2014-06-25 16:28:44 +02:00
|
|
|
From f199dbab24896c31c90a3291c4779daccef949ed Mon Sep 17 00:00:00 2001
|
|
|
|
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
|
|
|
|
Date: Wed, 11 Jun 2014 16:43:45 +0200
|
|
|
|
Subject: [PATCH 2/3] lxc domain from xml: convert lxc.cap.drop
|
|
|
|
|
|
|
|
---
|
|
|
|
src/lxc/lxc_native.c | 25 ++++++++++++++++++++++
|
|
|
|
tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml | 2 ++
|
|
|
|
tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml | 2 ++
|
|
|
|
tests/lxcconf2xmldata/lxcconf2xml-cputune.xml | 2 ++
|
|
|
|
tests/lxcconf2xmldata/lxcconf2xml-idmap.xml | 2 ++
|
|
|
|
.../lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml | 4 ++++
|
|
|
|
tests/lxcconf2xmldata/lxcconf2xml-memtune.xml | 2 ++
|
|
|
|
tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml | 4 ++++
|
|
|
|
tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml | 2 ++
|
|
|
|
tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml | 4 ++++
|
|
|
|
tests/lxcconf2xmldata/lxcconf2xml-simple.xml | 8 +++++++
|
|
|
|
tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml | 4 ++++
|
|
|
|
12 files changed, 61 insertions(+)
|
|
|
|
|
2014-07-02 21:21:03 +02:00
|
|
|
Index: libvirt-1.2.6/src/lxc/lxc_native.c
|
|
|
|
===================================================================
|
|
|
|
--- libvirt-1.2.6.orig/src/lxc/lxc_native.c
|
|
|
|
+++ libvirt-1.2.6/src/lxc/lxc_native.c
|
|
|
|
@@ -838,6 +838,28 @@ lxcSetBlkioTune(virDomainDefPtr def, vir
|
2014-06-25 16:28:44 +02:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
+static void
|
|
|
|
+lxcSetCapDrop(virDomainDefPtr def, virConfPtr properties)
|
|
|
|
+{
|
|
|
|
+ virConfValuePtr value;
|
|
|
|
+ char **toDrop = NULL;
|
|
|
|
+ const char *capString;
|
|
|
|
+ size_t i;
|
|
|
|
+
|
|
|
|
+ if ((value = virConfGetValue(properties, "lxc.cap.drop")) && value->str)
|
|
|
|
+ toDrop = virStringSplit(value->str, " ", 0);
|
|
|
|
+
|
|
|
|
+ for (i = 0; i < VIR_DOMAIN_CAPS_FEATURE_LAST; i++) {
|
|
|
|
+ capString = virDomainCapsFeatureTypeToString(i);
|
|
|
|
+ if (toDrop != NULL && virStringArrayHasString(toDrop, capString))
|
|
|
|
+ def->caps_features[i] = VIR_DOMAIN_FEATURE_STATE_OFF;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ def->features[VIR_DOMAIN_FEATURE_CAPABILITIES] = VIR_DOMAIN_CAPABILITIES_POLICY_ALLOW;
|
|
|
|
+
|
|
|
|
+ virStringFreeList(toDrop);
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
virDomainDefPtr
|
|
|
|
lxcParseConfigString(const char *config)
|
|
|
|
{
|
|
|
|
@@ -935,6 +957,9 @@ lxcParseConfigString(const char *config)
|
|
|
|
if (lxcSetBlkioTune(vmdef, properties) < 0)
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
+ /* lxc.cap.drop */
|
|
|
|
+ lxcSetCapDrop(vmdef, properties);
|
|
|
|
+
|
|
|
|
goto cleanup;
|
|
|
|
|
|
|
|
error:
|
2014-07-02 21:21:03 +02:00
|
|
|
Index: libvirt-1.2.6/tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml
|
|
|
|
===================================================================
|
|
|
|
--- libvirt-1.2.6.orig/tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml
|
|
|
|
+++ libvirt-1.2.6/tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml
|
2014-06-25 16:28:44 +02:00
|
|
|
@@ -25,6 +25,8 @@
|
|
|
|
</os>
|
|
|
|
<features>
|
|
|
|
<privnet/>
|
|
|
|
+ <capabilities policy='allow'>
|
|
|
|
+ </capabilities>
|
|
|
|
</features>
|
|
