Re: [libvirt] [PATCH 0/4] RFC: grant KVM guests retain arbitrary capabilities
On Tue, Dec 20, 2011 at 04:40:54PM +0900, Taku Izumi wrote:
Hi all,
This patchset adds an option for KVM guests to retain arbitrary capabilities.
I want KVM guests to retain "cap_sys_rawio" capability, so I tried to
run qemu as root user. However because libvirt clears all capability
of KVM guest by default, even if guest is running as root user,
it doesn't have any capability. I can fulfill my requirement by
disabling "clear_emulator_capabilities" option, but it's not
good idea considering security risk. I'm happy libvirt could clear
unnecessary capabilities instead of clearing all. That is a motivator
for creating this patch.
By adding "domain_capabilities" element and to domain XML, its domain
can retain specified capabilities like the following:
; VM can retain cap_sys_rawio capability
# virsh edit VM
...
</features>
<domain_capabilities>
<cap_sys_rawio/>
</domain_capabilities>
<clock offset='utc'/>
We could do with a feature like this for LXC too. Though I'd prefer
the XML to be a little more concise. Perhaps
<process>
<cap_sys_rawio/>
</process>
One potential concern is that the capability names are OS specific,
so perhaps rather than allow them as element names, we should use
string attribute values for them
<process>
<cap name='sys_rawio'/>
</process>
and declare the attribute values are potentially OS dependant, and
then expose the list of allowed OS capabilities values in the capabilities
XML.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|