---
src/lxc/lxc_native.c | 27 ++++++++++++++
tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml | 39 ++++++++++++++++++++
tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml | 39 ++++++++++++++++++++
tests/lxcconf2xmldata/lxcconf2xml-cputune.xml | 39 ++++++++++++++++++++
tests/lxcconf2xmldata/lxcconf2xml-idmap.xml | 39 ++++++++++++++++++++
.../lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml | 41 ++++++++++++++++++++++
tests/lxcconf2xmldata/lxcconf2xml-memtune.xml | 39 ++++++++++++++++++++
tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml | 41 ++++++++++++++++++++++
tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml | 39 ++++++++++++++++++++
tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml | 41 ++++++++++++++++++++++
tests/lxcconf2xmldata/lxcconf2xml-simple.xml | 41 ++++++++++++++++++++++
tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml | 41 ++++++++++++++++++++++
12 files changed, 466 insertions(+)
diff --git a/src/lxc/lxc_native.c b/src/lxc/lxc_native.c
index f4c4556..9cb3bce 100644
--- a/src/lxc/lxc_native.c
+++ b/src/lxc/lxc_native.c
@@ -838,6 +838,30 @@ lxcSetBlkioTune(virDomainDefPtr def, virConfPtr properties)
return 0;
}
+static void
+lxcSetCapDrop(virDomainDefPtr def, virConfPtr properties)
+{
+ virConfValuePtr value;
+ char **toDrop = NULL;
+ const char *capString;
+ int i;
+
+ if ((value = virConfGetValue(properties, "lxc.cap.drop")) && value->str)
+ toDrop = virStringSplit(value->str, " ", 0);
+
+ for (i = 0; i < VIR_DOMAIN_CAPS_FEATURE_LAST; i++) {
+ capString = virDomainCapsFeatureTypeToString(i);
+ if (toDrop != NULL && virStringArrayHasString(toDrop, capString))
+ def->caps_features[i] = VIR_DOMAIN_FEATURE_STATE_OFF;
+ else
+ def->caps_features[i] = VIR_DOMAIN_FEATURE_STATE_ON;
+ }
+
+ def->features[VIR_DOMAIN_FEATURE_CAPABILITIES] = VIR_DOMAIN_FEATURE_STATE_ON;
+
+ virStringFreeList(toDrop);
+}
+
virDomainDefPtr
lxcParseConfigString(const char *config)
{
@@ -935,6 +959,9 @@ lxcParseConfigString(const char *config)
if (lxcSetBlkioTune(vmdef, properties) < 0)
goto error;
+ /* lxc.cap.drop */
+ lxcSetCapDrop(vmdef, properties);
+
goto cleanup;
error:
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml b/tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml
index 36b8e52..34a3830 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml
@@ -25,6 +25,45 @@
</os>
<features>
<privnet/>
+ <capabilities>
+ <audit_control state='on'/>
+ <audit_write state='on'/>
+ <block_suspend state='on'/>
+ <chown state='on'/>
+ <dac_override state='on'/>
+ <dac_read_search state='on'/>
+ <fowner state='on'/>
+ <fsetid state='on'/>
+ <ipc_lock state='on'/>
+ <ipc_owner state='on'/>
+ <kill state='on'/>
+ <lease state='on'/>
+ <linux_immutable state='on'/>
+ <mac_admin state='on'/>
+ <mac_override state='on'/>
+ <mknod state='on'/>
+ <net_admin state='on'/>
+ <net_bind_service state='on'/>
+ <net_broadcast state='on'/>
+ <net_raw state='on'/>
+ <setgid state='on'/>
+ <setfcap state='on'/>
+ <setpcap state='on'/>
+ <setuid state='on'/>
+ <sys_admin state='on'/>
+ <sys_boot state='on'/>
+ <sys_chroot state='on'/>
+ <sys_module state='on'/>
+ <sys_nice state='on'/>
+ <sys_pacct state='on'/>
+ <sys_ptrace state='on'/>
+ <sys_rawio state='on'/>
+ <sys_resource state='on'/>
+ <sys_time state='on'/>
+ <sys_tty_config state='on'/>
