[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH 3/6] docs: Add docs and rng schema for new XML tag sgio



This introduces new XML tag "sgio" for disk, its valid values
are "filtered" and "unfiltered", setting it as "filtered" will
set the disk's unpriv_sgio to 0, and "unfiltered" to set it
as 1, which allows the unprivileged SG_IO commands.
---
 docs/formatdomain.html.in     |   14 ++++++++++-
 docs/schemas/domaincommon.rng |   54 +++++++++++++++++++++++++++-------------
 2 files changed, 49 insertions(+), 19 deletions(-)

diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 8d9ab9e..ac55845 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -1395,7 +1395,19 @@
         rawio='yes', rawio capability will be enabled for all disks in
         the domain (because, in the case of QEMU, this capability can
         only be set on a per-process basis). This attribute is only
-        valid when device is "lun".
+        valid when device is "lun". NB, <code>rawio</code> intends to
+        confine the capability per-device, however, current QEMU
+        implementation gives the domain process broader capability
+        than that (per-process basis, affects all the domain disks).
+        To confine the capability as much as possible for QEMU driver
+        as this stage, <code>sgio</code> is recommended, it's more
+        secure than <code>rawio</code>.
+        The optional <code>sgio</code> attribute indicates whether the
+        kernel will filter unprivileged SG_IO commands for the disk,
+        valid settings are "filtered" or "unfiltered". Defaults to
+        "filtered". Same with <code>rawio</code>, <code>sgio</code>
+        is only valid for device 'lun'.
+        <span class="since">since 1.0.2</span>
         The optional <code>snapshot</code> attribute indicates the default
         behavior of the disk during disk snapshots: "internal"
         requires a file format such as qcow2 that can store both the
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 0529d62..7a97781 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -971,24 +971,42 @@
     -->
   <define name="disk">
     <element name="disk">
-      <optional>
-        <attribute name="device">
-          <choice>
-            <value>floppy</value>
-            <value>disk</value>
-            <value>cdrom</value>
-            <value>lun</value>
-          </choice>
-        </attribute>
-      </optional>
-      <optional>
-        <attribute name="rawio">
-          <choice>
-            <value>yes</value>
-            <value>no</value>
-          </choice>
-        </attribute>
-      </optional>
+      <choice>
+        <group>
+          <optional>
+            <attribute name="device">
+              <choice>
+                <value>floppy</value>
+                <value>disk</value>
+                <value>cdrom</value>
+              </choice>
+            </attribute>
+          </optional>
+        </group>
+        <group>
+          <attribute name="device">
+            <choice>
+              <value>lun</value>
+            </choice>
+          </attribute>
+          <optional>
+            <attribute name="rawio">
+              <choice>
+                <value>yes</value>
+                <value>no</value>
+              </choice>
+            </attribute>
+          </optional>
+          <optional>
+            <attribute name="sgio">
+              <choice>
+                <value>filtered</value>
+                <value>unfiltered</value>
+              </choice>
+            </attribute>
+          </optional>
+        </group>
+      </choice>
       <optional>
         <ref name="snapshot"/>
       </optional>
-- 
1.7.7.6


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]