Re: [libvirt] [PATCH v2 0/5] RFC: grant KVM guests retain arbitrary capabilities
On 2011-12-22 14:49, Taku Izumi wrote:
Hi Daniel-san and all,
This patchset adds an option for KVM guests to retain arbitrary capabilities.
The first version is here:
http://www.redhat.com/archives/libvir-list/2011-December/msg00857.html
According to Daniel-san's comment, I changed my patch like the following:
v1 -> v2
- introduce "process" and "cap" elements in the capability XML
- change XML element name of domain XML likewise
; process capabilities host supports are found in the capability XML.
# virsh capabilities
<capabilities>
<host>
<uuid>00000000-0000-0000-0000-00199914f1c5</uuid>
...
<process>
<cap name='chown'/>
<cap name='dac_override'/>
<cap name='dac_read_search'/>
<cap name='fowner'/>
...
</process>
</host>
...
; VM can retain cap_sys_rawio capability
# virsh edit VM
...
</features>
<process>
<cap name='sys_rawio'/>
</process>
<clock offset='utc'/>
...
# virsh start VM
# cat /proc/<VM's PID>/status
...
CapInh: 0000000000000000
CapPrm: fffffffc00020000
CapEff: fffffffc00020000
CapBnd: fffffffc00020000
...
Does this mean that if the 'sys_rawio' is not set in the "features"
list, there will be no "CapInh", "CapPrm"... in the proc status file?
I was just wondering it is more like a QEMU/KVM options instead of a
libvirt options, it is more reasonable to make QEMU/KVM
to guard these options in proc status file instead of libvirt xml file.
*[PATCH v2 1/5] conf: add XML schema for capability XML
*[PATCH v2 2/5] conf: add XML schema for domain XML
*[PATCH v2 3/5] util: add functions to keep capabilities
*[PATCH v2 4/5] util: extend virExecWithHook()
*[PATCH v2 5/5] qemu: make qemu processes to retain capabilities
Best regards,
Taku Izumi
--
libvir-list mailing list
libvir-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
--
Shu Ming<shuming(a)linux.vnet.ibm.com>
IBM China Systems and Technology Laboratory