[libvirt] [PATCH 0/4] RFC: grant KVM guests retain arbitrary capabilities

Wed Dec 21 15:41:56 UTC 2011

On Wed, Dec 21, 2011 at 07:19:52PM +0900, Taku Izumi wrote:
> 
> Thank you for your comment.
>  
> > We could do with a feature like this for LXC too. Though I'd prefer
> > the XML to be a little more concise. Perhaps
> > 
> >     <process>
> >        <cap_sys_rawio/>
> >     </process>
> > 
> > One potential concern is that the capability names are OS specific,
> > so perhaps rather than allow them as element names, we should use
> > string attribute values for them
> > 
> >     <process>
> >       <cap name='sys_rawio'/>
> >     </process>
> > 
> 
>  I'll take in your idea.
> 
> > and declare the attribute values are potentially OS dependant, and
> > then expose the list of allowed OS capabilities values in the capabilities
> > XML.
> 
>  I plan on adding "process_capabilities" child element to "host" element of 
>   the capabilities XML like the following:
> 
>   # virsh capabilities
>   <capabilities>
>   <host>
>   ...
>     <process_capabilities>

For consistency, I'd just use  <process> here too

>       <cap name='chown'/>
>       <cap name='dac_override'/>
>       <cap name='dac_read_search'/>
>       ...
>     </process_capabilities>
>   </host>
>   ...
> 
>  Is this what you mean?

Yes you got it

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|