|
|
<clock offset='utc'/>
|
|
|
|
<on_poweroff>destroy</on_poweroff>
|
2014-07-02 21:21:03 +02:00
|
|
|
Index: libvirt-1.2.6/tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml
|
|
|
|
===================================================================
|
|
|
|
--- libvirt-1.2.6.orig/tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml
|
|
|
|
+++ libvirt-1.2.6/tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml
|
2014-06-25 16:28:44 +02:00
|
|
|
@@ -13,6 +13,8 @@
|
|
|
|
</os>
|
|
|
|
<features>
|
|
|
|
<privnet/>
|
|
|
|
+ <capabilities policy='allow'>
|
|
|
|
+ </capabilities>
|
|
|
|
</features>
|
|
|
|
<clock offset='utc'/>
|
|
|
|
<on_poweroff>destroy</on_poweroff>
|
2014-07-02 21:21:03 +02:00
|
|
|
Index: libvirt-1.2.6/tests/lxcconf2xmldata/lxcconf2xml-cputune.xml
|
|
|
|
===================================================================
|
|
|
|
--- libvirt-1.2.6.orig/tests/lxcconf2xmldata/lxcconf2xml-cputune.xml
|
|
|
|
+++ libvirt-1.2.6/tests/lxcconf2xmldata/lxcconf2xml-cputune.xml
|
2014-06-25 16:28:44 +02:00
|
|
|
@@ -15,6 +15,8 @@
|
|
|
|
</os>
|
|
|
|
<features>
|
|
|
|
<privnet/>
|
|
|
|
+ <capabilities policy='allow'>
|
|
|
|
+ </capabilities>
|
|
|
|
</features>
|
|
|
|
<clock offset='utc'/>
|
|
|
|
<on_poweroff>destroy</on_poweroff>
|
2014-07-02 21:21:03 +02:00
|
|
|
Index: libvirt-1.2.6/tests/lxcconf2xmldata/lxcconf2xml-idmap.xml
|
|
|
|
===================================================================
|
|
|
|
--- libvirt-1.2.6.orig/tests/lxcconf2xmldata/lxcconf2xml-idmap.xml
|
|
|
|
+++ libvirt-1.2.6/tests/lxcconf2xmldata/lxcconf2xml-idmap.xml
|
2014-06-25 16:28:44 +02:00
|
|
|
@@ -14,6 +14,8 @@
|
|
|
|
</idmap>
|
|
|
|
<features>
|
|
|
|
<privnet/>
|
|
|
|
+ <capabilities policy='allow'>
|
|
|
|
+ </capabilities>
|
|
|
|
</features>
|
|
|
|
<clock offset='utc'/>
|
|
|
|
<on_poweroff>destroy</on_poweroff>
|
2014-07-02 21:21:03 +02:00
|
|
|
Index: libvirt-1.2.6/tests/lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml
|
|
|
|
===================================================================
|
|
|
|
--- libvirt-1.2.6.orig/tests/lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml
|
|
|
|
+++ libvirt-1.2.6/tests/lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml
|
2014-06-25 16:28:44 +02:00
|
|
|
@@ -8,6 +8,10 @@
|
|
|
|
<type>exe</type>
|
|
|
|
<init>/sbin/init</init>
|
|
|
|
</os>
|
|
|
|
+ <features>
|
|
|
|
+ <capabilities policy='allow'>
|
|
|
|
+ </capabilities>
|
|
|
|
+ </features>
|
|
|
|
<clock offset='utc'/>
|
|
|
|
<on_poweroff>destroy</on_poweroff>
|
|
|
|
<on_reboot>restart</on_reboot>
|
2014-07-02 21:21:03 +02:00
|
|
|
Index: libvirt-1.2.6/tests/lxcconf2xmldata/lxcconf2xml-memtune.xml
|
|
|
|
===================================================================
|
|
|
|
--- libvirt-1.2.6.orig/tests/lxcconf2xmldata/lxcconf2xml-memtune.xml
|
|
|
|
+++ libvirt-1.2.6/tests/lxcconf2xmldata/lxcconf2xml-memtune.xml
|
2014-06-25 16:28:44 +02:00
|
|
|
@@ -15,6 +15,8 @@
|
|
|
|
</os>
|
|
|
|
<features>
|
|
|
|
<privnet/>
|
|
|
|
+ <capabilities policy='allow'>
|
|
|
|
+ </capabilities>
|
|
|
|
</features>
|
|
|
|
<clock offset='utc'/>
|
|
|
|
<on_poweroff>destroy</on_poweroff>
|
2014-07-02 21:21:03 +02:00
|
|
|
Index: libvirt-1.2.6/tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml
|
|
|
|
===================================================================
