[libvirt] [PATCH v2 2/5] conf: add XML schema for domain XML
Osier Yang
jyang at redhat.com
Fri Dec 30 04:35:14 UTC 2011
On 2011年12月30日 12:06, Osier Yang wrote:
> On 2011年12月22日 15:04, Taku Izumi wrote:
>>
>> This patch introduces XML schema for domains to retain arbitrary
>> capabilities.
>> For example, by adding the following XML to domain configuration,
>> its domain can retain cap_sys_rawio capability.
>>
>> <process>
>> <cap name='sys_rawio'/>
>> </process>
>>
>>
>> Signed-off-by: Taku Izumi<izumi.taku at jp.fujitsu.com>
>> Signed-off-by: Shota Hirae<m11g1401 at hibikino.ne.jp>
>> ---
>> docs/formatdomain.html.in | 48 ++++++++++++++++++++++++++++++++++++++
>> docs/schemas/domaincommon.rng | 52
>> ++++++++++++++++++++++++++++++++++++++++++
>> src/conf/domain_conf.c | 33 ++++++++++++++++++++++++++
>> src/conf/domain_conf.h | 2 +
>> 4 files changed, 135 insertions(+)
>>
>> Index: libvirt/docs/schemas/domaincommon.rng
>> ===================================================================
>> --- libvirt.orig/docs/schemas/domaincommon.rng
>> +++ libvirt/docs/schemas/domaincommon.rng
>> @@ -35,6 +35,9 @@
>> <ref name="clock"/>
>> <ref name="resources"/>
>> <ref name="features"/>
>> +<optional>
>> +<ref name="process"/>
>> +</optional>
>> <ref name="termination"/>
>> <optional>
>> <ref name="devices"/>
>> @@ -2344,6 +2347,55 @@
>> </optional>
>> </define>
>> <!--
>> + Specification of process element
>> + -->
>> +<define name="process">
>> +<element name="process">
>> +<zeroOrMore>
>> +<element name="cap">
>> +<attribute name="name">
>> +<choice>
>> +<value>chown</value>
>> +<value>dac_override</value>
>> +<value>dac_read_search</value>
>> +<value>fowner</value>
>> +<value>fsetid</value>
>> +<value>kill</value>
>> +<value>setgid</value>
>> +<value>setuid</value>
>> +<value>setpcap</value>
>> +<value>linux_immutable</value>
>> +<value>net_bind_service</value>
>> +<value>net_broadcast</value>
>> +<value>net_admin</value>
>> +<value>net_raw</value>
>> +<value>ipc_lock</value>
>> +<value>ipc_owner</value>
>> +<value>sys_module</value>
>> +<value>sys_rawio</value>
>> +<value>sys_chroot</value>
>> +<value>sys_ptrace</value>
>> +<value>sys_pacct</value>
>> +<value>sys_admin</value>
>> +<value>sys_boot</value>
>> +<value>sys_nice</value>
>> +<value>sys_resource</value>
>> +<value>sys_time</value>
>> +<value>sys_tty_config</value>
>> +<value>mknod</value>
>> +<value>lease</value>
>> +<value>audit_write</value>
>> +<value>audit_control</value>
>> +<value>setfcap</value>
>> +<value>mac_override</value>
>> +<value>mac_admin</value>
>> +</choice>
>> +</attribute>
>> +</element>
>> +</zeroOrMore>
>> +</element>
>> +</define>
>> +<!--
>> CPU specification
>> -->
>> <define name="cpu">
>> Index: libvirt/src/conf/domain_conf.c
>> ===================================================================
>> --- libvirt.orig/src/conf/domain_conf.c
>> +++ libvirt/src/conf/domain_conf.c
>> @@ -7253,6 +7253,23 @@ static virDomainDefPtr virDomainDefParse
>> VIR_FREE(nodes);
>> }
>>
>> + n = virXPathNodeSet("./process/cap", ctxt,&nodes);
>> + if (n< 0)
>> + goto error;
>> + if (n) {
>> + for (i = 0; i< n; i++) {
>> + int val =
>> virCapsProcessCapsTypeFromString(virXMLPropString(nodes[i], "name"));
>> + if (val< 0) {
>> + virDomainReportError(VIR_ERR_INTERNAL_ERROR,
>
> s/VIR_ERR_INTERNAL_ERROR/VIR_ERR_CONFIG_UNSUPPORTED/
>
>> + _("unexpected process cap %s"),
>> + virXMLPropString(nodes[i], "name"));
>
> virXMLPropString is used twice, it can be avoided by something like:
>
> const char *name = virXMLPropString(nodes[i], name);
>
> And use name where you want.