+ <syslog state='on'/>
+ <wake_alarm state='on'/>
+ </capabilities>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml b/tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml
index 932ab61..400498c 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml
@@ -13,6 +13,45 @@
</os>
<features>
<privnet/>
+ <capabilities>
+ <audit_control state='on'/>
+ <audit_write state='on'/>
+ <block_suspend state='on'/>
+ <chown state='on'/>
+ <dac_override state='on'/>
+ <dac_read_search state='on'/>
+ <fowner state='on'/>
+ <fsetid state='on'/>
+ <ipc_lock state='on'/>
+ <ipc_owner state='on'/>
+ <kill state='on'/>
+ <lease state='on'/>
+ <linux_immutable state='on'/>
+ <mac_admin state='on'/>
+ <mac_override state='on'/>
+ <mknod state='on'/>
+ <net_admin state='on'/>
+ <net_bind_service state='on'/>
+ <net_broadcast state='on'/>
+ <net_raw state='on'/>
+ <setgid state='on'/>
+ <setfcap state='on'/>
+ <setpcap state='on'/>
+ <setuid state='on'/>
+ <sys_admin state='on'/>
+ <sys_boot state='on'/>
+ <sys_chroot state='on'/>
+ <sys_module state='on'/>
+ <sys_nice state='on'/>
+ <sys_pacct state='on'/>
+ <sys_ptrace state='on'/>
+ <sys_rawio state='on'/>
+ <sys_resource state='on'/>
+ <sys_time state='on'/>
+ <sys_tty_config state='on'/>
+ <syslog state='on'/>
+ <wake_alarm state='on'/>
+ </capabilities>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-cputune.xml b/tests/lxcconf2xmldata/lxcconf2xml-cputune.xml
index 1bab1c6..fccd6f1 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-cputune.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-cputune.xml
@@ -15,6 +15,45 @@
</os>
<features>
<privnet/>
+ <capabilities>
+ <audit_control state='on'/>
+ <audit_write state='on'/>
+ <block_suspend state='on'/>
+ <chown state='on'/>
+ <dac_override state='on'/>
+ <dac_read_search state='on'/>
+ <fowner state='on'/>
+ <fsetid state='on'/>
+ <ipc_lock state='on'/>
+ <ipc_owner state='on'/>
+ <kill state='on'/>
+ <lease state='on'/>
+ <linux_immutable state='on'/>
+ <mac_admin state='on'/>
+ <mac_override state='on'/>
+ <mknod state='on'/>
+ <net_admin state='on'/>
+ <net_bind_service state='on'/>
+ <net_broadcast state='on'/>
+ <net_raw state='on'/>
+ <setgid state='on'/>
+ <setfcap state='on'/>
+ <setpcap state='on'/>
+ <setuid state='on'/>
+ <sys_admin state='on'/>
+ <sys_boot state='on'/>
+ <sys_chroot state='on'/>
+ <sys_module state='on'/>
+ <sys_nice state='on'/>
+ <sys_pacct state='on'/>
+ <sys_ptrace state='on'/>
+ <sys_rawio state='on'/>
+ <sys_resource state='on'/>
+ <sys_time state='on'/>
+ <sys_tty_config state='on'/>
+ <syslog state='on'/>
+ <wake_alarm state='on'/>
+ </capabilities>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-idmap.xml b/tests/lxcconf2xmldata/lxcconf2xml-idmap.xml
index 050ccd6..a6154b5 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-idmap.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-idmap.xml
@@ -14,6 +14,45 @@
</idmap>
<features>
<privnet/>
+ <capabilities>
+ <audit_control state='on'/>
+ <audit_write state='on'/>
+ <block_suspend state='on'/>
+ <chown state='on'/>
+ <dac_override state='on'/>
+ <dac_read_search state='on'/>
+ <fowner state='on'/>
+ <fsetid state='on'/>
+ <ipc_lock state='on'/>
+ <ipc_owner state='on'/>
+ <kill state='on'/>
+ <lease state='on'/>
+ <linux_immutable state='on'/>
+ <mac_admin state='on'/>
