On Mon, Mar 02, 2015 at 06:04:44PM +0800, Luyao Huang wrote: > When we start a vm which have rawio = 'yes' settings without > any file caps settings for qemu, qemu process still cannot use > this caps (CAP_SYS_RAWIO) and the /proc/pidofqemu/status like > this: > > CapInh: 0000000000020000 > CapPrm: 0000000000000000 > CapEff: 0000000000000000 > CapBnd: 0000001fffffffff > > this is because we do not set file caps for qemu (see man 7 > capabilities), although laine have mentioned this in commit > e11451, i think it will be good if we add this in docs. This is only true if you are starting the guest under the qemu:///session URI. In such a case I think it is expected that the QEMU lacks rawio capabilities, because the whole point of qemu:///session is that the VM has no elevated privileges. In the case of qemu:///system libvirt should ensure that it does the right thing with passing on raw io capability flag. If it does not, then we must fix that in the code, not the docs. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list