[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH v2 2/5] conf: add XML schema for domain XML



This patch introduces XML schema for domains to retain arbitrary capabilities.
For example, by adding the following XML to domain configuration, 
its domain can retain cap_sys_rawio capability.

  <process>
    <cap name='sys_rawio'/>
  </process>


Signed-off-by: Taku Izumi <izumi taku jp fujitsu com>
Signed-off-by: Shota Hirae <m11g1401 hibikino ne jp>
---
 docs/formatdomain.html.in     |   48 ++++++++++++++++++++++++++++++++++++++
 docs/schemas/domaincommon.rng |   52 ++++++++++++++++++++++++++++++++++++++++++
 src/conf/domain_conf.c        |   33 ++++++++++++++++++++++++++
 src/conf/domain_conf.h        |    2 +
 4 files changed, 135 insertions(+)

Index: libvirt/docs/schemas/domaincommon.rng
===================================================================
--- libvirt.orig/docs/schemas/domaincommon.rng
+++ libvirt/docs/schemas/domaincommon.rng
@@ -35,6 +35,9 @@
         <ref name="clock"/>
         <ref name="resources"/>
         <ref name="features"/>
+        <optional>
+          <ref name="process"/>
+        </optional>
         <ref name="termination"/>
         <optional>
           <ref name="devices"/>
@@ -2344,6 +2347,55 @@
     </optional>
   </define>
   <!--
+      Specification of process element
+    -->
+  <define name="process">
+    <element name="process">
+      <zeroOrMore>
+        <element name="cap">
+          <attribute name="name">
+            <choice>
+              <value>chown</value>
+              <value>dac_override</value>
+              <value>dac_read_search</value>
+              <value>fowner</value>
+              <value>fsetid</value>
+              <value>kill</value>
+              <value>setgid</value>
+              <value>setuid</value>
+              <value>setpcap</value>
+              <value>linux_immutable</value>
+              <value>net_bind_service</value>
+              <value>net_broadcast</value>
+              <value>net_admin</value>
+              <value>net_raw</value>
+              <value>ipc_lock</value>
+              <value>ipc_owner</value>
+              <value>sys_module</value>
+              <value>sys_rawio</value>
+              <value>sys_chroot</value>
+              <value>sys_ptrace</value>
+              <value>sys_pacct</value>
+              <value>sys_admin</value>
+              <value>sys_boot</value>
+              <value>sys_nice</value>
+              <value>sys_resource</value>
+              <value>sys_time</value>
+              <value>sys_tty_config</value>
+              <value>mknod</value>
+              <value>lease</value>
+              <value>audit_write</value>
+              <value>audit_control</value>
+              <value>setfcap</value>
+              <value>mac_override</value>
+              <value>mac_admin</value>
+            </choice>
+          </attribute>
+        </element>
+      </zeroOrMore>
+    </element>
+  </define>
+  <!--
       CPU specification
       -->
   <define name="cpu">
Index: libvirt/src/conf/domain_conf.c
===================================================================
--- libvirt.orig/src/conf/domain_conf.c
+++ libvirt/src/conf/domain_conf.c
@@ -7253,6 +7253,23 @@ static virDomainDefPtr virDomainDefParse
         VIR_FREE(nodes);
     }
 
+    n = virXPathNodeSet("./process/cap", ctxt, &nodes);
+    if (n < 0)
+        goto error;
+    if (n) {
+        for (i = 0; i < n; i++) {
+            int val = virCapsProcessCapsTypeFromString(virXMLPropString(nodes[i], "name"));
+            if (val < 0) {
+                virDomainReportError(VIR_ERR_INTERNAL_ERROR,
+                                     _("unexpected process cap %s"),
+                                     virXMLPropString(nodes[i], "name"));
+                goto error;
+            }
+            def->capabilities |= (1ULL << val);
+        }
+        VIR_FREE(nodes);
+    }
+
     if (virDomainLifecycleParseXML(ctxt, "string(./on_reboot[1])",
                                    &def->onReboot, VIR_DOMAIN_LIFECYCLE_RESTART,
                                    virDomainLifecycleTypeFromString) < 0)
@@ -11520,6 +11537,22 @@ virDomainDefFormatInternal(virDomainDefP
         virBufferAddLit(buf, "  </features>\n");
     }
 