>
>
>> + goto error;
>> + }
>> + def->capabilities |= (1ULL<< val);
>> + }
>> + VIR_FREE(nodes);
>> + }
>> +
>> if (virDomainLifecycleParseXML(ctxt, "string(./on_reboot[1])",
>> &def->onReboot, VIR_DOMAIN_LIFECYCLE_RESTART,
>> virDomainLifecycleTypeFromString)< 0)
>> @@ -11520,6 +11537,22 @@ virDomainDefFormatInternal(virDomainDefP
>> virBufferAddLit(buf, "</features>\n");
>> }
>>
>> + if (def->capabilities) {
>> + virBufferAddLit(buf, "<process>\n");
>> + for (n = 0; n< VIR_PROCESS_CAPABILITY_LAST; n++) {
>> + if (def->capabilities& (1ULL<< n)) {
>> + const char *name = virCapsProcessCapsTypeToString(n);
>> + if (!name) {
>> + virDomainReportError(VIR_ERR_INTERNAL_ERROR,
>> + _("unexpected process cap %d"), n);
>> + goto cleanup;
>> + }
>> + virBufferAsprintf(buf, "<cap name='%s'/>\n", name);
>> + }
>> + }
>> + virBufferAddLit(buf, "</process>\n");
>> + }
>> +
>> virBufferAdjustIndent(buf, 2);
>> if (virCPUDefFormatBufFull(buf, def->cpu)< 0)
>> goto cleanup;
>> Index: libvirt/src/conf/domain_conf.h
>> ===================================================================
>> --- libvirt.orig/src/conf/domain_conf.h
>> +++ libvirt/src/conf/domain_conf.h
>> @@ -1441,6 +1441,8 @@ struct _virDomainDef {
>> char *emulator;
>> int features;
>>
>> + unsigned long long capabilities;
>
> Should we choose another name such like "process_caps"? Considering
> we might need to introduce other capabilities for domain in future.
>
>> +
>> virDomainClockDef clock;
>>
>> int ngraphics;
>> Index: libvirt/docs/formatdomain.html.in
>> ===================================================================
>> --- libvirt.orig/docs/formatdomain.html.in
>> +++ libvirt/docs/formatdomain.html.in
>> @@ -787,6 +787,54 @@
>> </dd>
>> </dl>
>>
>> +<h3><a name="elementsProcess">Process Capability</a></h3>
>> +
>> +<p>
>> + Process of Domain are allowed to retain capabilities specified
>
> Is following better? :-)
>
> Domain process is allowed to...
>
>> + by cap element. What capabilities host supports can be found at
>> + capability XML.
>
> Better to add the virsh command. e.g.
>
> capability XML (virsh capabilities)
Also we need to declare the caps are OS dependant.
>
>> +</p>
>> +
>> +<pre>
>> + ...
>> +<process>
>> +<cap name="chown"/>
>> +<cap name="dac_override"/>
>> +<cap name="dac_read_search"/>
>> +<cap name="fowner"/>
>> +<cap name="fsetid"/>
>> +<cap name="kill"/>
>> +<cap name="setgid"/>
>> +<cap name="setuid"/>
>> +<cap name="setpcap"/>
>> +<cap name="linux_immutable"/>
>> +<cap name="net_bind_service"/>
>> +<cap name="net_broadcast"/>
>> +<cap name="net_admin"/>
>> +<cap name="net_raw"/>
>> +<cap name="ipc_lock"/>
>> +<cap name="ipc_owner"/>
>> +<cap name="sys_module"/>
>> +<cap name="sys_rawio"/>
>> +<cap name="sys_chroot"/>
>> +<cap name="sys_ptrace"/>
>> +<cap name="sys_pacct"/>
>> +<cap name="sys_admin"/>
>> +<cap name="sys_boot"/>
>> +<cap name="sys_nice"/>
>> +<cap name="sys_resource"/>
>> +<cap name="sys_time"/>
>> +<cap name="sys_tty_config"/>
>> +<cap name="mknod"/>
>> +<cap name="lease"/>
>> +<cap name="audit_write"/>
>> +<cap name="audit_control"/>
>> +<cap name="setfcap"/>
>> +<cap name="mac_override"/>
>> +<cap name="mac_admin"/>
>> +</process>
>> + ...</pre>
>> +
>> <h3><a name="elementsTime">Time keeping</a></h3>
>>
>> <p>
>>
>> --
>> libvir-list mailing list
>> libvir-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/libvir-list
>
> --
> libvir-list mailing list
> libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
More information about the libvir-list
mailing list