[libvirt] [PATCHv2 0/3] LXC drop/keep capabilities feature
Cédric Bosdonnat
cbosdonnat at suse.com
Wed Jun 25 13:56:27 UTC 2014
Changes since the previous version are:
* add 'b *:* m' and 'c *:* m' to the device white list is CAP_MKNOD
is requested instead of setting 'a *:* rwm'.
* Add a policy='default|allow|deny' for the features/capabilities
element.
Cédric Bosdonnat (3):
lxc: allow to keep or drop capabilities
lxc domain from xml: convert lxc.cap.drop
lxc: update doc to mention features/capabilities/* domain
configuration
docs/drvlxc.html.in | 47 +++++
docs/schemas/domaincommon.rng | 207 +++++++++++++++++++++
src/conf/domain_conf.c | 126 ++++++++++++-
src/conf/domain_conf.h | 56 ++++++
src/libvirt_private.syms | 3 +
src/lxc/lxc_cgroup.c | 8 +
src/lxc/lxc_container.c | 123 ++++++++++--
src/lxc/lxc_native.c | 25 +++
src/util/vircgroup.c | 74 +++++++-
src/util/vircgroup.h | 2 +
tests/domainschemadata/domain-caps-features.xml | 28 +++
tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml | 2 +
tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml | 2 +
tests/lxcconf2xmldata/lxcconf2xml-cputune.xml | 2 +
tests/lxcconf2xmldata/lxcconf2xml-idmap.xml | 2 +
.../lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml | 4 +
tests/lxcconf2xmldata/lxcconf2xml-memtune.xml | 2 +
tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml | 4 +
tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml | 2 +
tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml | 4 +
tests/lxcconf2xmldata/lxcconf2xml-simple.xml | 8 +
tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml | 4 +
22 files changed, 710 insertions(+), 25 deletions(-)
create mode 100644 tests/domainschemadata/domain-caps-features.xml
--
1.8.4.5
More information about the libvir-list
mailing list