mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-07 05:25:25 +00:00
b51038a4cd
Expand the "secmodel" XML fragment of "host" with a sequence of baselabel's which describe the default security context used by libvirt with a specific security model and virtualization type: <secmodel> <model>selinux</model> <doi>0</doi> <baselabel type='kvm'>system_u:system_r:svirt_t:s0</baselabel> <baselabel type='qemu'>system_u:system_r:svirt_tcg_t:s0</baselabel> </secmodel> <secmodel> <model>dac</model> <doi>0</doi> <baselabel type='kvm'>107:107</baselabel> <baselabel type='qemu'>107:107</baselabel> </secmodel> "baselabel" is driver-specific information, e.g. in the DAC security model, it indicates USER_ID:GROUP_ID. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com>
399 lines
8.8 KiB
XML
399 lines
8.8 KiB
XML
<?xml version="1.0"?>
|
|
<!-- A Relax NG schema for the libvirt capabilities XML format -->
|
|
<grammar xmlns="http://relaxng.org/ns/structure/1.0"
|
|
datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
|
|
<include href='basictypes.rng'/>
|
|
<start>
|
|
<ref name='capabilities'/>
|
|
</start>
|
|
|
|
|
|
<define name='capabilities'>
|
|
<element name='capabilities'>
|
|
<ref name='hostcaps'/>
|
|
|
|
<zeroOrMore>
|
|
<ref name='guestcaps'/>
|
|
</zeroOrMore>
|
|
</element>
|
|
</define>
|
|
|
|
<define name='hostcaps'>
|
|
<element name='host'>
|
|
<optional>
|
|
<element name='uuid'>
|
|
<ref name='UUID'/>
|
|
</element>
|
|
</optional>
|
|
<element name='cpu'>
|
|
<element name='arch'>
|
|
<ref name='archnames'/>
|
|
</element>
|
|
<optional>
|
|
<ref name='cpufeatures'/>
|
|
</optional>
|
|
<optional>
|
|
<ref name='cpuspec'/>
|
|
</optional>
|
|
</element>
|
|
<optional>
|
|
<ref name='power_management'/>
|
|
</optional>
|
|
<optional>
|
|
<ref name='migration'/>
|
|
</optional>
|
|
<optional>
|
|
<ref name='topology'/>
|
|
</optional>
|
|
<zeroOrMore>
|
|
<ref name='secmodel'/>
|
|
</zeroOrMore>
|
|
</element>
|
|
</define>
|
|
|
|
<define name='secmodel'>
|
|
<element name='secmodel'>
|
|
<interleave>
|
|
<element name='model'>
|
|
<text/>
|
|
</element>
|
|
<element name='doi'>
|
|
<text/>
|
|
</element>
|
|
<zeroOrMore>
|
|
<element name='baselabel'>
|
|
<attribute name='type'>
|
|
<text/>
|
|
</attribute>
|
|
<text/>
|
|
</element>
|
|
</zeroOrMore>
|
|
</interleave>
|
|
</element>
|
|
</define>
|
|
|
|
|
|
<define name='cpufeatures'>
|
|
<element name='features'>
|
|
<optional>
|
|
<element name='pae'><empty/></element>
|
|
</optional>
|
|
<optional>
|
|
<element name='nonpae'><empty/></element>
|
|
</optional>
|
|
<optional>
|
|
<element name='vmx'><empty/></element>
|
|
</optional>
|
|
<optional>
|
|
<element name='svm'><empty/></element>
|
|
</optional>
|
|
</element>
|
|
</define>
|
|
|
|
<define name='cpuspec'>
|
|
<element name='model'>
|
|
<text/>
|
|
</element>
|
|
<optional>
|
|
<element name='vendor'>
|
|
<text/>
|
|
</element>
|
|
</optional>
|
|
<element name='topology'>
|
|
<attribute name='sockets'>
