On Wed, Mar 13, 2013 at 04:09:44PM -0600, Eric Blake wrote: > On 03/13/2013 01:37 PM, Laine Stump wrote: > > My commit 7a2e845a865dc7fa82d2393ea2a770cfc8cf00b4 (and its > > prerequisites) managed to effectively ignore the > > clear_emulator_capabilities setting in qemu.conf (visible in the code > > as the VIR_EXEC_CLEAR_CAPS flag when qemu is being exec'ed), with the > > result that the capabilities are always cleared regardless of the > > qemu.conf setting. This patch fixes it by passing the flag through to > > virSetUIDGIDWithCaps(), which uses it to decide whether or not to > > clear existing capabilities before adding in those that were > > requested. > > > > Note that the existing capabilities are *always* cleared if the new > > process is going to run as non-root, since the whole point of running > > non-root is to have the capabilities removed (it's still possible to > > add back individual capabilities as needed though). > > --- > > This will need to be backported to v1.0.3-maint. > > Yeah, now that Fedora 19 has branched and settled on 1.0.3 as its > starting point, it looks like v1.0.3-maint will be getting lots of fixes :) Nah, we can continue to rebase Fedora 19 until either Beta release or the Virtualization test day. So we have at least one more release rebase possible. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list