On 08/22/2017 08:18 AM, Paolo Bonzini wrote: > Introduce a privileged helper to run persistent reservation commands. > This lets virtual machines send persistent reservations without using > CAP_SYS_RAWIO or out-of-tree patches. The helper uses Unix permissions > and SCM_RIGHTS to restrict access to processes that can access its socket > and prove that they have an open file descriptor for a raw SCSI device. > > The next patch will also correct the usage of persistent reservations > with multipath devices. > > It would also be possible to support for Linux's IOC_PR_* ioctls in > the future, to support NVMe devices. For now, however, only SCSI is > supported. > > Signed-off-by: Paolo Bonzini <pbonz...@redhat.com> > ---
> +++ b/docs/interop/pr-helper.rst > @@ -0,0 +1,78 @@ > +.. > + > +====================================== > +Persistent reservation helper protocol > +====================================== > + > +QEMU's SCSI passthrough devices, ``scsi-block`` and ``scsi-generic``, > +can delegate implementation of persistent reservations to an external > +(and typically privilege) program. Persistent Reservations allow s/privilege/privileged/ > + > +If a bit is 1 in ``requested_features`` and 0 in ``supported_features``, > +the corresponding feature is not supported by the helper and the connection > +is closed. On the other hand, it is acceptable for a bit to be 0 in > +``requested_features`` and 1 in ``supported_features``; in this case, > +he helper will not enable the feature. s/^he/the/ -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org
signature.asc
Description: OpenPGP digital signature