mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-03-07 17:28:15 +00:00
nwfilter: use /bin/sh rather than requiring bash
* src/nwfilter/nwfilter_ebiptables_driver.c (ebiptablesWriteToTempFile): Use /bin/sh. (bash_cmd_path): Delete. (ebiptablesDriverInit, ebiptablesDriverShutdown): No need to search for bash. (CMD_EXEC): Prefer $() over ``, since we can assume POSIX. (iptablesSetupVirtInPost): Use portable 'test' syntax. (iptablesLinkIPTablesBaseChain): Use POSIX $(()) syntax.
This commit is contained in:
parent
e7e595b4f0
commit
61cdff653c
@ -52,12 +52,16 @@
|
|||||||
#define CHAINPREFIX_HOST_IN_TEMP 'J'
|
#define CHAINPREFIX_HOST_IN_TEMP 'J'
|
||||||
#define CHAINPREFIX_HOST_OUT_TEMP 'P'
|
#define CHAINPREFIX_HOST_OUT_TEMP 'P'
|
||||||
|
|
||||||
|
/* This file generates a temporary shell script. Since ebiptables is
|
||||||
|
Linux-specific, we can be reasonably certain that /bin/sh is more
|
||||||
|
or less POSIX-compliant, so we can use $() and $(()). However, we
|
||||||
|
cannot assume that /bin/sh is bash, so stick to POSIX syntax. */
|
||||||
|
|
||||||
#define CMD_SEPARATOR "\n"
|
#define CMD_SEPARATOR "\n"
|
||||||
#define CMD_DEF_PRE "cmd='"
|
#define CMD_DEF_PRE "cmd='"
|
||||||
#define CMD_DEF_POST "'"
|
#define CMD_DEF_POST "'"
|
||||||
#define CMD_DEF(X) CMD_DEF_PRE X CMD_DEF_POST
|
#define CMD_DEF(X) CMD_DEF_PRE X CMD_DEF_POST
|
||||||
#define CMD_EXEC "eval res=\\`\"${cmd}\"\\`" CMD_SEPARATOR
|
#define CMD_EXEC "eval res=\\$(\"${cmd}\")" CMD_SEPARATOR
|
||||||
#define CMD_STOPONERR(X) \
|
#define CMD_STOPONERR(X) \
|
||||||
X ? "if [ $? -ne 0 ]; then" \
|
X ? "if [ $? -ne 0 ]; then" \
|
||||||
" echo \"Failure to execute command '${cmd}'.\";" \
|
" echo \"Failure to execute command '${cmd}'.\";" \
|
||||||
@ -76,7 +80,6 @@
|
|||||||
static char *ebtables_cmd_path;
|
static char *ebtables_cmd_path;
|
||||||
static char *iptables_cmd_path;
|
static char *iptables_cmd_path;
|
||||||
static char *ip6tables_cmd_path;
|
static char *ip6tables_cmd_path;
|
||||||
static char *bash_cmd_path;
|
|
||||||
static char *grep_cmd_path;
|
static char *grep_cmd_path;
|
||||||
static char *gawk_cmd_path;
|
static char *gawk_cmd_path;
|
||||||
|
|
||||||
@ -427,7 +430,7 @@ static int iptablesLinkIPTablesBaseChain(const char *iptables_cmd,
|
|||||||
" " CMD_DEF("%s -I %s %d -j %s") CMD_SEPARATOR
|
" " CMD_DEF("%s -I %s %d -j %s") CMD_SEPARATOR
|
||||||
" " CMD_EXEC
|
" " CMD_EXEC
|
||||||
" %s"
|
" %s"
|
||||||
" let r=r+1\n"
|
" r=$(( $r + 1 ))\n"
|
||||||
" " CMD_DEF("%s -D %s ${r}") CMD_SEPARATOR
|
" " CMD_DEF("%s -D %s ${r}") CMD_SEPARATOR
|
||||||
" " CMD_EXEC
|
" " CMD_EXEC
|
||||||
" %s"
|
" %s"
|
||||||
@ -650,7 +653,7 @@ iptablesSetupVirtInPost(const char *iptables_cmd,
|
|||||||
virBufferVSprintf(buf,
|
virBufferVSprintf(buf,
|
||||||
"res=$(%s -n -L " VIRT_IN_POST_CHAIN
|
"res=$(%s -n -L " VIRT_IN_POST_CHAIN
|
||||||
" | grep \"\\%s %s\")\n"
|
" | grep \"\\%s %s\")\n"
|
||||||
"if [ \"${res}\" == \"\" ]; then "
|
"if [ \"${res}\" = \"\" ]; then "
|
||||||
CMD_DEF("%s"
|
CMD_DEF("%s"
|
||||||
" -A " VIRT_IN_POST_CHAIN
|
" -A " VIRT_IN_POST_CHAIN
|
||||||
" %s %s -j ACCEPT") CMD_SEPARATOR
|
" %s %s -j ACCEPT") CMD_SEPARATOR
|
||||||
@ -2431,7 +2434,7 @@ ebiptablesDisplayRuleInstance(virConnectPtr conn ATTRIBUTE_UNUSED,
|
|||||||
*
|
*
|
||||||
* Write the string into a temporary file and return the name of
|
* Write the string into a temporary file and return the name of
|
||||||
* the temporary file. The string is assumed to contain executable
|
* the temporary file. The string is assumed to contain executable
|
||||||
* commands. A line '#!/bin/bash' will automatically be written
|
* commands. A line '#!/bin/sh' will automatically be written
|
||||||
* as the first line in the file. The permissions of the file are
|
* as the first line in the file. The permissions of the file are
|
||||||
* set so that the file can be run as an executable script.
