External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-08-30 04:21:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
95aed7febc
libvirt/docs/schemas/capability.rng
Giuseppe Scrivano b51038a4cd capabilities: add baselabel per sec driver/virt type to secmodel 
Expand the "secmodel" XML fragment of "host" with a sequence of
baselabel's which describe the default security context used by
libvirt with a specific security model and virtualization type:

<secmodel>
  <model>selinux</model>
  <doi>0</doi>
  <baselabel type='kvm'>system_u:system_r:svirt_t:s0</baselabel>
  <baselabel type='qemu'>system_u:system_r:svirt_tcg_t:s0</baselabel>
</secmodel>
<secmodel>
  <model>dac</model>
  <doi>0</doi>
  <baselabel type='kvm'>107:107</baselabel>
  <baselabel type='qemu'>107:107</baselabel>
</secmodel>

"baselabel" is driver-specific information, e.g. in the DAC security
model, it indicates USER_ID:GROUP_ID.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-10-29 07:06:04 -06:00

399 lines
8.8 KiB
XML
Raw Blame History

<?xml version="1.0"?>
<!-- A Relax NG schema for the libvirt capabilities XML format -->
<grammar xmlns="http://relaxng.org/ns/structure/1.0"
datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
<include href='basictypes.rng'/>
<start>
<ref name='capabilities'/>
</start>
<define name='capabilities'>
<element name='capabilities'>
<ref name='hostcaps'/>
<zeroOrMore>
<ref name='guestcaps'/>
</zeroOrMore>
</element>
</define>
<define name='hostcaps'>
<element name='host'>
<optional>
<element name='uuid'>
<ref name='UUID'/>
</element>
</optional>
<element name='cpu'>
<element name='arch'>
<ref name='archnames'/>
</element>
<optional>
<ref name='cpufeatures'/>
</optional>
<optional>
<ref name='cpuspec'/>
</optional>
</element>
<optional>
<ref name='power_management'/>
</optional>
<optional>
<ref name='migration'/>
</optional>
<optional>
<ref name='topology'/>
</optional>
<zeroOrMore>
<ref name='secmodel'/>
</zeroOrMore>
</element>
</define>
<define name='secmodel'>
<element name='secmodel'>
<interleave>
<element name='model'>
<text/>
</element>
<element name='doi'>
<text/>
</element>
<zeroOrMore>
<element name='baselabel'>
<attribute name='type'>
<text/>
</attribute>
<text/>
</element>
</zeroOrMore>
</interleave>
</element>
</define>
<define name='cpufeatures'>
<element name='features'>
<optional>
<element name='pae'><empty/></element>
</optional>
<optional>
<element name='nonpae'><empty/></element>
</optional>
<optional>
<element name='vmx'><empty/></element>
</optional>
<optional>
<element name='svm'><empty/></element>
</optional>
</element>
</define>
<define name='cpuspec'>
<element name='model'>
<text/>
</element>
<optional>
<element name='vendor'>
<text/>
</element>
</optional>
<element name='topology'>
<attribute name='sockets'>
<ref name='positiveInteger'/>
</attribute>
<attribute name='cores'>
<ref name='positiveInteger'/>
</attribute>
<attribute name='threads'>
<ref name='positiveInteger'/>
</attribute>
</element>
<zeroOrMore>
<element name='feature'>
<attribute name='name'>
<ref name='featureName'/>
</attribute>
<empty/>
</element>
</zeroOrMore>
</define>
<define name='power_management'>
<element name='power_management'>
<interleave>
<optional>
<element name='suspend_mem'>
<empty/>
</element>
</optional>
<optional>
<element name='suspend_disk'>
<empty/>
</element>
</optional>
<optional>
<element name='suspend_hybrid'>
<empty/>
</element>
</optional>
</interleave>
</element>
</define>
<define name='migration'>
<element name='migration_features'>
<optional>
<element name='live'>
<empty/>
</element>
</optional>
<optional>
<element name='uri_transports'>
<oneOrMore>
<element name='uri_transport'>
<choice>
<value>esx</value>
<value>tcp</value>
<value>xenmigr</value>
</choice>
</element>
</oneOrMore>
</element>
</optional>