+ <mac_override state='on'/>
+ <mknod state='on'/>
+ <net_admin state='on'/>
+ <net_bind_service state='on'/>
+ <net_broadcast state='on'/>
+ <net_raw state='on'/>
+ <setgid state='on'/>
+ <setfcap state='on'/>
+ <setpcap state='on'/>
+ <setuid state='on'/>
+ <sys_admin state='on'/>
+ <sys_boot state='on'/>
+ <sys_chroot state='on'/>
+ <sys_module state='on'/>
+ <sys_nice state='on'/>
+ <sys_pacct state='on'/>
+ <sys_ptrace state='on'/>
+ <sys_rawio state='on'/>
+ <sys_resource state='on'/>
+ <sys_time state='on'/>
+ <sys_tty_config state='on'/>
+ <syslog state='on'/>
+ <wake_alarm state='on'/>
+ </capabilities>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml b/tests/lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml
index 996c0f7..1111bf9 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml
@@ -8,6 +8,47 @@
<type>exe</type>
<init>/sbin/init</init>
</os>
+ <features>
+ <capabilities>
+ <audit_control state='on'/>
+ <audit_write state='on'/>
+ <block_suspend state='on'/>
+ <chown state='on'/>
+ <dac_override state='on'/>
+ <dac_read_search state='on'/>
+ <fowner state='on'/>
+ <fsetid state='on'/>
+ <ipc_lock state='on'/>
+ <ipc_owner state='on'/>
+ <kill state='on'/>
+ <lease state='on'/>
+ <linux_immutable state='on'/>
+ <mac_admin state='on'/>
+ <mac_override state='on'/>
+ <mknod state='on'/>
+ <net_admin state='on'/>
+ <net_bind_service state='on'/>
+ <net_broadcast state='on'/>
+ <net_raw state='on'/>
+ <setgid state='on'/>
+ <setfcap state='on'/>
+ <setpcap state='on'/>
+ <setuid state='on'/>
+ <sys_admin state='on'/>
+ <sys_boot state='on'/>
+ <sys_chroot state='on'/>
+ <sys_module state='on'/>
+ <sys_nice state='on'/>
+ <sys_pacct state='on'/>
+ <sys_ptrace state='on'/>
+ <sys_rawio state='on'/>
+ <sys_resource state='on'/>
+ <sys_time state='on'/>
+ <sys_tty_config state='on'/>
+ <syslog state='on'/>
+ <wake_alarm state='on'/>
+ </capabilities>
+ </features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-memtune.xml b/tests/lxcconf2xmldata/lxcconf2xml-memtune.xml
index b7c919e..a735786 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-memtune.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-memtune.xml
@@ -15,6 +15,45 @@
</os>
<features>
<privnet/>
+ <capabilities>
+ <audit_control state='on'/>
+ <audit_write state='on'/>
+ <block_suspend state='on'/>
+ <chown state='on'/>
+ <dac_override state='on'/>
+ <dac_read_search state='on'/>
+ <fowner state='on'/>
+ <fsetid state='on'/>
+ <ipc_lock state='on'/>
+ <ipc_owner state='on'/>
+ <kill state='on'/>
+ <lease state='on'/>
+ <linux_immutable state='on'/>
+ <mac_admin state='on'/>
+ <mac_override state='on'/>
+ <mknod state='on'/>
+ <net_admin state='on'/>
+ <net_bind_service state='on'/>
+ <net_broadcast state='on'/>
+ <net_raw state='on'/>
+ <setgid state='on'/>
+ <setfcap state='on'/>
+ <setpcap state='on'/>
+ <setuid state='on'/>
+ <sys_admin state='on'/>
+ <sys_boot state='on'/>
+ <sys_chroot state='on'/>
+ <sys_module state='on'/>
+ <sys_nice state='on'/>
+ <sys_pacct state='on'/>
+ <sys_ptrace state='on'/>
+ <sys_rawio state='on'/>
+ <sys_resource state='on'/>
+ <sys_time state='on'/>
+ <sys_tty_config state='on'/>
+ <syslog state='on'/>
+ <wake_alarm state='on'/>
+ </capabilities>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml b/tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml
