External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-07-30 21:47:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

util: always check for ebtables/iptables binaries, even when using firewalld

Browse Source 
Even though *we* don't call ebtables/iptables/ip6tables (yet) when the
firewalld backend is selected, firewalld does, so these binaries need
to be there; let's check for them. (Also, the patch after this one is
going to start execing those binaries directly rather than via
firewalld).

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
This commit is contained in:
Laine Stump 2020-11-16 20:17:05 -05:00
parent c102bbd3ef
commit 56dd128bd0
1 changed files with 26 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
src/util/virfirewall.c
View File

@ -99,24 +99,38 @@ VIR_ONCE_GLOBAL_INIT(virFirewall);
static int static int
virFirewallValidateBackend(virFirewallBackend backend) virFirewallValidateBackend(virFirewallBackend backend)
{ {
VIR_DEBUG("Validating backend %d", backend); const char *commands[] = {
IPTABLES_PATH, IP6TABLES_PATH, EBTABLES_PATH
};
size_t i;
for (i = 0; i < G_N_ELEMENTS(commands); i++) {
if (!virFileIsExecutable(commands[i])) {
virReportSystemError(errno,
_("%s not available, firewall backend will not function"),
commands[i]);
return -1;
}
}
VIR_DEBUG("found iptables/ip6tables/ebtables");
if (backend == VIR_FIREWALL_BACKEND_AUTOMATIC || if (backend == VIR_FIREWALL_BACKEND_AUTOMATIC ||
backend == VIR_FIREWALL_BACKEND_FIREWALLD) { backend == VIR_FIREWALL_BACKEND_FIREWALLD) {
int rv = virFirewallDIsRegistered(); int rv = virFirewallDIsRegistered();
VIR_DEBUG("Firewalld is registered ? %d", rv); VIR_DEBUG("Firewalld is registered ? %d", rv);
if (rv < 0) {
if (rv == -2) { if (rv == -1)
if (backend == VIR_FIREWALL_BACKEND_FIREWALLD) { return -1;
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("firewalld firewall backend requested, but service is not running")); if (rv == -2) {
return -1; if (backend == VIR_FIREWALL_BACKEND_FIREWALLD) {
} else { virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
VIR_DEBUG("firewalld service not running, trying direct backend"); _("firewalld backend requested, but service is not running"));
backend = VIR_FIREWALL_BACKEND_DIRECT;
}
} else {
return -1; return -1;
} else {
VIR_DEBUG("firewalld service not running, using direct backend");
backend = VIR_FIREWALL_BACKEND_DIRECT;
} }
} else { } else {
VIR_DEBUG("firewalld service running, using firewalld backend"); VIR_DEBUG("firewalld service running, using firewalld backend");
@ -124,25 +138,7 @@ virFirewallValidateBackend(virFirewallBackend backend)
} }
} }
if (backend == VIR_FIREWALL_BACKEND_DIRECT) {
const char *commands[] = {
IPTABLES_PATH, IP6TABLES_PATH, EBTABLES_PATH
};
size_t i;
for (i = 0; i < G_N_ELEMENTS(commands); i++) {
if (!virFileIsExecutable(commands[i])) {
virReportSystemError(errno,
_("direct firewall backend requested, but %s is not available"),
commands[i]);
return -1;
}
}
VIR_DEBUG("found iptables/ip6tables/ebtables, using direct backend");
}
currentBackend = backend; currentBackend = backend;
return 0; return 0;
} }