[libvirt] [PATCH 0/4] RFC: grant KVM guests retain arbitrary capabilities
Daniel P. Berrange
berrange at redhat.com
Tue Dec 20 15:13:27 UTC 2011
On Tue, Dec 20, 2011 at 04:40:54PM +0900, Taku Izumi wrote:
> Hi all,
>
> This patchset adds an option for KVM guests to retain arbitrary capabilities.
>
> I want KVM guests to retain "cap_sys_rawio" capability, so I tried to
> run qemu as root user. However because libvirt clears all capability
> of KVM guest by default, even if guest is running as root user,
> it doesn't have any capability. I can fulfill my requirement by
> disabling "clear_emulator_capabilities" option, but it's not
> good idea considering security risk. I'm happy libvirt could clear
> unnecessary capabilities instead of clearing all. That is a motivator
> for creating this patch.
>
> By adding "domain_capabilities" element and to domain XML, its domain
> can retain specified capabilities like the following:
>
> ; VM can retain cap_sys_rawio capability
> # virsh edit VM
> ...
> </features>
> <domain_capabilities>
> <cap_sys_rawio/>
> </domain_capabilities>
> <clock offset='utc'/>
We could do with a feature like this for LXC too. Though I'd prefer
the XML to be a little more concise. Perhaps
<process>
<cap_sys_rawio/>
</process>
One potential concern is that the capability names are OS specific,
so perhaps rather than allow them as element names, we should use
string attribute values for them
<process>
<cap name='sys_rawio'/>
</process>
and declare the attribute values are potentially OS dependant, and
then expose the list of allowed OS capabilities values in the capabilities
XML.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list