On Wed, Dec 21, 2011 at 07:19:52PM +0900, Taku Izumi wrote: > > Thank you for your comment. > > > We could do with a feature like this for LXC too. Though I'd prefer > > the XML to be a little more concise. Perhaps > > > > <process> > > <cap_sys_rawio/> > > </process> > > > > One potential concern is that the capability names are OS specific, > > so perhaps rather than allow them as element names, we should use > > string attribute values for them > > > > <process> > > <cap name='sys_rawio'/> > > </process> > > > > I'll take in your idea. > > > and declare the attribute values are potentially OS dependant, and > > then expose the list of allowed OS capabilities values in the capabilities > > XML. > > I plan on adding "process_capabilities" child element to "host" element of > the capabilities XML like the following: > > # virsh capabilities > <capabilities> > <host> > ... > <process_capabilities> For consistency, I'd just use <process> here too > <cap name='chown'/> > <cap name='dac_override'/> > <cap name='dac_read_search'/> > ... > </process_capabilities> > </host> > ... > > Is this what you mean? Yes you got it Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list