[libvirt] [PATCHv2 0/3] LXC drop/keep capabilities feature

Changes since the previous version are: * add 'b *:* m' and 'c *:* m' to the device white list is CAP_MKNOD is requested instead of setting 'a *:* rwm'. * Add a policy='default|allow|deny' for the features/capabilities element. Cédric Bosdonnat (3): lxc: allow to keep or drop capabilities lxc domain from xml: convert lxc.cap.drop lxc: update doc to mention features/capabilities/* domain configuration docs/drvlxc.html.in | 47 +++++ docs/schemas/domaincommon.rng | 207 +++++++++++++++++++++ src/conf/domain_conf.c | 126 ++++++++++++- src/conf/domain_conf.h | 56 ++++++ src/libvirt_private.syms | 3 + src/lxc/lxc_cgroup.c | 8 + src/lxc/lxc_container.c | 123 ++++++++++-- src/lxc/lxc_native.c | 25 +++ src/util/vircgroup.c | 74 +++++++- src/util/vircgroup.h | 2 + tests/domainschemadata/domain-caps-features.xml | 28 +++ tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml | 2 + tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml | 2 + tests/lxcconf2xmldata/lxcconf2xml-cputune.xml | 2 + tests/lxcconf2xmldata/lxcconf2xml-idmap.xml | 2 + .../lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml | 4 + tests/lxcconf2xmldata/lxcconf2xml-memtune.xml | 2 + tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml | 4 + tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml | 2 + tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml | 4 + tests/lxcconf2xmldata/lxcconf2xml-simple.xml | 8 + tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml | 4 + 22 files changed, 710 insertions(+), 25 deletions(-) create mode 100644 tests/domainschemadata/domain-caps-features.xml -- 1.8.4.5