File lxc-keep-caps-feature-conversion.patch of Package libvirt

From f199dbab24896c31c90a3291c4779daccef949ed Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
Date: Wed, 11 Jun 2014 16:43:45 +0200
Subject: [PATCH 2/3] lxc domain from xml: convert lxc.cap.drop

---
 src/lxc/lxc_native.c                               | 25 ++++++++++++++++++++++
 tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml    |  2 ++
 tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml   |  2 ++
 tests/lxcconf2xmldata/lxcconf2xml-cputune.xml      |  2 ++
 tests/lxcconf2xmldata/lxcconf2xml-idmap.xml        |  2 ++
 .../lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml |  4 ++++
 tests/lxcconf2xmldata/lxcconf2xml-memtune.xml      |  2 ++
 tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml  |  4 ++++
 tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml    |  2 ++
 tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml  |  4 ++++
 tests/lxcconf2xmldata/lxcconf2xml-simple.xml       |  8 +++++++
 tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml  |  4 ++++
 12 files changed, 61 insertions(+)

Index: libvirt-1.2.5/src/lxc/lxc_native.c
===================================================================
--- libvirt-1.2.5.orig/src/lxc/lxc_native.c
+++ libvirt-1.2.5/src/lxc/lxc_native.c
@@ -838,6 +838,28 @@ lxcSetBlkioTune(virDomainDefPtr def, vir
     return 0;
 }
 
+static void
+lxcSetCapDrop(virDomainDefPtr def, virConfPtr properties)
+{
+    virConfValuePtr value;
+    char **toDrop = NULL;
+    const char *capString;
+    size_t i;
+
+    if ((value = virConfGetValue(properties, "lxc.cap.drop")) && value->str)
+        toDrop = virStringSplit(value->str, " ", 0);
+
+    for (i = 0; i < VIR_DOMAIN_CAPS_FEATURE_LAST; i++) {
+        capString = virDomainCapsFeatureTypeToString(i);
+        if (toDrop != NULL && virStringArrayHasString(toDrop, capString))
+            def->caps_features[i] = VIR_DOMAIN_FEATURE_STATE_OFF;
+    }
+
+    def->features[VIR_DOMAIN_FEATURE_CAPABILITIES] = VIR_DOMAIN_CAPABILITIES_POLICY_ALLOW;
+
+    virStringFreeList(toDrop);
+}
+
 virDomainDefPtr
 lxcParseConfigString(const char *config)
 {
@@ -935,6 +957,9 @@ lxcParseConfigString(const char *config)
     if (lxcSetBlkioTune(vmdef, properties) < 0)
         goto error;
 
+    /* lxc.cap.drop */
+    lxcSetCapDrop(vmdef, properties);
+
     goto cleanup;
 
