mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-07-30 21:47:18 +00:00
util: always check for ebtables/iptables binaries, even when using firewalld
Even though *we* don't call ebtables/iptables/ip6tables (yet) when the firewalld backend is selected, firewalld does, so these binaries need to be there; let's check for them. (Also, the patch after this one is going to start execing those binaries directly rather than via firewalld). Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
This commit is contained in:
parent
c102bbd3ef
commit
56dd128bd0
@ -99,24 +99,38 @@ VIR_ONCE_GLOBAL_INIT(virFirewall);
|
|||||||
static int
|
static int
|
||||||
virFirewallValidateBackend(virFirewallBackend backend)
|
virFirewallValidateBackend(virFirewallBackend backend)
|
||||||
{
|
{
|
||||||
VIR_DEBUG("Validating backend %d", backend);
|
const char *commands[] = {
|
||||||
|
IPTABLES_PATH, IP6TABLES_PATH, EBTABLES_PATH
|
||||||
|
};
|
||||||
|
size_t i;
|
||||||
|
|
||||||
|
for (i = 0; i < G_N_ELEMENTS(commands); i++) {
|
||||||
|
if (!virFileIsExecutable(commands[i])) {
|
||||||
|
virReportSystemError(errno,
|
||||||
|
_("%s not available, firewall backend will not function"),
|
||||||
|
commands[i]);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
VIR_DEBUG("found iptables/ip6tables/ebtables");
|
||||||
|
|
||||||
if (backend == VIR_FIREWALL_BACKEND_AUTOMATIC ||
|
if (backend == VIR_FIREWALL_BACKEND_AUTOMATIC ||
|
||||||
backend == VIR_FIREWALL_BACKEND_FIREWALLD) {
|
backend == VIR_FIREWALL_BACKEND_FIREWALLD) {
|
||||||
int rv = virFirewallDIsRegistered();
|
int rv = virFirewallDIsRegistered();
|
||||||
|
|
||||||
VIR_DEBUG("Firewalld is registered ? %d", rv);
|
VIR_DEBUG("Firewalld is registered ? %d", rv);
|
||||||
if (rv < 0) {
|
|
||||||
if (rv == -2) {
|
if (rv == -1)
|
||||||
if (backend == VIR_FIREWALL_BACKEND_FIREWALLD) {
|
return -1;
|
||||||
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
|
||||||
_("firewalld firewall backend requested, but service is not running"));
|
if (rv == -2) {
|
||||||
return -1;
|
if (backend == VIR_FIREWALL_BACKEND_FIREWALLD) {
|
||||||
} else {
|
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
||||||
VIR_DEBUG("firewalld service not running, trying direct backend");
|
_("firewalld backend requested, but service is not running"));
|
||||||
backend = VIR_FIREWALL_BACKEND_DIRECT;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
return -1;
|
return -1;
|
||||||
|
} else {
|
||||||
|
VIR_DEBUG("firewalld service not running, using direct backend");
|
||||||
|
backend = VIR_FIREWALL_BACKEND_DIRECT;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
VIR_DEBUG("firewalld service running, using firewalld backend");
|
VIR_DEBUG("firewalld service running, using firewalld backend");
|
||||||
@ -124,25 +138,7 @@ virFirewallValidateBackend(virFirewallBackend backend)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (backend == VIR_FIREWALL_BACKEND_DIRECT) {
|
|
||||||
const char *commands[] = {
|
|
||||||
IPTABLES_PATH, IP6TABLES_PATH, EBTABLES_PATH
|
|
||||||
};
|
|
||||||
size_t i;
|
|
||||||
|
|
||||||
for (i = 0; i < G_N_ELEMENTS(commands); i++) {
|
|
||||||
if (!virFileIsExecutable(commands[i])) {
|
|
||||||
virReportSystemError(errno,
|
|
||||||
_("direct firewall backend requested, but %s is not available"),
|
|
||||||
commands[i]);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
VIR_DEBUG("found iptables/ip6tables/ebtables, using direct backend");
|
|
||||||
}
|
|
||||||
|
|
||||||
currentBackend = backend;
|
currentBackend = backend;
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user