[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH 0/4] RFC: grant KVM guests retain arbitrary capabilities

On Tue, Dec 20, 2011 at 04:40:54PM +0900, Taku Izumi wrote:
> Hi all,
> This patchset adds an option for KVM guests to retain arbitrary capabilities.
> I want KVM guests to retain "cap_sys_rawio" capability, so I tried to
> run qemu as root user. However because libvirt clears all capability 
> of KVM guest by default, even if guest is running as root user,
> it doesn't have any capability.  I can fulfill my requirement by 
> disabling "clear_emulator_capabilities" option, but it's not 
> good idea considering security risk. I'm happy libvirt could clear
> unnecessary capabilities instead of clearing all. That is a motivator
> for creating this patch.
> By adding "domain_capabilities" element and to domain XML, its domain
> can retain specified capabilities  like the following:
> ; VM can retain cap_sys_rawio capability
> # virsh edit VM
> ...
>   </features>
>   <domain_capabilities>
>     <cap_sys_rawio/>
>   </domain_capabilities>
>   <clock offset='utc'/>

We could do with a feature like this for LXC too. Though I'd prefer
the XML to be a little more concise. Perhaps


One potential concern is that the capability names are OS specific,
so perhaps rather than allow them as element names, we should use
string attribute values for them

      <cap name='sys_rawio'/>

and declare the attribute values are potentially OS dependant, and
then expose the list of allowed OS capabilities values in the capabilities

|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]