|
|
<ref name='positiveInteger'/>
|
|
</attribute>
|
|
<attribute name='cores'>
|
|
<ref name='positiveInteger'/>
|
|
</attribute>
|
|
<attribute name='threads'>
|
|
<ref name='positiveInteger'/>
|
|
</attribute>
|
|
</element>
|
|
<zeroOrMore>
|
|
<element name='feature'>
|
|
<attribute name='name'>
|
|
<ref name='featureName'/>
|
|
</attribute>
|
|
<empty/>
|
|
</element>
|
|
</zeroOrMore>
|
|
</define>
|
|
|
|
<define name='power_management'>
|
|
<element name='power_management'>
|
|
<interleave>
|
|
<optional>
|
|
<element name='suspend_mem'>
|
|
<empty/>
|
|
</element>
|
|
</optional>
|
|
<optional>
|
|
<element name='suspend_disk'>
|
|
<empty/>
|
|
</element>
|
|
</optional>
|
|
<optional>
|
|
<element name='suspend_hybrid'>
|
|
<empty/>
|
|
</element>
|
|
</optional>
|
|
</interleave>
|
|
</element>
|
|
</define>
|
|
|
|
<define name='migration'>
|
|
<element name='migration_features'>
|
|
<optional>
|
|
<element name='live'>
|
|
<empty/>
|
|
</element>
|
|
</optional>
|
|
<optional>
|
|
<element name='uri_transports'>
|
|
<oneOrMore>
|
|
<element name='uri_transport'>
|
|
<choice>
|
|
<value>esx</value>
|
|
<value>tcp</value>
|
|
<value>xenmigr</value>
|
|
</choice>
|
|
</element>
|
|
</oneOrMore>
|
|
</element>
|
|
</optional>
|
|
</element>
|
|
</define>
|
|
|
|
<define name='topology'>
|
|
<element name='topology'>
|
|
<element name='cells'>
|
|
<attribute name='num'>
|
|
<ref name='unsignedInt'/>
|
|
</attribute>
|
|
<oneOrMore>
|
|
<ref name='cell'/>
|
|
</oneOrMore>
|
|
</element>
|
|
</element>
|
|
</define>
|
|
|
|
<define name='cell'>
|
|
<element name='cell'>
|
|
<attribute name='id'>
|
|
<ref name='unsignedInt'/>
|
|
</attribute>
|
|
|
|
<optional>
|
|
<ref name='memory'/>
|
|
</optional>
|
|
|
|
<optional>
|
|
<element name='cpus'>
|
|
<attribute name='num'>
|
|
<ref name='unsignedInt'/>
|
|
</attribute>
|
|
<oneOrMore>
|
|
<ref name='cpu'/>
|
|
</oneOrMore>
|
|
</element>
|
|
</optional>
|
|
</element>
|
|
</define>
|
|
|
|
<define name='memory'>
|
|
<element name='memory'>
|
|
<ref name='scaledInteger'/>
|
|
</element>
|
|
</define>
|
|
|
|
<define name='cpu'>
|
|
<element name='cpu'>
|
|
<attribute name='id'>
|
|
<ref name='unsignedInt'/>
|
|
</attribute>
|
|
<optional>
|
|
<attribute name='socket_id'>
|
|
<ref name='unsignedInt'/>
|
|
</attribute>
|
|
<attribute name='core_id'>
|
|
<ref name='unsignedInt'/>
|
|
</attribute>
|
|
<attribute name='siblings'>
|
|
<ref name='cpuset'/>
|
|
</attribute>
|
|
</optional>
|
|
</element>
|
|
</define>
|
|
|
|
<define name='guestcaps'>
|
|
<element name='guest'>
|
|
<ref name='ostype'/>
|
|
<ref name='arch'/>
|
|
<optional>
|
|
<ref name='features'/>
|
|
</optional>
|
|
</element>
|
|
</define>
|
|
|
|
<define name='ostype'>
|
|
<element name='os_type'>
|
|
<choice>
|
|
<value>xen</value> <!-- Xen 3.0 pv -->
|
|
<value>linux</value> <!-- same as 'xen' - legacy -->
|
|
<value>hvm</value> <!-- unmodified OS -->
|
|
<value>exe</value> <!-- For container based virt -->
