External/libvirt
1
0
Fork 0
Code

network: remove firewalld version check from networkSetBridgeZone()

Browse Source 
At the time the version check in this function was written, there were
still several supported versions of some distros that were using a
version of firewalld too old to support the "rich rule priorities"
used by the 'libvirt' zone that we installed for firewalld. Today the
newest distro that has a version of firewalld < 0.7.0 is
RHEL7/CentOS7, so we can remove the complexity and if the libvirt zone
is missing simply say "the libvirt zone is missing".

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
This commit is contained in:
Laine Stump 2024-09-05 11:56:10 -04:00
parent 1a72b83d56
commit 1a3778fe0a
1 changed files with 3 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/network/bridge_driver_linux.c
View File

@ -381,24 +381,9 @@ networkSetBridgeZone(virNetworkDef *def)
if (virFirewallDInterfaceSetZone(def->bridge, "libvirt") < 0) if (virFirewallDInterfaceSetZone(def->bridge, "libvirt") < 0)
return -1; return -1;
} else { } else {
unsigned long long version; virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
int vresult = virFirewallDGetVersion(&version); _("firewalld can't find the 'libvirt' zone that should have been installed with libvirt"));
return -1;
if (vresult < 0)
return -1;
/* Support for nftables backend was added in firewalld
* 0.6.0. Support for rule priorities (required by the
* 'libvirt' zone, which should be installed by a
* libvirt package, *not* by firewalld) was not added
* until firewalld 0.7.0 (unless it was backported).
*/
if (version >= 6000 &&
virFirewallDGetBackend() == VIR_FIREWALLD_BACKEND_NFTABLES) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("firewalld is set to use the nftables backend, but the required firewalld 'libvirt' zone is missing. Either set the firewalld backend to 'iptables', or ensure that firewalld has a 'libvirt' zone by upgrading firewalld to a version supporting rule priorities (0.7.0+) and/or rebuilding libvirt with --with-firewalld-zone"));
return -1;
}
} }
} }
} }