|
|
|
|
--- libvirt-1.2.6.orig/tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml
|
|
|
|
+++ libvirt-1.2.6/tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml
|
2014-06-25 16:28:44 +02:00
|
|
|
@@ -8,6 +8,10 @@
|
|
|
|
<type>exe</type>
|
|
|
|
<init>/sbin/init</init>
|
|
|
|
</os>
|
|
|
|
+ <features>
|
|
|
|
+ <capabilities policy='allow'>
|
|
|
|
+ </capabilities>
|
|
|
|
+ </features>
|
|
|
|
<clock offset='utc'/>
|
|
|
|
<on_poweroff>destroy</on_poweroff>
|
|
|
|
<on_reboot>restart</on_reboot>
|
2014-07-02 21:21:03 +02:00
|
|
|
Index: libvirt-1.2.6/tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml
|
|
|
|
===================================================================
|
|
|
|
--- libvirt-1.2.6.orig/tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml
|
|
|
|
+++ libvirt-1.2.6/tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml
|
2014-06-25 16:28:44 +02:00
|
|
|
@@ -10,6 +10,8 @@
|
|
|
|
</os>
|
|
|
|
<features>
|
|
|
|
<privnet/>
|
|
|
|
+ <capabilities policy='allow'>
|
|
|
|
+ </capabilities>
|
|
|
|
</features>
|
|
|
|
<clock offset='utc'/>
|
|
|
|
<on_poweroff>destroy</on_poweroff>
|
2014-07-02 21:21:03 +02:00
|
|
|
Index: libvirt-1.2.6/tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml
|
|
|
|
===================================================================
|
|
|
|
--- libvirt-1.2.6.orig/tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml
|
|
|
|
+++ libvirt-1.2.6/tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml
|
2014-06-25 16:28:44 +02:00
|
|
|
@@ -8,6 +8,10 @@
|
|
|
|
<type>exe</type>
|
|
|
|
<init>/sbin/init</init>
|
|
|
|
</os>
|
|
|
|
+ <features>
|
|
|
|
+ <capabilities policy='allow'>
|
|
|
|
+ </capabilities>
|
|
|
|
+ </features>
|
|
|
|
<clock offset='utc'/>
|
|
|
|
<on_poweroff>destroy</on_poweroff>
|
|
|
|
<on_reboot>restart</on_reboot>
|
2014-07-02 21:21:03 +02:00
|
|
|
Index: libvirt-1.2.6/tests/lxcconf2xmldata/lxcconf2xml-simple.xml
|
|
|
|
===================================================================
|
|
|
|
--- libvirt-1.2.6.orig/tests/lxcconf2xmldata/lxcconf2xml-simple.xml
|
|
|
|
+++ libvirt-1.2.6/tests/lxcconf2xmldata/lxcconf2xml-simple.xml
|
2014-06-25 16:28:44 +02:00
|
|
|
@@ -8,6 +8,14 @@
|
|
|
|
<type arch='i686'>exe</type>
|
|
|
|
<init>/sbin/init</init>
|
|
|
|
</os>
|
|
|
|
+ <features>
|
|
|
|
+ <capabilities policy='allow'>
|
|
|
|
+ <mac_admin state='off'/>
|
|
|
|
+ <mac_override state='off'/>
|
|
|
|
+ <mknod state='off'/>
|
|
|
|
+ <sys_module state='off'/>
|
|
|
|
+ </capabilities>
|
|
|
|
+ </features>
|
|
|
|
<clock offset='utc'/>
|
|
|
|
<on_poweroff>destroy</on_poweroff>
|
|
|
|
<on_reboot>restart</on_reboot>
|
2014-07-02 21:21:03 +02:00
|
|
|
Index: libvirt-1.2.6/tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml
|
|
|
|
===================================================================
|
|
|
|
--- libvirt-1.2.6.orig/tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml
|
|
|
|
+++ libvirt-1.2.6/tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml
|
2014-06-25 16:28:44 +02:00
|
|
|
@@ -8,6 +8,10 @@
|
|
|
|
<type>exe</type>
|
|
|
|
<init>/sbin/init</init>
|
|
|
|
</os>
|
|
|
|
+ <features>
|
|
|
|
+ <capabilities policy='allow'>
|
|
|
|
+ </capabilities>
|
|
|
|
+ </features>
|
|
|
|
<clock offset='utc'/>
|
|
|
|
<on_poweroff>destroy</on_poweroff>
|
|
|
|
<on_reboot>restart</on_reboot>
|