Re: [libvirt] [PATCH v2 3/4] util: extend virExecWithHook()
On Tue, Jan 31, 2012 at 01:51:22PM +0900, Taku Izumi wrote:
This patch extends virExecWithHook() to receive
capability information.
Signed-off-by: Taku Izumi izumi.t...@jp.fujitsu.com
Signed-off-by: Shota Hirae m11g1...@hibikino.ne.jp
---
src/util/command.c | 16 ++--
1 file changed, 10 insertions(+), 6 deletions(-)
Index: libvirt/src/util/command.c
===
--- libvirt.orig/src/util/command.c
+++ libvirt/src/util/command.c
@@ -393,6 +393,7 @@ prepareStdFd(int fd, int std)
* @hook optional virExecHook function to call prior to exec
* @data data to pass to the hook function
* @pidfile path to use as pidfile for daemonized process (needs DAEMON flag)
+ * @capabilities capabilities to keep
*/
static int
virExecWithHook(const char *const*argv,
@@ -404,7 +405,8 @@ virExecWithHook(const char *const*argv,
unsigned int flags,
virExecHook hook,
void *data,
-char *pidfile)
+char *pidfile,
+unsigned long long capabilities)
{
pid_t pid;
int null = -1, i, openmax;
@@ -633,9 +635,9 @@ virExecWithHook(const char *const*argv,
/* The steps above may need todo something privileged, so
* we delay clearing capabilities until the last minute */
-if ((flags VIR_EXEC_CLEAR_CAPS)
-virClearCapabilities() 0)
-goto fork_error;
+if (capabilities || (flags VIR_EXEC_CLEAR_CAPS))
+if (virSetCapabilities(capabilities) 0)
+goto fork_error;
/* Close logging again to ensure no FDs leak to child */
virLogReset();
@@ -723,7 +725,8 @@ virExecWithHook(const char *const*argv A
int flags_unused ATTRIBUTE_UNUSED,
virExecHook hook ATTRIBUTE_UNUSED,
void *data ATTRIBUTE_UNUSED,
-char *pidfile ATTRIBUTE_UNUSED)
+char *pidfile ATTRIBUTE_UNUSED,
+unsigned long long capabilities ATTRIBUTE_UNUSED)
{
/* XXX: Some day we can implement pieces of virCommand/virExec on
* top of _spawn() or CreateProcess(), but we can't implement
@@ -2171,7 +2174,8 @@ virCommandRunAsync(virCommandPtr cmd, pi
cmd-flags,
virCommandHook,
cmd,
- cmd-pidfile);
+ cmd-pidfile,
+ cmd-capabilities);
VIR_DEBUG(Command result %d, with PID %d,
ret, (int)cmd-pid);
ACK
Daniel
--
|: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v2 3/4] util: extend virExecWithHook()
On 01/31/2012 07:04 AM, Daniel P. Berrange wrote: On Tue, Jan 31, 2012 at 01:51:22PM +0900, Taku Izumi wrote: This patch extends virExecWithHook() to receive capability information. ACK Pushed. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v2 3/4] util: extend virExecWithHook()
This patch extends virExecWithHook() to receive
capability information.
Signed-off-by: Taku Izumi izumi.t...@jp.fujitsu.com
Signed-off-by: Shota Hirae m11g1...@hibikino.ne.jp
---
src/util/command.c | 16 ++--
1 file changed, 10 insertions(+), 6 deletions(-)
Index: libvirt/src/util/command.c
===
--- libvirt.orig/src/util/command.c
+++ libvirt/src/util/command.c
@@ -393,6 +393,7 @@ prepareStdFd(int fd, int std)
* @hook optional virExecHook function to call prior to exec
* @data data to pass to the hook function
* @pidfile path to use as pidfile for daemonized process (needs DAEMON flag)
+ * @capabilities capabilities to keep
*/
static int
virExecWithHook(const char *const*argv,
@@ -404,7 +405,8 @@ virExecWithHook(const char *const*argv,
unsigned int flags,
virExecHook hook,
void *data,
-char *pidfile)
+char *pidfile,
+unsigned long long capabilities)
{
pid_t pid;
int null = -1, i, openmax;
@@ -633,9 +635,9 @@ virExecWithHook(const char *const*argv,
/* The steps above may need todo something privileged, so
* we delay clearing capabilities until the last minute */
-if ((flags VIR_EXEC_CLEAR_CAPS)
-virClearCapabilities() 0)
-goto fork_error;
+if (capabilities || (flags VIR_EXEC_CLEAR_CAPS))
+if (virSetCapabilities(capabilities) 0)
+goto fork_error;
/* Close logging again to ensure no FDs leak to child */
virLogReset();
@@ -723,7 +725,8 @@ virExecWithHook(const char *const*argv A
int flags_unused ATTRIBUTE_UNUSED,
virExecHook hook ATTRIBUTE_UNUSED,
void *data ATTRIBUTE_UNUSED,
-char *pidfile ATTRIBUTE_UNUSED)
+char *pidfile ATTRIBUTE_UNUSED,
+unsigned long long capabilities ATTRIBUTE_UNUSED)
{
/* XXX: Some day we can implement pieces of virCommand/virExec on
* top of _spawn() or CreateProcess(), but we can't implement
@@ -2171,7 +2174,8 @@ virCommandRunAsync(virCommandPtr cmd, pi
cmd-flags,
virCommandHook,
cmd,
- cmd-pidfile);
+ cmd-pidfile,
+ cmd-capabilities);
VIR_DEBUG(Command result %d, with PID %d,
ret, (int)cmd-pid);
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
