On 2011年12月22日 15:05, Taku Izumi wrote:
This patch introduces virKeepCapabilities() function and implements
virCommandAllowCap() function.
Existing virClearCapabilities() is function to clear all capabilities.
Instead virKeepCapabilities() is function to keep arbitrary capabilities.
Signed-off-by: Taku Izumi<izumi.t...@jp.fujitsu.com>
Signed-off-by: Shota Hirae<m11g1...@hibikino.ne.jp>
---
src/util/command.c | 45 ++++++++++++++++++++++++++++++++++++++-------
src/util/command.h | 4 +---
2 files changed, 39 insertions(+), 10 deletions(-)
Index: libvirt/src/util/command.c
===================================================================
--- libvirt.orig/src/util/command.c
+++ libvirt/src/util/command.c
@@ -102,6 +102,8 @@ struct _virCommand {
pid_t pid;
char *pidfile;
bool reap;
+
+ unsigned long long capabilities;
};
#ifndef WIN32
@@ -121,6 +123,33 @@ static int virClearCapabilities(void)
return 0;
}
+
+/**
+ * virKeepCapabilities:
+ * @capabilities - capability flag to keep.
+ * In case of 0, this function is identical to
+ * virKeepCapabilities()
Guess you mean "virClearCapabilities" here.
+ *
+ */
+static int virKeepCapabilities(unsigned long long capabilities)
+{
+ int ret, i;
+
+ capng_clear(CAPNG_SELECT_BOTH);
+
+ for (i = 0; i<= CAP_LAST_CAP; i++) {
+ if (capabilities& (1ULL<< i))
+ capng_update(CAPNG_ADD, CAPNG_BOUNDING_SET, i);
+ }
+
+ if (ret = capng_apply(CAPNG_SELECT_BOTH)< 0) {
+ virCommandError(VIR_ERR_INTERNAL_ERROR,
+ _("cannot apply process capabilities %d"), ret);
+ return -1;
+ }
+
+ return 0;
+}
# else
static int virClearCapabilities(void)
{
@@ -128,6 +157,11 @@ static int virClearCapabilities(void)
// "capabilities");
return 0;
}
+
+static int virKeepCapabilities(unsigned long long capabilities)
+{
+ return 0;
+}
# endif
@@ -821,26 +855,23 @@ virCommandClearCaps(virCommandPtr cmd)
cmd->flags |= VIR_EXEC_CLEAR_CAPS;
}
-#if 0 /* XXX Enable if we have a need for capability management. */
-
/**
* virCommandAllowCap:
* @cmd: the command to modify
- * @capability: what to allow
+ * @capabilities: what to allow
*
- * Re-allow a specific capability
+ * Allow a specific capability
s/a specific/capability/specific capablitites/ ?
*/
void
virCommandAllowCap(virCommandPtr cmd,
- int capability ATTRIBUTE_UNUSED)
+ unsigned long long capabilities)
{
if (!cmd || cmd->has_error)
return;
- /* XXX ? */
+ cmd->capabilities = capabilities;
}
-#endif /* 0 */
/**
Index: libvirt/src/util/command.h
===================================================================
--- libvirt.orig/src/util/command.h
+++ libvirt/src/util/command.h
@@ -60,10 +60,8 @@ void virCommandSetPidFile(virCommandPtr
void virCommandClearCaps(virCommandPtr cmd);
-# if 0
void virCommandAllowCap(virCommandPtr cmd,
- int capability);
-# endif
+ unsigned long long capabilities);
void virCommandDaemonize(virCommandPtr cmd);
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
