Re: [libvirt] [PATCH 1/6] unpriv_sgio: Add docs and rng schema for new XML unpriv_sgio

Since "rawio" and "unpriv_sgio" are only valid for "lun", this

groups them together. And since both of them intend to allow the unprivledged user to use the SCSI commands, they are must be exclusive. Actually "unpriv_sgio" supersedes "rawio", as it confines the capability per-device, unlike "rawio", which gives the domain process broad capablity.

--- docs/formatdomain.html.in | 10 +++- docs/schemas/domaincommon.rng | 52 ++++++++++---- src/conf/domain_conf.c | 56 ++++++++++++---- src/conf/domain_conf.h | 11 +++ src/libvirt_private.syms | 4 + src/qemu/qemu_process.c | 30 ++++++++ src/util/util.c | 153 +++++++++++++++++++++++++++++++++++++++++ src/util/util.h | 7 ++ 8 files changed, 293 insertions(+), 30 deletions(-) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 6a3b976..f3f6a9e 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -1395,7 +1395,15 @@ rawio='yes', rawio capability will be enabled for all disks in the domain (because, in the case of QEMU, this capability can only be set on a per-process basis). This attribute is only - valid when device is "lun". + valid when device is "lun". NB, <code>rawio</code> gives + the domain process broad capability, to confined the capability + as much as possible, one should use <code>unpriv_sgio</code> + instead, which controls the capability per-device. + The optional <code>unpriv_sgio</code> attribute + (<span class="since">since 1.0.1</span>) indicates whether the + disk will allow unprivileged SG_IO, valid settings are "yes" + or "no" (defaults to "no"). Note that it's exclusive with + attribute <code>rawio</code>;