  error:
Index: libvirt-1.2.5/tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml
===================================================================
--- libvirt-1.2.5.orig/tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml
+++ libvirt-1.2.5/tests/lxcconf2xmldata/lxcconf2xml-blkiotune.xml
@@ -25,6 +25,8 @@
   </os>
   <features>
     <privnet/>
+    <capabilities policy='allow'>
+    </capabilities>
   </features>
   <clock offset='utc'/>
   <on_poweroff>destroy</on_poweroff>
Index: libvirt-1.2.5/tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml
===================================================================
--- libvirt-1.2.5.orig/tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml
+++ libvirt-1.2.5/tests/lxcconf2xmldata/lxcconf2xml-cpusettune.xml
@@ -13,6 +13,8 @@
   </os>
   <features>
     <privnet/>
+    <capabilities policy='allow'>
+    </capabilities>
   </features>
   <clock offset='utc'/>
   <on_poweroff>destroy</on_poweroff>
Index: libvirt-1.2.5/tests/lxcconf2xmldata/lxcconf2xml-cputune.xml
===================================================================
--- libvirt-1.2.5.orig/tests/lxcconf2xmldata/lxcconf2xml-cputune.xml
+++ libvirt-1.2.5/tests/lxcconf2xmldata/lxcconf2xml-cputune.xml
@@ -15,6 +15,8 @@
   </os>
   <features>
     <privnet/>
+    <capabilities policy='allow'>
+    </capabilities>
   </features>
   <clock offset='utc'/>
   <on_poweroff>destroy</on_poweroff>
Index: libvirt-1.2.5/tests/lxcconf2xmldata/lxcconf2xml-idmap.xml
===================================================================
--- libvirt-1.2.5.orig/tests/lxcconf2xmldata/lxcconf2xml-idmap.xml
+++ libvirt-1.2.5/tests/lxcconf2xmldata/lxcconf2xml-idmap.xml
@@ -14,6 +14,8 @@
   </idmap>
   <features>
     <privnet/>
+    <capabilities policy='allow'>
+    </capabilities>
   </features>
   <clock offset='utc'/>
   <on_poweroff>destroy</on_poweroff>
Index: libvirt-1.2.5/tests/lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml
===================================================================
--- libvirt-1.2.5.orig/tests/lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml
+++ libvirt-1.2.5/tests/lxcconf2xmldata/lxcconf2xml-macvlannetwork.xml
@@ -8,6 +8,10 @@
     <type>exe</type>
     <init>/sbin/init</init>
   </os>
+  <features>
+    <capabilities policy='allow'>
+    </capabilities>
+  </features>
   <clock offset='utc'/>
   <on_poweroff>destroy</on_poweroff>
   <on_reboot>restart</on_reboot>
Index: libvirt-1.2.5/tests/lxcconf2xmldata/lxcconf2xml-memtune.xml
===================================================================
--- libvirt-1.2.5.orig/tests/lxcconf2xmldata/lxcconf2xml-memtune.xml
+++ libvirt-1.2.5/tests/lxcconf2xmldata/lxcconf2xml-memtune.xml
@@ -15,6 +15,8 @@
   </os>
   <features>
     <privnet/>
+    <capabilities policy='allow'>
+    </capabilities>
   </features>
   <clock offset='utc'/>
   <on_poweroff>destroy</on_poweroff>
Index: libvirt-1.2.5/tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml
===================================================================
--- libvirt-1.2.5.orig/tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml
+++ libvirt-1.2.5/tests/lxcconf2xmldata/lxcconf2xml-nonenetwork.xml
@@ -8,6 +8,10 @@
     <type>exe</type>
     <init>/sbin/init</init>
   </os>
+  <features>
+    <capabilities policy='allow'>
+    </capabilities>
+  </features>
   <clock offset='utc'/>
   <on_poweroff>destroy</on_poweroff>
   <on_reboot>restart</on_reboot>
Index: libvirt-1.2.5/tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml
===================================================================
--- libvirt-1.2.5.orig/tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml
+++ libvirt-1.2.5/tests/lxcconf2xmldata/lxcconf2xml-nonetwork.xml
@@ -10,6 +10,8 @@
   </os>
   <features>
     <privnet/>
+    <capabilities policy='allow'>
+    </capabilities>
   </features>
   <clock offset='utc'/>
   <on_poweroff>destroy</on_poweroff>
Index: libvirt-1.2.5/tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml
===================================================================
--- libvirt-1.2.5.orig/tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml
+++ libvirt-1.2.5/tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml
@@ -8,6 +8,10 @@
     <type>exe</type>
     <init>/sbin/init</init>
   </os>
+  <features>
+    <capabilities policy='allow'>
+    </capabilities>
+  </features>
   <clock offset='utc'/>
   <on_poweroff>destroy</on_poweroff>
   <on_reboot>restart</on_reboot>
Index: libvirt-1.2.5/tests/lxcconf2xmldata/lxcconf2xml-simple.xml
===================================================================
--- libvirt-1.2.5.orig/tests/lxcconf2xmldata/lxcconf2xml-simple.xml
+++ libvirt-1.2.5/tests/lxcconf2xmldata/lxcconf2xml-simple.xml
@@ -8,6 +8,14 @@
     <type arch='i686'>exe</type>
     <init>/sbin/init</init>
   </os>
+  <features>
+    <capabilities policy='allow'>
+      <mac_admin state='off'/>
+      <mac_override state='off'/>
+      <mknod state='off'/>
+      <sys_module state='off'/>
+    </capabilities>
+  </features>
   <clock offset='utc'/>
   <on_poweroff>destroy</on_poweroff>
   <on_reboot>restart</on_reboot>
Index: libvirt-1.2.5/tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml
===================================================================
--- libvirt-1.2.5.orig/tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml
+++ libvirt-1.2.5/tests/lxcconf2xmldata/lxcconf2xml-vlannetwork.xml
@@ -8,6 +8,10 @@
     <type>exe</type>
     <init>/sbin/init</init>
   </os>
+  <features>
+    <capabilities policy='allow'>
+    </capabilities>
+  </features>
   <clock offset='utc'/>
   <on_poweroff>destroy</on_poweroff>
   <on_reboot>restart</on_reboot>