docs: Add docs and rng schema for new XML tag sgio

This introduces new XML tag "sgio" for disk, its valid values are "filtered" and "unfiltered", setting it as "filtered" will set the disk's unpriv_sgio to 0, and "unfiltered" to set it as 1, which allows the unprivileged SG_IO commands.

docs: Add docs and rng schema for new XML tag sgio
This introduces new XML tag "sgio" for disk, its valid values are "filtered" and "unfiltered", setting it as "filtered" will set the disk's unpriv_sgio to 0, and "unfiltered" to set it as 1, which allows the unprivileged SG_IO commands.
b9c57e7b · Osier Yang · d7ead3e1 · b9c57e7b · b9c57e7b
隐藏空白更改
内联并排

Showing with 48 addition and 19 deletion

docs/formatdomain.html.in docs/formatdomain.html.in +12 -1

docs/schemas/domaincommon.rng docs/schemas/domaincommon.rng +36 -18

未找到文件。
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -1395,7 +1395,18 @@
        rawio='yes', rawio capability will be enabled for all disks in
        the domain (because, in the case of QEMU, this capability can
        only be set on a per-process basis). This attribute is only
-        valid when device is "lun".
+        valid when device is "lun". NB, <code>rawio</code> intends to
+        confine the capability per-device, however, current QEMU
+        implementation gives the domain process broader capability
+        than that (per-process basis, affects all the domain disks).
+        To confine the capability as much as possible for QEMU driver
+        as this stage, <code>sgio</code> is recommended, it's more
+        secure than <code>rawio</code>.
+        The optional <code>sgio</code> (<span class="since">since 1.0.2</span>)
+        attribute indicates whether the kernel will filter unprivileged
+        SG_IO commands for the disk, valid settings are "filtered" or
+        "unfiltered". Defaults to "filtered". Similar to <code>rawio</code>,
+        <code>sgio</code> is only valid for device 'lun'.
        The optional <code>snapshot</code> attribute indicates the default
        behavior of the disk during disk snapshots: "internal"
        requires a file format such as qcow2 that can store both the

--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -971,24 +971,42 @@
    -->
  <define name="disk">
    <element name="disk">
-      <optional>
-        <attribute name="device">
-          <choice>
-            <value>floppy</value>
-            <value>disk</value>
-            <value>cdrom</value>
-            <value>lun</value>
-          </choice>
-        </attribute>
-      </optional>
-      <optional>
-        <attribute name="rawio">
-          <choice>
-            <value>yes</value>
-            <value>no</value>
-          </choice>
-        </attribute>
-      </optional>
+      <choice>
+        <group>
+          <optional>
+            <attribute name="device">
+              <choice>
+                <value>floppy</value>
+                <value>disk</value>
+                <value>cdrom</value>
+              </choice>
+            </attribute>
+          </optional>
+        </group>
+        <group>
+          <attribute name="device">
+            <choice>
+              <value>lun</value>
+            </choice>
+          </attribute>
+          <optional>
+            <attribute name="rawio">
+              <choice>
+                <value>yes</value>
+                <value>no</value>
+              </choice>
+            </attribute>
+          </optional>
+          <optional>
+            <attribute name="sgio">
+              <choice>
+                <value>filtered</value>
+                <value>unfiltered</value>
+              </choice>
+            </attribute>
+          </optional>
+        </group>
+      </choice>
      <optional>
        <ref name="snapshot"/>
      </optional>