+    if (def->capabilities) {
+        virBufferAddLit(buf, "  <process>\n");
+        for (n = 0; n < VIR_PROCESS_CAPABILITY_LAST; n++) {
+            if (def->capabilities & (1ULL << n)) {
+                const char *name = virCapsProcessCapsTypeToString(n);
+                if (!name) {
+                    virDomainReportError(VIR_ERR_INTERNAL_ERROR,
+                                         _("unexpected process cap %d"), n);
+                    goto cleanup;
+                }
+                virBufferAsprintf(buf, "    <cap name='%s'/>\n", name);
+            }
+        }
+        virBufferAddLit(buf, "  </process>\n");
+    }
+
     virBufferAdjustIndent(buf, 2);
     if (virCPUDefFormatBufFull(buf, def->cpu) < 0)
         goto cleanup;
Index: libvirt/src/conf/domain_conf.h
===================================================================
--- libvirt.orig/src/conf/domain_conf.h
+++ libvirt/src/conf/domain_conf.h
@@ -1441,6 +1441,8 @@ struct _virDomainDef {
     char *emulator;
     int features;
 
+    unsigned long long capabilities;
+
     virDomainClockDef clock;
 
     int ngraphics;
Index: libvirt/docs/formatdomain.html.in
===================================================================
--- libvirt.orig/docs/formatdomain.html.in
+++ libvirt/docs/formatdomain.html.in
@@ -787,6 +787,54 @@
       </dd>
     </dl>
 
+    <h3><a name="elementsProcess">Process Capability</a></h3>
+
+    <p>
+      Process of Domain are allowed to retain capabilities specified
+      by cap element. What capabilities host supports can be found at
+      capability XML.
+    </p>
+
+<pre>
+  ...
+  &lt;process&gt;
+    &lt;cap name="chown"/&gt;
+    &lt;cap name="dac_override"/&gt;
+    &lt;cap name="dac_read_search"/&gt;
+    &lt;cap name="fowner"/&gt;
+    &lt;cap name="fsetid"/&gt;
+    &lt;cap name="kill"/&gt;
+    &lt;cap name="setgid"/&gt;
+    &lt;cap name="setuid"/&gt;
+    &lt;cap name="setpcap"/&gt;
+    &lt;cap name="linux_immutable"/&gt;
+    &lt;cap name="net_bind_service"/&gt;
+    &lt;cap name="net_broadcast"/&gt;
+    &lt;cap name="net_admin"/&gt;
+    &lt;cap name="net_raw"/&gt;
+    &lt;cap name="ipc_lock"/&gt;
+    &lt;cap name="ipc_owner"/&gt;
+    &lt;cap name="sys_module"/&gt;
+    &lt;cap name="sys_rawio"/&gt;
+    &lt;cap name="sys_chroot"/&gt;
+    &lt;cap name="sys_ptrace"/&gt;
+    &lt;cap name="sys_pacct"/&gt;
+    &lt;cap name="sys_admin"/&gt;
+    &lt;cap name="sys_boot"/&gt;
+    &lt;cap name="sys_nice"/&gt;
+    &lt;cap name="sys_resource"/&gt;
+    &lt;cap name="sys_time"/&gt;
+    &lt;cap name="sys_tty_config"/&gt;
+    &lt;cap name="mknod"/&gt;
+    &lt;cap name="lease"/&gt;
+    &lt;cap name="audit_write"/&gt;
+    &lt;cap name="audit_control"/&gt;
+    &lt;cap name="setfcap"/&gt;
+    &lt;cap name="mac_override"/&gt;
+    &lt;cap name="mac_admin"/&gt;
+  &lt;/process&gt;
+  ...</pre>
+
     <h3><a name="elementsTime">Time keeping</a></h3>
 
     <p>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]