qemu: Implement support for 'capability_filters' config option

Filter out the given capabilities and set domain taint if we've done so. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2024-07-30 21:47:18 +00:00 · 2019-06-18 10:04:32 +02:00 · 2019-06-18 10:04:32 +02:00 · 2cb86fc260
commit 2cb86fc260
parent 30ce8f3163
2 changed files with 17 additions and 1 deletions
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@ -8339,7 +8339,8 @@ void qemuDomainObjCheckTaint(virQEMUDriverPtr driver,
            custom_hypervisor_feat = true;
    }

-    if (custom_hypervisor_feat) {
+    if (custom_hypervisor_feat ||
+        (cfg->capabilityfilters && *cfg->capabilityfilters)) {
        qemuDomainObjTaint(driver, obj,
                           VIR_DOMAIN_TAINT_CUSTOM_HYPERVISOR_FEATURE, logCtxt);
    }
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@ -5452,10 +5452,25 @@ static int
 qemuProcessStartUpdateCustomCaps(virDomainObjPtr vm)
 {
    qemuDomainObjPrivatePtr priv = vm->privateData;
+    VIR_AUTOUNREF(virQEMUDriverConfigPtr) cfg = virQEMUDriverGetConfig(priv->driver);
    qemuDomainXmlNsDefPtr nsdef = vm->def->namespaceData;
+    char **next;
    int tmp;
    size_t i;

+    if (cfg->capabilityfilters) {
+        for (next = cfg->capabilityfilters; *next; next++) {
+            if ((tmp = virQEMUCapsTypeFromString(*next)) < 0) {
+                virReportError(VIR_ERR_INTERNAL_ERROR,
+                               _("invalid capability_filters capability '%s'"),
+                               *next);
+                return -1;
+            }
+
+            virQEMUCapsClear(priv->qemuCaps, tmp);
+        }
+    }
+
    if (nsdef) {
        for (i = 0; i < nsdef->ncapsadd; i++) {
            if ((tmp = virQEMUCapsTypeFromString(nsdef->capsadd[i])) < 0) {