code>sgio</code>
s/Same with/Similar to/
Okay,
+ is only valid for device 'lun'. +<span class="since">since 1.0.2</span>
...then drop the<span> here.
+<group> +<attribute name="device"> +<choice> +<value>lun</value> +</choice>
Technically, the<choice> isn't needed here (but it doesn't hurt either).
ACK with the grammar cleaned up.
Will make the change when pushing, thanks. Osier