index 6d9e16d..cdb0861 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml
@@ -8,6 +8,47 @@
<type>exe</type>
<init>/sbin/init</init>
</os>
+ <features>
+ <capabilities>
+ <audit_control state='on'/>
+ <audit_write state='on'/>
+ <block_suspend state='on'/>
+ <chown state='on'/>
+ <dac_override state='on'/>
+ <dac_read_search state='on'/>
+ <fowner state='on'/>
+ <fsetid state='on'/>
+ <ipc_lock state='on'/>
+ <ipc_owner state='on'/>
+ <kill state='on'/>
+ <lease state='on'/>
+ <linux_immutable state='on'/>
+ <mac_admin state='on'/>
+ <mac_override state='on'/>
+ <mknod state='on'/>
+ <net_admin state='on'/>
+ <net_bind_service state='on'/>
+ <net_broadcast state='on'/>
+ <net_raw state='on'/>
+ <setgid state='on'/>
+ <setfcap state='on'/>
+ <setpcap state='on'/>
+ <setuid state='on'/>
+ <sys_admin state='on'/>
+ <sys_boot state='on'/>
+ <sys_chroot state='on'/>
+ <sys_module state='on'/>
+ <sys_nice state='on'/>
+ <sys_pacct state='on'/>
+ <sys_ptrace state='on'/>
+ <sys_rawio state='on'/>
+ <sys_resource state='on'/>
+ <sys_time state='on'/>
+ <sys_tty_config state='on'/>
+ <syslog state='on'/>
+ <wake_alarm state='on'/>
+ </capabilities>
+ </features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml b/tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml
index 101324a..ea45fc6 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml
@@ -10,6 +10,45 @@
</os>
<features>
<privnet/>
+ <capabilities>
+ <audit_control state='on'/>
+ <audit_write state='on'/>
+ <block_suspend state='on'/>
+ <chown state='on'/>
+ <dac_override state='on'/>
+ <dac_read_search state='on'/>
+ <fowner state='on'/>
+ <fsetid state='on'/>
+ <ipc_lock state='on'/>
+ <ipc_owner state='on'/>
+ <kill state='on'/>
+ <lease state='on'/>
+ <linux_immutable state='on'/>
+ <mac_admin state='on'/>
+ <mac_override state='on'/>
+ <mknod state='on'/>
+ <net_admin state='on'/>
+ <net_bind_service state='on'/>
+ <net_broadcast state='on'/>
+ <net_raw state='on'/>
+ <setgid state='on'/>
+ <setfcap state='on'/>
+ <setpcap state='on'/>
+ <setuid state='on'/>
+ <sys_admin state='on'/>
+ <sys_boot state='on'/>
+ <sys_chroot state='on'/>
+ <sys_module state='on'/>
+ <sys_nice state='on'/>
+ <sys_pacct state='on'/>
+ <sys_ptrace state='on'/>
+ <sys_rawio state='on'/>
+ <sys_resource state='on'/>
+ <sys_time state='on'/>
+ <sys_tty_config state='on'/>
+ <syslog state='on'/>
+ <wake_alarm state='on'/>
+ </capabilities>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml b/tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml
index 5fe1b03..15ccd72 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml
@@ -8,6 +8,47 @@
<type>exe</type>
<init>/sbin/init</init>
</os>
+ <features>
+ <capabilities>
+ <audit_control state='on'/>
+ <audit_write state='on'/>
+ <block_suspend state='on'/>
+ <chown state='on'/>
+ <dac_override state='on'/>
+ <dac_read_search state='on'/>
+ <fowner state='on'/>
+ <fsetid state='on'/>
+ <ipc_lock state='on'/>
+ <ipc_owner state='on'/>
+ <kill state='on'/>
+ <lease state='on'/>
+ <linux_immutable state='on'/>
+ <mac_admin state='on'/>
+ <mac_override state='on'/>
+ <mknod state='on'/>
+ <net_admin state='on'/>
+ <net_bind_service state='on'/>
+ <net_broadcast state='on'/>
+ <net_raw state='on'/>
+ <setgid state='on'/>
+ <setfcap state='on'/>
+ <setpcap state='on'/>
