qemu: Implement support for 'capability_filters' config option

Filter out the given capabilities and set domain taint if we've done so.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 0a9056d1a07fb1ed55ed8b19a1e76f709b502bb9..1326c3d6b149620f57b2bd17f85fbebb3acc0207 100644 (file)
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -8339,7 +8339,8 @@ void qemuDomainObjCheckTaint(virQEMUDriverPtr driver,
             custom_hypervisor_feat = true;
     }
 
-    if (custom_hypervisor_feat) {
+    if (custom_hypervisor_feat ||
+        (cfg->capabilityfilters && *cfg->capabilityfilters)) {
         qemuDomainObjTaint(driver, obj,
                            VIR_DOMAIN_TAINT_CUSTOM_HYPERVISOR_FEATURE, logCtxt);
     }

diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index f0d410306c5ca8fe8800a0e6cfc304b902db41bd..aa09ef175abf90c905d178f50c425b3d92fd0fef 100644 (file)
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -5452,10 +5452,25 @@ static int
 qemuProcessStartUpdateCustomCaps(virDomainObjPtr vm)
 {
     qemuDomainObjPrivatePtr priv = vm->privateData;
+    VIR_AUTOUNREF(virQEMUDriverConfigPtr) cfg = virQEMUDriverGetConfig(priv->driver);
     qemuDomainXmlNsDefPtr nsdef = vm->def->namespaceData;
+    char **next;
     int tmp;
     size_t i;
 
+    if (cfg->capabilityfilters) {
+        for (next = cfg->capabilityfilters; *next; next++) {
+            if ((tmp = virQEMUCapsTypeFromString(*next)) < 0) {
+                virReportError(VIR_ERR_INTERNAL_ERROR,
+                               _("invalid capability_filters capability '%s'"),
+                               *next);
+                return -1;
+            }
+
+            virQEMUCapsClear(priv->qemuCaps, tmp);
+        }
+    }
+
     if (nsdef) {
         for (i = 0; i < nsdef->ncapsadd; i++) {
             if ((tmp = virQEMUCapsTypeFromString(nsdef->capsadd[i])) < 0) {