Re: [Qemu-block] [Qemu-devel] [PATCH 09/10] scsi: add multipath support to qemu-pr-helper

[Stefan Hajnoczi]

On Tue, Aug 22, 2017 at 03:18:31PM +0200, Paolo Bonzini wrote:
> @@ -444,6 +740,11 @@ static int drop_privileges(void)
>                       CAP_SYS_RAWIO) < 0) {
>          return -1;
>      }
> +    /* For /dev/mapper/control ioctls */
> +    if (capng_update(CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED,
> +                     CAP_SYS_ADMIN) < 0) {
> +        return -1;
> +    }

Only if mpath is being used?  This capability isn't necessary with
ordinary sg_io so it would be nice to avoid keeping it in that case.