+ <setuid state='on'/>
+ <sys_admin state='on'/>
+ <sys_boot state='on'/>
+ <sys_chroot state='on'/>
+ <sys_module state='on'/>
+ <sys_nice state='on'/>
+ <sys_pacct state='on'/>
+ <sys_ptrace state='on'/>
+ <sys_rawio state='on'/>
+ <sys_resource state='on'/>
+ <sys_time state='on'/>
+ <sys_tty_config state='on'/>
+ <syslog state='on'/>
+ <wake_alarm state='on'/>
+ </capabilities>
+ </features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-simple.xml b/tests/lxcconf2xmldata/lxcconf2xml-simple.xml
index b3c3659..5892072 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-simple.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-simple.xml
@@ -8,6 +8,47 @@
<type arch='i686'>exe</type>
<init>/sbin/init</init>
</os>
+ <features>
+ <capabilities>
+ <audit_control state='on'/>
+ <audit_write state='on'/>
+ <block_suspend state='on'/>
+ <chown state='on'/>
+ <dac_override state='on'/>
+ <dac_read_search state='on'/>
+ <fowner state='on'/>
+ <fsetid state='on'/>
+ <ipc_lock state='on'/>
+ <ipc_owner state='on'/>
+ <kill state='on'/>
+ <lease state='on'/>
+ <linux_immutable state='on'/>
+ <mac_admin state='off'/>
+ <mac_override state='off'/>
+ <mknod state='off'/>
+ <net_admin state='on'/>
+ <net_bind_service state='on'/>
+ <net_broadcast state='on'/>
+ <net_raw state='on'/>
+ <setgid state='on'/>
+ <setfcap state='on'/>
+ <setpcap state='on'/>
+ <setuid state='on'/>
+ <sys_admin state='on'/>
+ <sys_boot state='on'/>
+ <sys_chroot state='on'/>
+ <sys_module state='off'/>
+ <sys_nice state='on'/>
+ <sys_pacct state='on'/>
+ <sys_ptrace state='on'/>
+ <sys_rawio state='on'/>
+ <sys_resource state='on'/>
+ <sys_time state='on'/>
+ <sys_tty_config state='on'/>
+ <syslog state='on'/>
+ <wake_alarm state='on'/>
+ </capabilities>
+ </features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
diff --git a/tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml b/tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml
index 45348ed..88da048 100644
--- a/tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml
+++ b/tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml
@@ -8,6 +8,47 @@
<type>exe</type>
<init>/sbin/init</init>
</os>
+ <features>
+ <capabilities>
+ <audit_control state='on'/>
+ <audit_write state='on'/>
+ <block_suspend state='on'/>
+ <chown state='on'/>
+ <dac_override state='on'/>
+ <dac_read_search state='on'/>
+ <fowner state='on'/>
+ <fsetid state='on'/>
+ <ipc_lock state='on'/>
+ <ipc_owner state='on'/>
+ <kill state='on'/>
+ <lease state='on'/>
+ <linux_immutable state='on'/>
+ <mac_admin state='on'/>
+ <mac_override state='on'/>
+ <mknod state='on'/>
+ <net_admin state='on'/>
+ <net_bind_service state='on'/>
+ <net_broadcast state='on'/>
+ <net_raw state='on'/>
+ <setgid state='on'/>
+ <setfcap state='on'/>
+ <setpcap state='on'/>
+ <setuid state='on'/>
+ <sys_admin state='on'/>
+ <sys_boot state='on'/>
+ <sys_chroot state='on'/>
+ <sys_module state='on'/>
+ <sys_nice state='on'/>
+ <sys_pacct state='on'/>
+ <sys_ptrace state='on'/>
+ <sys_rawio state='on'/>
+ <sys_resource state='on'/>
+ <sys_time state='on'/>
+ <sys_tty_config state='on'/>
+ <syslog state='on'/>
+ <wake_alarm state='on'/>
+ </capabilities>
+ </features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
--
1.8.4.5
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list