From 74e034964c32edb1732d0ff7642f3977f3587d72 Mon Sep 17 00:00:00 2001 From: Taku Izumi Date: Mon, 30 Jan 2012 23:52:00 -0500 Subject: [PATCH] qemu: make qemu processes to retain rawio capability This patch revises qemuProcessStart() function for qemu processes to retain CAP_SYS_RAWIO if needed. And in case of that, add taint flag to domain. Signed-off-by: Taku Izumi Signed-off-by: Shota Hirae --- src/qemu/qemu_domain.c | 3 +++ src/qemu/qemu_process.c | 8 ++++++++ 2 files changed, 11 insertions(+) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index d56e617681..9639e40ea4 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -1259,6 +1259,9 @@ void qemuDomainObjCheckDiskTaint(struct qemud_driver *driver, if (!disk->driverType && driver->allowDiskFormatProbing) qemuDomainObjTaint(driver, obj, VIR_DOMAIN_TAINT_DISK_PROBING, logFD); + + if (disk->rawio) + qemuDomainObjTaint(driver, obj, VIR_DOMAIN_TAINT_HIGH_PRIVILEGES, logFD); } diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index d22020bd2f..116a828bbe 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -27,6 +27,7 @@ #include #include #include +#include #include "qemu_process.h" #include "qemu_domain.h" @@ -3083,6 +3084,7 @@ int qemuProcessStart(virConnectPtr conn, virCommandPtr cmd = NULL; struct qemuProcessHookData hookData; unsigned long cur_balloon; + int i; hookData.conn = conn; hookData.vm = vm; @@ -3335,6 +3337,12 @@ int qemuProcessStart(virConnectPtr conn, if (driver->clearEmulatorCapabilities) virCommandClearCaps(cmd); + /* in case a certain disk is desirous of CAP_SYS_RAWIO, add this */ + for (i = 0; i < vm->def->ndisks; i++) { + if (vm->def->disks[i]->rawio == 1) + virCommandAllowCap(cmd, CAP_SYS_RAWIO); + } + virCommandSetPreExecHook(cmd, qemuProcessHook, &hookData); virCommandSetOutputFD(cmd, &logfile); -- GitLab