return 0;
}
+static void
+lxcSetCapDrop(virDomainDefPtr def, virConfPtr properties)
+{
+ virConfValuePtr value;
+ char **toDrop = NULL;
+ const char *capString;
+ size_t i;
+
+ if ((value = virConfGetValue(properties, "lxc.cap.drop")) && value->str)
+ toDrop = virStringSplit(value->str, " ", 0);
+
+ for (i = 0; i < VIR_DOMAIN_CAPS_FEATURE_LAST; i++) {
+ capString = virDomainCapsFeatureTypeToString(i);
+ if (toDrop != NULL && virStringArrayHasString(toDrop, capString))
+ def->caps_features[i] = VIR_DOMAIN_FEATURE_STATE_OFF;
+ }
+
+ def->features[VIR_DOMAIN_FEATURE_CAPABILITIES] = VIR_DOMAIN_CAPABILITIES_POLICY_ALLOW;
+
+ virStringFreeList(toDrop);
+}
+
virDomainDefPtr
lxcParseConfigString(const char *config)
{
if (lxcSetBlkioTune(vmdef, properties) < 0)
goto error;
+ /* lxc.cap.drop */
+ lxcSetCapDrop(vmdef, properties);
+
goto cleanup;
error:
</os>
<features>
<privnet/>
+ <capabilities policy='allow'>
+ </capabilities>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
</os>
<features>
<privnet/>
+ <capabilities policy='allow'>
+ </capabilities>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
</os>
<features>
<privnet/>
+ <capabilities policy='allow'>
+ </capabilities>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
</idmap>
<features>
<privnet/>
+ <capabilities policy='allow'>
+ </capabilities>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<type>exe</type>
<init>/sbin/init</init>
</os>
+ <features>
+ <capabilities policy='allow'>
+ </capabilities>
+ </features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
</os>
<features>
<privnet/>
+ <capabilities policy='allow'>
+ </capabilities>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<type>exe</type>
<init>/sbin/init</init>
</os>
+ <features>
+ <capabilities policy='allow'>
+ </capabilities>
+ </features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
</os>
<features>
<privnet/>
+ <capabilities policy='allow'>
+ </capabilities>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<type>exe</type>
<init>/sbin/init</init>
</os>
+ <features>
+ <capabilities policy='allow'>
+ </capabilities>
+ </features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<type arch='i686'>exe</type>
<init>/sbin/init</init>
</os>
+ <features>
+ <capabilities policy='allow'>
+ <mac_admin state='off'/>
+ <mac_override state='off'/>
+ <mknod state='off'/>
+ <sys_module state='off'/>
+ </capabilities>
+ </features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<type>exe</type>
<init>/sbin/init</init>
</os>
+ <features>
+ <capabilities policy='allow'>
+ </capabilities>
+ </features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
projects / thirdparty / libvirt.git / commitdiff
