On Sat, 21 Jan 2012 19:01:35 +0100 Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote: Thank you for your comment. > On 01/20/2012 07:25 AM, Taku Izumi wrote: > > OK. I'll try to implement like this way. > > No, I think your current patch is fine. Perhaps in the future we can > try to implement cgroup-based whitelists in the kernel. > > In any case adding rawio (which is a per-process capability) to a <disk> > element would be wrong. It is true that process capability affects not per disk but a domain. It's a bit strange, but it is OK in my personal opinion. Which do you think is better, Eric? -- Taku Izumi <izumi.taku@xxxxxxxxxxxxxx> -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list