qemu: make qemu processes to retain rawio capability

This patch revises qemuProcessStart() function for qemu
processes to retain CAP_SYS_RAWIO if needed.
And in case of that, add taint flag to domain.

Signed-off-by: Taku Izumi <izumi.taku@jp.fujitsu.com>
Signed-off-by: Shota Hirae <m11g1401@hibikino.ne.jp>

src/qemu/qemu_domain.c

@@ -1259,6 +1259,9 @@ void qemuDomainObjCheckDiskTaint(struct qemud_driver *driver,
     if (!disk->driverType &&
         driver->allowDiskFormatProbing)
         qemuDomainObjTaint(driver, obj, VIR_DOMAIN_TAINT_DISK_PROBING, logFD);
+
+    if (disk->rawio)
+        qemuDomainObjTaint(driver, obj, VIR_DOMAIN_TAINT_HIGH_PRIVILEGES, logFD);
 }
 
 

src/qemu/qemu_process.c

@@ -27,6 +27,7 @@
 #include <sys/stat.h>
 #include <sys/time.h>
 #include <sys/resource.h>
+#include <linux/capability.h>
 
 #include "qemu_process.h"
 #include "qemu_domain.h"
@@ -3083,6 +3084,7 @@ int qemuProcessStart(virConnectPtr conn,
     virCommandPtr cmd = NULL;
     struct qemuProcessHookData hookData;
     unsigned long cur_balloon;
+    int i;
 
     hookData.conn = conn;
     hookData.vm = vm;
@@ -3335,6 +3337,12 @@ int qemuProcessStart(virConnectPtr conn,
     if (driver->clearEmulatorCapabilities)
         virCommandClearCaps(cmd);
 
+    /* in case a certain disk is desirous of CAP_SYS_RAWIO, add this */
+    for (i = 0; i < vm->def->ndisks; i++) {
+        if (vm->def->disks[i]->rawio == 1)
+            virCommandAllowCap(cmd, CAP_SYS_RAWIO);
+    }
+
     virCommandSetPreExecHook(cmd, qemuProcessHook, &hookData);
 
     virCommandSetOutputFD(cmd, &logfile);