[libvirt] [PATCH v3 0/5] RFC: grant KVM guests retain arbitrary capabilities
Taku Izumi
izumi.taku at jp.fujitsu.com
Fri Jan 27 07:18:38 UTC 2012
On Sat, 21 Jan 2012 19:01:35 +0100
Paolo Bonzini <pbonzini at redhat.com> wrote:
Thank you for your comment.
> On 01/20/2012 07:25 AM, Taku Izumi wrote:
> > OK. I'll try to implement like this way.
>
> No, I think your current patch is fine. Perhaps in the future we can
> try to implement cgroup-based whitelists in the kernel.
>
> In any case adding rawio (which is a per-process capability) to a <disk>
> element would be wrong.
It is true that process capability affects not per disk but a domain.
It's a bit strange, but it is OK in my personal opinion.
Which do you think is better, Eric?
--
Taku Izumi <izumi.taku at jp.fujitsu.com>
More information about the libvir-list
mailing list