[libvirt] [PATCH v2 3/5] util: add functions to keep capabilities
Osier Yang
jyang at redhat.com
Fri Dec 30 04:19:01 UTC 2011
On 2011年12月22日 15:05, Taku Izumi wrote:
>
> This patch introduces virKeepCapabilities() function and implements
> virCommandAllowCap() function.
>
> Existing virClearCapabilities() is function to clear all capabilities.
> Instead virKeepCapabilities() is function to keep arbitrary capabilities.
>
>
> Signed-off-by: Taku Izumi<izumi.taku at jp.fujitsu.com>
> Signed-off-by: Shota Hirae<m11g1401 at hibikino.ne.jp>
> ---
> src/util/command.c | 45 ++++++++++++++++++++++++++++++++++++++-------
> src/util/command.h | 4 +---
> 2 files changed, 39 insertions(+), 10 deletions(-)
>
> Index: libvirt/src/util/command.c
> ===================================================================
> --- libvirt.orig/src/util/command.c
> +++ libvirt/src/util/command.c
> @@ -102,6 +102,8 @@ struct _virCommand {
> pid_t pid;
> char *pidfile;
> bool reap;
> +
> + unsigned long long capabilities;
> };
>
> #ifndef WIN32
> @@ -121,6 +123,33 @@ static int virClearCapabilities(void)
>
> return 0;
> }
> +
> +/**
> + * virKeepCapabilities:
> + * @capabilities - capability flag to keep.
> + * In case of 0, this function is identical to
> + * virKeepCapabilities()
Guess you mean "virClearCapabilities" here.
> + *
> + */
> +static int virKeepCapabilities(unsigned long long capabilities)
> +{
> + int ret, i;
> +
> + capng_clear(CAPNG_SELECT_BOTH);
> +
> + for (i = 0; i<= CAP_LAST_CAP; i++) {
> + if (capabilities& (1ULL<< i))
> + capng_update(CAPNG_ADD, CAPNG_BOUNDING_SET, i);
> + }
> +
> + if (ret = capng_apply(CAPNG_SELECT_BOTH)< 0) {
> + virCommandError(VIR_ERR_INTERNAL_ERROR,
> + _("cannot apply process capabilities %d"), ret);
> + return -1;
> + }
> +
> + return 0;
> +}
> # else
> static int virClearCapabilities(void)
> {
> @@ -128,6 +157,11 @@ static int virClearCapabilities(void)
> // "capabilities");
> return 0;
> }
> +
> +static int virKeepCapabilities(unsigned long long capabilities)
> +{
> + return 0;
> +}
> # endif
>
>
> @@ -821,26 +855,23 @@ virCommandClearCaps(virCommandPtr cmd)
> cmd->flags |= VIR_EXEC_CLEAR_CAPS;
> }
>
> -#if 0 /* XXX Enable if we have a need for capability management. */
> -
> /**
> * virCommandAllowCap:
> * @cmd: the command to modify
> - * @capability: what to allow
> + * @capabilities: what to allow
> *
> - * Re-allow a specific capability
> + * Allow a specific capability
s/a specific/capability/specific capablitites/ ?
> */
> void
> virCommandAllowCap(virCommandPtr cmd,
> - int capability ATTRIBUTE_UNUSED)
> + unsigned long long capabilities)
> {
> if (!cmd || cmd->has_error)
> return;
>
> - /* XXX ? */
> + cmd->capabilities = capabilities;
> }
>
> -#endif /* 0 */
>
>
> /**
> Index: libvirt/src/util/command.h
> ===================================================================
> --- libvirt.orig/src/util/command.h
> +++ libvirt/src/util/command.h
> @@ -60,10 +60,8 @@ void virCommandSetPidFile(virCommandPtr
>
> void virCommandClearCaps(virCommandPtr cmd);
>
> -# if 0
> void virCommandAllowCap(virCommandPtr cmd,
> - int capability);
> -# endif
> + unsigned long long capabilities);
>
> void virCommandDaemonize(virCommandPtr cmd);
>
>
> --
> libvir-list mailing list
> libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
More information about the libvir-list
mailing list