The whole purpose of virCloseRangeInit() is to be called
somewhere during initialization (ideally before first virExec()
or virCommandRun()), so that the rest of the code already knows
kernel capabilities. While I can put the call somewhere into
remote_daemon.c (when a daemon initializes), we might call
virCommand*() even from client library (i.e. no daemon).
Therefore, put it into virGlobalInit() with the rest of
initialization code.
Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
---
src/libvirt.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/libvirt.c b/src/libvirt.c
index 69d5b13bff..26c3fe454f 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -231,6 +231,10 @@ virGlobalInit(void)
goto error;
}
+ /* Do this upfront rather than every time a child is spawned. */
+ if (virCloseRangeInit() < 0)
+ goto error;
+
if (virLogSetFromEnv() < 0)
goto error;
--
2.41.0
