git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Laine Stump <laine@laine.org>
	Wed, 13 Mar 2013 19:26:35 +0000 (15:26 -0400)
committer	Laine Stump <laine@laine.org>
	Thu, 14 Mar 2013 18:02:32 +0000 (14:02 -0400)
commit	49fa91b3ee5829717baf444952ec327262f09e5c
tree	c517efd3ecacd53cbbd9b2536f845e0e961e1b59	tree
parent	5ac846e42e5b7e0475f6aa9cc1e0b0c8dac84d44	commit \| diff

util: fix clear_emulator_capabilities=0

My commit 7a2e845a865dc7fa82d2393ea2a770cfc8cf00b4 (and its
prerequisites) managed to effectively ignore the
clear_emulator_capabilities setting in qemu.conf (visible in the code
as the VIR_EXEC_CLEAR_CAPS flag when qemu is being exec'ed), with the
result that the capabilities are always cleared regardless of the
qemu.conf setting. This patch fixes it by passing the flag through to
virSetUIDGIDWithCaps(), which uses it to decide whether or not to
clear existing capabilities before adding in those that were
requested.

Note that the existing capabilities are *always* cleared if the new
process is going to run as non-root, since the whole point of running
non-root is to have the capabilities removed (it's still possible to
maintain individual capabilities as needed using the capBits argument
though).

src/util/vircommand.c		diff \| blob \| blame \| history
src/util/virutil.c		diff \| blob \| blame \| history
src/util/virutil.h		diff \| blob \| blame \| history