[PATCHv4 2/2] lxc domain from xml: convert lxc.cap.drop

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



---
 src/lxc/lxc_native.c                               | 25 ++++++++++++++++++++++
 tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml    |  2 ++
 tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml   |  2 ++
 tests/lxcconf2xmldata/lxcconf2xml-cputune.xml      |  2 ++
 tests/lxcconf2xmldata/lxcconf2xml-idmap.xml        |  2 ++
 .../lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml |  4 ++++
 tests/lxcconf2xmldata/lxcconf2xml-memtune.xml      |  2 ++
 tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml  |  4 ++++
 tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml    |  2 ++
 tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml  |  4 ++++
 tests/lxcconf2xmldata/lxcconf2xml-simple.xml       |  8 +++++++
 tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml  |  4 ++++
 12 files changed, 61 insertions(+)

diff --git a/src/lxc/lxc_native.c b/src/lxc/lxc_native.c
index bb15a36..3ffcd47 100644
--- a/src/lxc/lxc_native.c
+++ b/src/lxc/lxc_native.c
@@ -843,6 +843,28 @@ lxcSetBlkioTune(virDomainDefPtr def, virConfPtr properties)
     return 0;
 }
 
+static void
+lxcSetCapDrop(virDomainDefPtr def, virConfPtr properties)
+{
+    virConfValuePtr value;
+    char **toDrop = NULL;
+    const char *capString;
+    size_t i;
+
+    if ((value = virConfGetValue(properties, "lxc.cap.drop")) && value->str)
+        toDrop = virStringSplit(value->str, " ", 0);
+
+    for (i = 0; i < VIR_DOMAIN_CAPS_FEATURE_LAST; i++) {
+        capString = virDomainCapsFeatureTypeToString(i);
+        if (toDrop != NULL && virStringArrayHasString(toDrop, capString))
+            def->caps_features[i] = VIR_DOMAIN_FEATURE_STATE_OFF;
+    }
+
+    def->features[VIR_DOMAIN_FEATURE_CAPABILITIES] = VIR_DOMAIN_CAPABILITIES_POLICY_ALLOW;
+
+    virStringFreeList(toDrop);
+}
+
 virDomainDefPtr
 lxcParseConfigString(const char *config)
 {
@@ -940,6 +962,9 @@ lxcParseConfigString(const char *config)
     if (lxcSetBlkioTune(vmdef, properties) < 0)
         goto error;
 
+    /* lxc.cap.drop */
+    lxcSetCapDrop(vmdef, properties);
+
     goto cleanup;
 
  error:
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml b/tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml
index 36b8e52..c9c0469 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml
@@ -25,6 +25,8 @@
   </os>
   <features>
     <privnet/>
+    <capabilities policy='allow'>
+    </capabilities>
   </features>
   <clock offset='utc'/>
   <on_poweroff>destroy</on_poweroff>
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml b/tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml
index 932ab61..e7863fa 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml
@@ -13,6 +13,8 @@
   </os>
   <features>
     <privnet/>
+    <capabilities policy='allow'>
+    </capabilities>
   </features>
   <clock offset='utc'/>
   <on_poweroff>destroy</on_poweroff>
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-cputune.xml b/tests/lxcconf2xmldata/lxcconf2xml-cputune.xml
index 1bab1c6..50c5358 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-cputune.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-cputune.xml
@@ -15,6 +15,8 @@
   </os>
   <features>
     <privnet/>
+    <capabilities policy='allow'>
+    </capabilities>
   </features>
   <clock offset='utc'/>
   <on_poweroff>destroy</on_poweroff>
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-idmap.xml b/tests/lxcconf2xmldata/lxcconf2xml-idmap.xml
index 050ccd6..80a83ff 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-idmap.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-idmap.xml
@@ -14,6 +14,8 @@
   </idmap>
   <features>
     <privnet/>
+    <capabilities policy='allow'>
+    </capabilities>
   </features>
   <clock offset='utc'/>
   <on_poweroff>destroy</on_poweroff>
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml b/tests/lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml
index 996c0f7..3105b8c 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml
@@ -8,6 +8,10 @@
     <type>exe</type>
     <init>/sbin/init</init>
   </os>
+  <features>
+    <capabilities policy='allow'>
+    </capabilities>
+  </features>
   <clock offset='utc'/>
   <on_poweroff>destroy</on_poweroff>
   <on_reboot>restart</on_reboot>
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-memtune.xml b/tests/lxcconf2xmldata/lxcconf2xml-memtune.xml
index b7c919e..7df1ef0 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-memtune.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-memtune.xml
@@ -15,6 +15,8 @@
   </os>
   <features>
     <privnet/>
+    <capabilities policy='allow'>
+    </capabilities>
   </features>
   <clock offset='utc'/>
   <on_poweroff>destroy</on_poweroff>
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml b/tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml
index 6d9e16d..e002b99 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml
@@ -8,6 +8,10 @@
     <type>exe</type>
     <init>/sbin/init</init>
   </os>
+  <features>
+    <capabilities policy='allow'>
+    </capabilities>
+  </features>
   <clock offset='utc'/>
   <on_poweroff>destroy</on_poweroff>
   <on_reboot>restart</on_reboot>
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml b/tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml
index 101324a..dc9d635 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml
@@ -10,6 +10,8 @@
   </os>
   <features>
     <privnet/>
+    <capabilities policy='allow'>
+    </capabilities>
   </features>
   <clock offset='utc'/>
   <on_poweroff>destroy</on_poweroff>
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml b/tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml
index 5fe1b03..cfaceb5 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml
@@ -8,6 +8,10 @@
     <type>exe</type>
     <init>/sbin/init</init>
   </os>
+  <features>
+    <capabilities policy='allow'>
+    </capabilities>
+  </features>
   <clock offset='utc'/>
   <on_poweroff>destroy</on_poweroff>
   <on_reboot>restart</on_reboot>
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-simple.xml b/tests/lxcconf2xmldata/lxcconf2xml-simple.xml
index b3c3659..549fc39 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-simple.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-simple.xml
@@ -8,6 +8,14 @@
     <type arch='i686'>exe</type>
     <init>/sbin/init</init>
   </os>
+  <features>
+    <capabilities policy='allow'>
+      <mac_admin state='off'/>
+      <mac_override state='off'/>
+      <mknod state='off'/>
+      <sys_module state='off'/>
+    </capabilities>
+  </features>
   <clock offset='utc'/>
   <on_poweroff>destroy</on_poweroff>
   <on_reboot>restart</on_reboot>
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml b/tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml
index 45348ed..712be3e 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml
@@ -8,6 +8,10 @@
     <type>exe</type>
     <init>/sbin/init</init>
   </os>
+  <features>
+    <capabilities policy='allow'>
+    </capabilities>
+  </features>
   <clock offset='utc'/>
   <on_poweroff>destroy</on_poweroff>
   <on_reboot>restart</on_reboot>
-- 
1.8.4.5

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]