|
* set so that the file can be run as an executable script.
|
||||||
*/
|
*/
|
||||||
@ -2444,7 +2447,7 @@ ebiptablesWriteToTempFile(const char *string) {
|
|||||||
char *header;
|
char *header;
|
||||||
size_t written;
|
size_t written;
|
||||||
|
|
||||||
virBufferVSprintf(&buf, "#!%s\n", bash_cmd_path);
|
virBufferAddLit(&buf, "#!/bin/sh\n");
|
||||||
|
|
||||||
if (virBufferError(&buf)) {
|
if (virBufferError(&buf)) {
|
||||||
virBufferFreeAndReset(&buf);
|
virBufferFreeAndReset(&buf);
|
||||||
@ -2513,10 +2516,10 @@ err_exit:
|
|||||||
* commands executed via the script the was run.
|
* commands executed via the script the was run.
|
||||||
*
|
*
|
||||||
* Returns 0 in case of success, != 0 in case of an error. The returned
|
* Returns 0 in case of success, != 0 in case of an error. The returned
|
||||||
* value is NOT the result of running the commands inside the bash
|
* value is NOT the result of running the commands inside the shell
|
||||||
* script.
|
* script.
|
||||||
*
|
*
|
||||||
* Execute a sequence of commands (held in the given buffer) as a bash
|
* Execute a sequence of commands (held in the given buffer) as a /bin/sh
|
||||||
* script and return the status of the execution.
|
* script and return the status of the execution.
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
@ -3657,7 +3660,6 @@ ebiptablesDriverInit(void)
|
|||||||
if (virMutexInit(&execCLIMutex))
|
if (virMutexInit(&execCLIMutex))
|
||||||
return EINVAL;
|
return EINVAL;
|
||||||
|
|
||||||
bash_cmd_path = virFindFileInPath("bash");
|
|
||||||
gawk_cmd_path = virFindFileInPath("gawk");
|
gawk_cmd_path = virFindFileInPath("gawk");
|
||||||
grep_cmd_path = virFindFileInPath("grep");
|
grep_cmd_path = virFindFileInPath("grep");
|
||||||
|
|
||||||
@ -3701,9 +3703,9 @@ ebiptablesDriverInit(void)
|
|||||||
VIR_FREE(ip6tables_cmd_path);
|
VIR_FREE(ip6tables_cmd_path);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ip(6)tables support needs bash, gawk & grep, ebtables doesn't */
|
/* ip(6)tables support needs gawk & grep, ebtables doesn't */
|
||||||
if ((iptables_cmd_path != NULL || ip6tables_cmd_path != NULL) &&
|
if ((iptables_cmd_path != NULL || ip6tables_cmd_path != NULL) &&
|
||||||
(!grep_cmd_path || !bash_cmd_path || !gawk_cmd_path)) {
|
(!grep_cmd_path || !gawk_cmd_path)) {
|
||||||
virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
||||||
_("essential tools to support ip(6)tables "
|
_("essential tools to support ip(6)tables "
|
||||||
"firewalls could not be located"));
|
"firewalls could not be located"));
|
||||||
@ -3730,7 +3732,6 @@ static void
|
|||||||
ebiptablesDriverShutdown()
|
ebiptablesDriverShutdown()
|
||||||
{
|
{
|
||||||
VIR_FREE(gawk_cmd_path);
|
VIR_FREE(gawk_cmd_path);
|
||||||
VIR_FREE(bash_cmd_path);
|
|
||||||
VIR_FREE(grep_cmd_path);
|
VIR_FREE(grep_cmd_path);
|
||||||
VIR_FREE(ebtables_cmd_path);
|
VIR_FREE(ebtables_cmd_path);
|
||||||
VIR_FREE(iptables_cmd_path);
|
VIR_FREE(iptables_cmd_path);
|
||||||
|
Loading…
x
Reference in New Issue
Block a user