Thank you for your comment.
> We could do with a feature like this for LXC too. Though I'd prefer
> the XML to be a little more concise. Perhaps
>
> <process>
> <cap_sys_rawio/>
> </process>
>
> One potential concern is that the capability names are OS specific,
> so perhaps rather than allow them as element names, we should use
> string attribute values for them
>
> <process>
> <cap name='sys_rawio'/>
> </process>
>
I'll take in your idea.
> and declare the attribute values are potentially OS dependant, and
> then expose the list of allowed OS capabilities values in the capabilities
> XML.
I plan on adding "process_capabilities" child element to "host" element of
the capabilities XML like the following:
# virsh capabilities
<capabilities>
<host>
...
<process_capabilities>
<cap name='chown'/>
<cap name='dac_override'/>
<cap name='dac_read_search'/>
...
</process_capabilities>
</host>
...
Is this what you mean?
--
Best regards,
Taku Izumi <izumi.taku@xxxxxxxxxxxxxx>
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list