</element>
</define>
<define name='topology'>
<element name='topology'>
<element name='cells'>
<attribute name='num'>
<ref name='unsignedInt'/>
</attribute>
<oneOrMore>
<ref name='cell'/>
</oneOrMore>
</element>
</element>
</define>
<define name='cell'>
<element name='cell'>
<attribute name='id'>
<ref name='unsignedInt'/>
</attribute>
<optional>
<ref name='memory'/>
</optional>
<optional>
<element name='cpus'>
<attribute name='num'>
<ref name='unsignedInt'/>
</attribute>
<oneOrMore>
<ref name='cpu'/>
</oneOrMore>
</element>
</optional>
</element>
</define>
<define name='memory'>
<element name='memory'>
<ref name='scaledInteger'/>
</element>
</define>
<define name='cpu'>
<element name='cpu'>
<attribute name='id'>
<ref name='unsignedInt'/>
</attribute>
<optional>
<attribute name='socket_id'>
<ref name='unsignedInt'/>
</attribute>
<attribute name='core_id'>
<ref name='unsignedInt'/>
</attribute>
<attribute name='siblings'>
<ref name='cpuset'/>
</attribute>
</optional>
</element>
</define>
<define name='guestcaps'>
<element name='guest'>
<ref name='ostype'/>
<ref name='arch'/>
<optional>
<ref name='features'/>
</optional>
</element>
</define>
<define name='ostype'>
<element name='os_type'>
<choice>
<value>xen</value> <!-- Xen 3.0 pv -->
<value>linux</value> <!-- same as 'xen' - legacy -->
<value>hvm</value> <!-- unmodified OS -->
<value>exe</value> <!-- For container based virt -->
<value>uml</value> <!-- user mode linux -->
</choice>
</element>
</define>
<define name='arch'>
<element name='arch'>
<attribute name='name'>
<ref name='archnames'/>
</attribute>
<ref name='wordsize'/>
<optional>
<ref name='emulator'/>
</optional>
<optional>
<ref name='loader'/>
</optional>
<zeroOrMore>
<ref name='machine'/>
</zeroOrMore>
<oneOrMore>
<ref name='domain'/>
</oneOrMore>
</element>
</define>
<define name='emulator'>
<element name='emulator'>
<ref name='absFilePath'/>
</element>
</define>
<define name='loader'>
<element name='loader'>
<ref name='absFilePath'/>
</element>
</define>
<define name='wordsize'>
<element name='wordsize'>
<choice>
<value>31</value>
<value>32</value>
<value>64</value>
</choice>
</element>
</define>
<define name='machine'>
<element name='machine'>
<optional>
<attribute name='canonical'>
<text/>
</attribute>
</optional>
<optional>
<attribute name='maxCpus'>
<ref name='unsignedInt'/>
</attribute>
</optional>
<text/>
</element>
</define>
<define name='domain'>
<element name='domain'>
<attribute name='type'>
<choice>
<value>qemu</value>
<value>kqemu</value>
<value>kvm</value>
<value>xen</value>
<value>uml</value>
<value>lxc</value>
<value>openvz</value>
<value>test</value>
</choice>
</attribute>
<optional>
<ref name='emulator'/>
</optional>
<zeroOrMore>
<ref name='machine'/>
</zeroOrMore>
</element>
</define>
<define name='features'>
<element name='features'>
<interleave>
<optional>
<element name='pae'>
<empty/>
</element>
</optional>
<optional>
<element name='nonpae'>
<empty/>
</element>
</optional>
<optional>
<element name='ia64_be'>
<empty/>
</element>
</optional>
<optional>
<element name='acpi'>
<ref name='featuretoggle'/>
<empty/>
</element>
</optional>
<optional>
<element name='apic'>
<ref name='featuretoggle'/>
<empty/>
</element>
</optional>
<optional>
<element name='cpuselection'>
<empty/>
</element>
</optional>
<optional>
<element name='deviceboot'>
<empty/>
</element>
</optional>
</interleave>
</element>
</define>
<define name='featuretoggle'>
<attribute name='toggle'>
<choice>
<value>yes</value>
<value>no</value>
</choice>
</attribute>
<attribute name='default'>
<choice>
<value>on</value>
<value>off</value>
</choice>
</attribute>
</define>
<define name='featureName'>
<data type='string'>
<param name='pattern'>[a-zA-Z0-9\-_]+</param>
</data>
</define>
</grammar>
Reference in New Issue View Git Blame Copy Permalink