|
|
<value>uml</value> <!-- user mode linux -->
|
|
</choice>
|
|
</element>
|
|
</define>
|
|
|
|
<define name='arch'>
|
|
<element name='arch'>
|
|
<attribute name='name'>
|
|
<ref name='archnames'/>
|
|
</attribute>
|
|
<ref name='wordsize'/>
|
|
<optional>
|
|
<ref name='emulator'/>
|
|
</optional>
|
|
<optional>
|
|
<ref name='loader'/>
|
|
</optional>
|
|
<zeroOrMore>
|
|
<ref name='machine'/>
|
|
</zeroOrMore>
|
|
<oneOrMore>
|
|
<ref name='domain'/>
|
|
</oneOrMore>
|
|
</element>
|
|
</define>
|
|
|
|
<define name='emulator'>
|
|
<element name='emulator'>
|
|
<ref name='absFilePath'/>
|
|
</element>
|
|
</define>
|
|
|
|
<define name='loader'>
|
|
<element name='loader'>
|
|
<ref name='absFilePath'/>
|
|
</element>
|
|
</define>
|
|
|
|
<define name='wordsize'>
|
|
<element name='wordsize'>
|
|
<choice>
|
|
<value>31</value>
|
|
<value>32</value>
|
|
<value>64</value>
|
|
</choice>
|
|
</element>
|
|
</define>
|
|
|
|
<define name='machine'>
|
|
<element name='machine'>
|
|
<optional>
|
|
<attribute name='canonical'>
|
|
<text/>
|
|
</attribute>
|
|
</optional>
|
|
<optional>
|
|
<attribute name='maxCpus'>
|
|
<ref name='unsignedInt'/>
|
|
</attribute>
|
|
</optional>
|
|
<text/>
|
|
</element>
|
|
</define>
|
|
|
|
<define name='domain'>
|
|
<element name='domain'>
|
|
<attribute name='type'>
|
|
<choice>
|
|
<value>qemu</value>
|
|
<value>kqemu</value>
|
|
<value>kvm</value>
|
|
<value>xen</value>
|
|
<value>uml</value>
|
|
<value>lxc</value>
|
|
<value>openvz</value>
|
|
<value>test</value>
|
|
</choice>
|
|
</attribute>
|
|
|
|
<optional>
|
|
<ref name='emulator'/>
|
|
</optional>
|
|
<zeroOrMore>
|
|
<ref name='machine'/>
|
|
</zeroOrMore>
|
|
</element>
|
|
</define>
|
|
|
|
<define name='features'>
|
|
<element name='features'>
|
|
<interleave>
|
|
<optional>
|
|
<element name='pae'>
|
|
<empty/>
|
|
</element>
|
|
</optional>
|
|
<optional>
|
|
<element name='nonpae'>
|
|
<empty/>
|
|
</element>
|
|
</optional>
|
|
<optional>
|
|
<element name='ia64_be'>
|
|
<empty/>
|
|
</element>
|
|
</optional>
|
|
<optional>
|
|
<element name='acpi'>
|
|
<ref name='featuretoggle'/>
|
|
<empty/>
|
|
</element>
|
|
</optional>
|
|
<optional>
|
|
<element name='apic'>
|
|
<ref name='featuretoggle'/>
|
|
<empty/>
|
|
</element>
|
|
</optional>
|
|
<optional>
|
|
<element name='cpuselection'>
|
|
<empty/>
|
|
</element>
|
|
</optional>
|
|
<optional>
|
|
<element name='deviceboot'>
|
|
<empty/>
|
|
</element>
|
|
</optional>
|
|
</interleave>
|
|
</element>
|
|
</define>
|
|
|
|
<define name='featuretoggle'>
|
|
<attribute name='toggle'>
|
|
<choice>
|
|
<value>yes</value>
|
|
<value>no</value>
|
|
</choice>
|
|
</attribute>
|
|
<attribute name='default'>
|
|
<choice>
|
|
<value>on</value>
|
|
<value>off</value>
|
|
</choice>
|
|
</attribute>
|
|
</define>
|
|
|
|
<define name='featureName'>
|
|
<data type='string'>
|
|
<param name='pattern'>[a-zA-Z0-9\-_]+</param>
|
|
</data>
|
|
</define>
|
|
</grammar>
|