On Tue, Jan 31, 2012 at 01:50:42PM +0900, Taku Izumi wrote:
>
> This patch introduces virSetCapabilities() function and implements
> virCommandAllowCap() function.
>
> Existing virClearCapabilities() is function to clear all capabilities.
> Instead virSetCapabilities() is function to set arbitrary capabilities.
>
>
> Signed-off-by: Taku Izumi <izumi.taku@xxxxxxxxxxxxxx>
> Signed-off-by: Shota Hirae <m11g1401@xxxxxxxxxxxxxx>
> ---
> src/util/command.c | 43 +++++++++++++++++++++++++++++++++++++------
> src/util/command.h | 2 --
> 2 files changed, 37 insertions(+), 8 deletions(-)
>
> Index: libvirt/src/util/command.c
> ===================================================================
> --- libvirt.orig/src/util/command.c
> +++ libvirt/src/util/command.c
> @@ -103,6 +103,8 @@ struct _virCommand {
> pid_t pid;
> char *pidfile;
> bool reap;
> +
> + unsigned long long capabilities;
> };
>
> /*
> @@ -182,6 +184,33 @@ static int virClearCapabilities(void)
>
> return 0;
> }
> +
> +/**
> + * virSetCapabilities:
> + * @capabilities - capability flag to set.
> + * In case of 0, this function is identical to
> + * virClearCapabilities()
> + *
> + */
> +static int virSetCapabilities(unsigned long long capabilities)
> +{
> + int ret, i;
> +
> + capng_clear(CAPNG_SELECT_BOTH);
> +
> + for (i = 0; i <= CAP_LAST_CAP; i++) {
> + if (capabilities & (1ULL << i))
> + capng_update(CAPNG_ADD, CAPNG_BOUNDING_SET, i);
> + }
> +
> + if ((ret = capng_apply(CAPNG_SELECT_BOTH)) < 0) {
> + virCommandError(VIR_ERR_INTERNAL_ERROR,
> + _("cannot apply process capabilities %d"), ret);
> + return -1;
> + }
> +
> + return 0;
> +}
> # else
> static int virClearCapabilities(void)
> {
> @@ -189,6 +218,11 @@ static int virClearCapabilities(void)
> // "capabilities");
> return 0;
> }
> +
> +static int virSetCapabilities(unsigned long long capabilities)
> +{
> + return 0;
> +}
> # endif
>
> /**
> @@ -883,26 +917,23 @@ virCommandClearCaps(virCommandPtr cmd)
> cmd->flags |= VIR_EXEC_CLEAR_CAPS;
> }
>
> -#if 0 /* XXX Enable if we have a need for capability management. */
> -
> /**
> * virCommandAllowCap:
> * @cmd: the command to modify
> * @capability: what to allow
> *
> - * Re-allow a specific capability
> + * Allow specific capabilities
> */
> void
> virCommandAllowCap(virCommandPtr cmd,
> - int capability ATTRIBUTE_UNUSED)
> + int capability)
> {
> if (!cmd || cmd->has_error)
> return;
>
> - /* XXX ? */
> + cmd->capabilities |= (1ULL << capability);
> }
>
> -#endif /* 0 */
>
>
> /**
> Index: libvirt/src/util/command.h
> ===================================================================
> --- libvirt.orig/src/util/command.h
> +++ libvirt/src/util/command.h
> @@ -60,10 +60,8 @@ void virCommandSetPidFile(virCommandPtr
>
> void virCommandClearCaps(virCommandPtr cmd);
>
> -# if 0
> void virCommandAllowCap(virCommandPtr cmd,
> int capability);
> -# endif
>
> void virCommandDaemonize(virCommandPtr cmd);
ACK
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list