Hi Daniel-san and all, This patchset adds an option for KVM guests to retain arbitrary capabilities. The first version is here: http://www.redhat.com/archives/libvir-list/2011-December/msg00857.html According to Daniel-san's comment, I changed my patch like the following: v1 -> v2 - introduce "process" and "cap" elements in the capability XML - change XML element name of domain XML likewise ; process capabilities host supports are found in the capability XML. # virsh capabilities <capabilities> <host> <uuid>00000000-0000-0000-0000-00199914f1c5</uuid> ... <process> <cap name='chown'/> <cap name='dac_override'/> <cap name='dac_read_search'/> <cap name='fowner'/> ... </process> </host> ... ; VM can retain cap_sys_rawio capability # virsh edit VM ... </features> <process> <cap name='sys_rawio'/> </process> <clock offset='utc'/> ... # virsh start VM # cat /proc/<VM's PID>/status ... CapInh: 0000000000000000 CapPrm: fffffffc00020000 CapEff: fffffffc00020000 CapBnd: fffffffc00020000 ... *[PATCH v2 1/5] conf: add XML schema for capability XML *[PATCH v2 2/5] conf: add XML schema for domain XML *[PATCH v2 3/5] util: add functions to keep capabilities *[PATCH v2 4/5] util: extend virExecWithHook() *[PATCH v2 5/5] qemu: make qemu processes to retain capabilities Best regards, Taku Izumi -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list