The whole purpose of virCloseRangeInit() is to be called
somewhere during initialization (ideally before first virExec()
or virCommandRun()), so that the rest of the code already knows
kernel capabilities. While I can put the call somewhere into
remote_daemon.c (when a daemon initializes), we might call
virCommand*() even from client library (i.e. no daemon).

Therefore, put it into virGlobalInit() with the rest of
initialization code.

Signed-off-by: Michal Privoznik <mpriv...@redhat.com>
---
 src/libvirt.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/libvirt.c b/src/libvirt.c
index 69d5b13bff..26c3fe454f 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -231,6 +231,10 @@ virGlobalInit(void)
         goto error;
     }
 
+    /* Do this upfront rather than every time a child is spawned. */
+    if (virCloseRangeInit() < 0)
+        goto error;
+
     if (virLogSetFromEnv() < 0)
         goto error;
 
-- 
2.41.0

Reply via email to