This is the new version of http://www.redhat.com/archives/libvir-list/2012-January/msg01312.html Thank you for reviewing, Danie, Paolo, and Eric. -- This patchset achieves #1 and #2 of the following tasks: > 1. rawio="yes|nmo" on the <disk> element somewhere > 2. Give the QEMU process CAP_SYS_RAWIO > 3. Use the devices cgroup to specify which individual disks > can use rawio. In short, if you specify the following XML: <disk type='block' device='lun' rawio='yes'> the domain will be granted CAP_SYS_RAWIO. # virsh start VM # cat /proc/<VM's PID>/status ... CapInh: 0000000000000000 CapPrm: fffffffc00020000 CapEff: fffffffc00020000 CapBnd: fffffffc00020000 ... *[PATCH v2 1/4] conf: add rawio attribute to disk element of domain XML *[PATCH v2 2/4] util: add functions to keep capabilities *[PATCH v2 3/4] util: extend virExecWithHook() *[PATCH v2 4/4] qemu: make qemu processes to retain rawio capability - Best regards, Taku Izumi -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list