From 525434dd6015c551131fd358324cf756f388f751 Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Thu, 10 Feb 2011 10:46:21 +0000 Subject: [PATCH] Avoid warnings from nwfilter driver when run non-root When run non-root the nwfilter driver logs error messages about being unable to find iptables/ebtables commands (they are in /sbin which isn't in $PATH). The nwfilter driver can't ever work as non-root, so simply skip it entirely thus avoiding the error messages * src/conf/nwfilter_conf.h, src/nwfilter/nwfilter_driver.c, src/nwfilter/nwfilter_gentech_driver.c, src/nwfilter/nwfilter_gentech_driver.h: Pass 'bool privileged' flag down to final driver impl * src/nwfilter/nwfilter_ebiptables_driver.c: Skip initialization if not privileged --- src/conf/nwfilter_conf.h | 2 +- src/nwfilter/nwfilter_driver.c | 2 +- src/nwfilter/nwfilter_ebiptables_driver.c | 9 ++++++--- src/nwfilter/nwfilter_gentech_driver.c | 6 +++--- src/nwfilter/nwfilter_gentech_driver.h | 2 +- 5 files changed, 12 insertions(+), 9 deletions(-) diff --git a/src/conf/nwfilter_conf.h b/src/conf/nwfilter_conf.h index 8f8383f2c4..34ff399b8a 100644 --- a/src/conf/nwfilter_conf.h +++ b/src/conf/nwfilter_conf.h @@ -502,7 +502,7 @@ struct domUpdateCBStruct { }; -typedef int (*virNWFilterTechDrvInit)(void); +typedef int (*virNWFilterTechDrvInit)(bool privileged); typedef void (*virNWFilterTechDrvShutdown)(void); enum virDomainNetType; diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index f9033117e8..a5793062da 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -69,7 +69,7 @@ nwfilterDriverStartup(int privileged) { if (virNWFilterLearnInit() < 0) return -1; - virNWFilterTechDriversInit(); + virNWFilterTechDriversInit(privileged); if (virNWFilterConfLayerInit(virNWFilterDomainFWUpdateCB) < 0) goto conf_init_err; diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c index 1b8730dc90..39cd0f3498 100644 --- a/src/nwfilter/nwfilter_ebiptables_driver.c +++ b/src/nwfilter/nwfilter_ebiptables_driver.c @@ -114,7 +114,7 @@ static const char *m_physdev_out_str = "-m physdev " PHYSDEV_OUT; #define COMMENT_VARNAME "comment" static int ebtablesRemoveBasicRules(const char *ifname); -static int ebiptablesDriverInit(void); +static int ebiptablesDriverInit(bool privileged); static void ebiptablesDriverShutdown(void); static int ebtablesCleanAll(const char *ifname); static int ebiptablesAllTeardown(const char *ifname); @@ -3653,11 +3653,14 @@ virNWFilterTechDriver ebiptables_driver = { static int -ebiptablesDriverInit(void) +ebiptablesDriverInit(bool privileged) { virBuffer buf = VIR_BUFFER_INITIALIZER; int cli_status; + if (!privileged) + return 0; + if (virMutexInit(&execCLIMutex)) return EINVAL; @@ -3730,7 +3733,7 @@ ebiptablesDriverInit(void) static void -ebiptablesDriverShutdown() +ebiptablesDriverShutdown(void) { VIR_FREE(gawk_cmd_path); VIR_FREE(grep_cmd_path); diff --git a/src/nwfilter/nwfilter_gentech_driver.c b/src/nwfilter/nwfilter_gentech_driver.c index e64c3ec948..9ef36925e1 100644 --- a/src/nwfilter/nwfilter_gentech_driver.c +++ b/src/nwfilter/nwfilter_gentech_driver.c @@ -50,17 +50,17 @@ static virNWFilterTechDriverPtr filter_tech_drivers[] = { }; -void virNWFilterTechDriversInit() { +void virNWFilterTechDriversInit(bool privileged) { int i = 0; while (filter_tech_drivers[i]) { if (!(filter_tech_drivers[i]->flags & TECHDRV_FLAG_INITIALIZED)) - filter_tech_drivers[i]->init(); + filter_tech_drivers[i]->init(privileged); i++; } } -void virNWFilterTechDriversShutdown() { +void virNWFilterTechDriversShutdown(void) { int i = 0; while (filter_tech_drivers[i]) { if ((filter_tech_drivers[i]->flags & TECHDRV_FLAG_INITIALIZED)) diff --git a/src/nwfilter/nwfilter_gentech_driver.h b/src/nwfilter/nwfilter_gentech_driver.h index c9dd4a1f1e..271bf85616 100644 --- a/src/nwfilter/nwfilter_gentech_driver.h +++ b/src/nwfilter/nwfilter_gentech_driver.h @@ -28,7 +28,7 @@ virNWFilterTechDriverPtr virNWFilterTechDriverForName(const char *name); int virNWFilterRuleInstAddData(virNWFilterRuleInstPtr res, void *data); -void virNWFilterTechDriversInit(void); +void virNWFilterTechDriversInit(bool privileged); void virNWFilterTechDriversShutdown(void); enum instCase {