[libvirt] [PATCH v2 0/5] RFC: grant KVM guests retain arbitrary capabilities

Shu Ming shuming at linux.vnet.ibm.com
Wed Dec 28 02:44:50 UTC 2011 

On 2011-12-22 14:49, Taku Izumi wrote:
> Hi Daniel-san and all,
>
> This patchset adds an option for KVM guests to retain arbitrary capabilities.
> The first version is here:
>    http://www.redhat.com/archives/libvir-list/2011-December/msg00857.html
>
> According to Daniel-san's comment, I changed my patch like the following:
>
> v1 ->  v2
>   - introduce "process" and "cap" elements in the capability XML
>   - change XML element name of domain XML likewise
>
> ; process capabilities host supports are found in the capability XML.
> # virsh capabilities
> <capabilities>
>
>    <host>
>      <uuid>00000000-0000-0000-0000-00199914f1c5</uuid>
>      ...
>      <process>
>        <cap name='chown'/>
>        <cap name='dac_override'/>
>        <cap name='dac_read_search'/>
>        <cap name='fowner'/>
>         ...
>      </process>
>    </host>
>    ...
>
> ; VM can retain cap_sys_rawio capability
> # virsh edit VM
> ...
>    </features>
>    <process>
>      <cap name='sys_rawio'/>
>    </process>
>    <clock offset='utc'/>
> ...
>
> # virsh start VM
> # cat /proc/<VM's PID>/status
> ...
> CapInh: 0000000000000000
> CapPrm: fffffffc00020000
> CapEff: fffffffc00020000
> CapBnd: fffffffc00020000
> ...

Does this mean that if the 'sys_rawio' is not set in the "features" 
list, there will be no "CapInh", "CapPrm"... in the proc status file?
I was just wondering it is more like a QEMU/KVM options instead of a 
libvirt options, it is more reasonable to make QEMU/KVM
to guard these options in proc status file instead of libvirt xml file.

>
>    *[PATCH v2 1/5] conf: add XML schema for capability XML
>    *[PATCH v2 2/5] conf: add XML schema for domain XML
>    *[PATCH v2 3/5] util: add functions to keep capabilities
>    *[PATCH v2 4/5] util: extend virExecWithHook()
>    *[PATCH v2 5/5] qemu: make qemu processes to retain capabilities
>
>
> Best regards,
> Taku Izumi
>
> --
> libvir-list mailing list
> libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
>


-- 
Shu Ming<shuming at linux.vnet.ibm.com>
IBM China Systems and Technology Laboratory

More information about the libvir-list mailing list