mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-07-17 07:07:16 +00:00
nwfilter: simplify execution of ebiptables scripts
It's not worth even worrying about a temporary file, unless we ever expect the script to exceed maximum command-line argument length limits. * src/nwfilter/nwfilter_ebiptables_driver.c (ebiptablesExecCLI): Run the commands as an argument to /bin/sh, rather than worrying about a temporary file. (ebiptablesWriteToTempFile): Delete unused function.
This commit is contained in:
parent
bd6083c9ba
commit
3b7122c0b2
@ -2475,65 +2475,6 @@ ebiptablesDisplayRuleInstance(virConnectPtr conn ATTRIBUTE_UNUSED,
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* ebiptablesWriteToTempFile:
|
|
||||||
* @string : the string to write into the file
|
|
||||||
*
|
|
||||||
* Returns the tempory filename where the string was written into,
|
|
||||||
* NULL in case of error with the error reported.
|
|
||||||
*
|
|
||||||
* Write the string into a temporary file and return the name of
|
|
||||||
* the temporary file. The file can then be read as a /bin/sh script.
|
|
||||||
* No '#!/bin/sh' header is needed, since the file will be read and not
|
|
||||||
* directly executed.
|
|
||||||
*/
|
|
||||||
static char *
|
|
||||||
ebiptablesWriteToTempFile(const char *string) {
|
|
||||||
char filename[] = LOCALSTATEDIR "/run/libvirt/nwfilt-XXXXXX";
|
|
||||||
size_t len;
|
|
||||||
char *filnam;
|
|
||||||
size_t written;
|
|
||||||
|
|
||||||
int fd = mkstemp(filename);
|
|
||||||
|
|
||||||
if (fd < 0) {
|
|
||||||
virNWFilterReportError(VIR_ERR_INTERNAL_ERROR,
|
|
||||||
"%s",
|
|
||||||
_("cannot create temporary file"));
|
|
||||||
goto err_exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
len = strlen(string);
|
|
||||||
written = safewrite(fd, string, len);
|
|
||||||
if (written != len) {
|
|
||||||
virNWFilterReportError(VIR_ERR_INTERNAL_ERROR,
|
|
||||||
"%s",
|
|
||||||
_("cannot write string to file"));
|
|
||||||
goto err_exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (VIR_CLOSE(fd) < 0) {
|
|
||||||
virNWFilterReportError(VIR_ERR_INTERNAL_ERROR,
|
|
||||||
"%s",
|
|
||||||
_("cannot write string to file"));
|
|
||||||
goto err_exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
filnam = strdup(filename);
|
|
||||||
if (!filnam) {
|
|
||||||
virReportOOMError();
|
|
||||||
goto err_exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
return filnam;
|
|
||||||
|
|
||||||
err_exit:
|
|
||||||
VIR_FORCE_CLOSE(fd);
|
|
||||||
unlink(filename);
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* ebiptablesExecCLI:
|
* ebiptablesExecCLI:
|
||||||
* @buf : pointer to virBuffer containing the string with the commands to
|
* @buf : pointer to virBuffer containing the string with the commands to
|
||||||
@ -2546,36 +2487,22 @@ err_exit:
|
|||||||
* script.
|
* script.
|
||||||
*
|
*
|
||||||
* Execute a sequence of commands (held in the given buffer) as a /bin/sh
|
* Execute a sequence of commands (held in the given buffer) as a /bin/sh
|
||||||
* script and return the status of the execution.
|
* script and return the status of the execution in *status (if status is
|
||||||
|
* NULL, then the script must exit with status 0).
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
ebiptablesExecCLI(virBufferPtr buf,
|
ebiptablesExecCLI(virBufferPtr buf,
|
||||||
int *status)
|
int *status)
|
||||||
{
|
{
|
||||||
char *cmds;
|
|
||||||
char *filename;
|
|
||||||
int rc = -1;
|
int rc = -1;
|
||||||
virCommandPtr cmd;
|
virCommandPtr cmd;
|
||||||
|
|
||||||
if (virBufferError(buf)) {
|
|
||||||
virReportOOMError();
|
|
||||||
virBufferFreeAndReset(buf);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
*status = 0;
|
*status = 0;
|
||||||
|
if (!virBufferError(buf) && !virBufferUse(buf))
|
||||||
cmds = virBufferContentAndReset(buf);
|
|
||||||
VIR_DEBUG("%s", NULLSTR(cmds));
|
|
||||||
if (!cmds)
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
filename = ebiptablesWriteToTempFile(cmds);
|
cmd = virCommandNewArgList("/bin/sh", "-c", NULL);
|
||||||
if (!filename)
|
virCommandAddArgBuffer(cmd, buf);
|
||||||
goto cleanup;
|
|
||||||
|
|
||||||
cmd = virCommandNew("/bin/sh");
|
|
||||||
virCommandAddArg(cmd, filename);
|
|
||||||
|
|
||||||
virMutexLock(&execCLIMutex);
|
virMutexLock(&execCLIMutex);
|
||||||
|
|
||||||
@ -2583,11 +2510,6 @@ ebiptablesExecCLI(virBufferPtr buf,
|
|||||||
|
|
||||||
virMutexUnlock(&execCLIMutex);
|
virMutexUnlock(&execCLIMutex);
|
||||||
|
|
||||||
unlink(filename);
|
|
||||||
VIR_FREE(filename);
|
|
||||||
|
|
||||||
cleanup:
|
|
||||||
VIR_FREE(cmds);
|
|
||||||
virCommandFree(cmd);
|
virCommandFree(cmd);
|
||||||
|
|
||||||
return rc;
|
return rc;
|
||||||
|
Loading…
Reference in New Issue
Block a user