External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-03-07 17:28:15 +00:00
Code

nwfilter: use /bin/sh rather than requiring bash

Browse Source 
* src/nwfilter/nwfilter_ebiptables_driver.c
(ebiptablesWriteToTempFile): Use /bin/sh.
(bash_cmd_path): Delete.
(ebiptablesDriverInit, ebiptablesDriverShutdown): No need to
search for bash.
(CMD_EXEC): Prefer $() over ``, since we can assume POSIX.
(iptablesSetupVirtInPost): Use portable 'test' syntax.
(iptablesLinkIPTablesBaseChain): Use POSIX $(()) syntax.
This commit is contained in:
Eric Blake 2010-11-13 14:48:02 -07:00
parent e7e595b4f0
commit 61cdff653c
1 changed files with 13 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
src/nwfilter/nwfilter_ebiptables_driver.c
View File

@ -52,12 +52,16 @@
#define CHAINPREFIX_HOST_IN_TEMP 'J' #define CHAINPREFIX_HOST_IN_TEMP 'J'
#define CHAINPREFIX_HOST_OUT_TEMP 'P' #define CHAINPREFIX_HOST_OUT_TEMP 'P'
/* This file generates a temporary shell script. Since ebiptables is
Linux-specific, we can be reasonably certain that /bin/sh is more
or less POSIX-compliant, so we can use $() and $(()). However, we
cannot assume that /bin/sh is bash, so stick to POSIX syntax. */
#define CMD_SEPARATOR "\n" #define CMD_SEPARATOR "\n"
#define CMD_DEF_PRE "cmd='" #define CMD_DEF_PRE "cmd='"
#define CMD_DEF_POST "'" #define CMD_DEF_POST "'"
#define CMD_DEF(X) CMD_DEF_PRE X CMD_DEF_POST #define CMD_DEF(X) CMD_DEF_PRE X CMD_DEF_POST
#define CMD_EXEC "eval res=\\`\"${cmd}\"\\`" CMD_SEPARATOR #define CMD_EXEC "eval res=\\$(\"${cmd}\")" CMD_SEPARATOR
#define CMD_STOPONERR(X) \ #define CMD_STOPONERR(X) \
X ? "if [ $? -ne 0 ]; then" \ X ? "if [ $? -ne 0 ]; then" \
" echo \"Failure to execute command '${cmd}'.\";" \ " echo \"Failure to execute command '${cmd}'.\";" \
@ -76,7 +80,6 @@
static char *ebtables_cmd_path; static char *ebtables_cmd_path;
static char *iptables_cmd_path; static char *iptables_cmd_path;
static char *ip6tables_cmd_path; static char *ip6tables_cmd_path;
static char *bash_cmd_path;
static char *grep_cmd_path; static char *grep_cmd_path;
static char *gawk_cmd_path; static char *gawk_cmd_path;
@ -427,7 +430,7 @@ static int iptablesLinkIPTablesBaseChain(const char *iptables_cmd,
" " CMD_DEF("%s -I %s %d -j %s") CMD_SEPARATOR " " CMD_DEF("%s -I %s %d -j %s") CMD_SEPARATOR
" " CMD_EXEC " " CMD_EXEC
" %s" " %s"
" let r=r+1\n" " r=$(( $r + 1 ))\n"
" " CMD_DEF("%s -D %s ${r}") CMD_SEPARATOR " " CMD_DEF("%s -D %s ${r}") CMD_SEPARATOR
" " CMD_EXEC " " CMD_EXEC
" %s" " %s"
@ -650,7 +653,7 @@ iptablesSetupVirtInPost(const char *iptables_cmd,
virBufferVSprintf(buf, virBufferVSprintf(buf,
"res=$(%s -n -L " VIRT_IN_POST_CHAIN "res=$(%s -n -L " VIRT_IN_POST_CHAIN
" | grep \"\\%s %s\")\n" " | grep \"\\%s %s\")\n"
"if [ \"${res}\" == \"\" ]; then " "if [ \"${res}\" = \"\" ]; then "
CMD_DEF("%s" CMD_DEF("%s"
" -A " VIRT_IN_POST_CHAIN " -A " VIRT_IN_POST_CHAIN
" %s %s -j ACCEPT") CMD_SEPARATOR " %s %s -j ACCEPT") CMD_SEPARATOR
@ -2431,7 +2434,7 @@ ebiptablesDisplayRuleInstance(virConnectPtr conn ATTRIBUTE_UNUSED,
* *
* Write the string into a temporary file and return the name of * Write the string into a temporary file and return the name of
* the temporary file. The string is assumed to contain executable * the temporary file. The string is assumed to contain executable
* commands. A line '#!/bin/bash' will automatically be written * commands. A line '#!/bin/sh' will automatically be written
* as the first line in the file. The permissions of the file are * as the first line in the file. The permissions of the file are
* set so that the file can be run as an executable script. * set so that the file can be run as an executable script.
*/ */
@ -2444,7 +2447,7 @@ ebiptablesWriteToTempFile(const char *string) {
char *header; char *header;
size_t written; size_t written;
virBufferVSprintf(&buf, "#!%s\n", bash_cmd_path); virBufferAddLit(&buf, "#!/bin/sh\n");
if (virBufferError(&buf)) { if (virBufferError(&buf)) {
virBufferFreeAndReset(&buf); virBufferFreeAndReset(&buf);
@ -2513,10 +2516,10 @@ err_exit:
* commands executed via the script the was run. * commands executed via the script the was run.
* *
* Returns 0 in case of success, != 0 in case of an error. The returned * Returns 0 in case of success, != 0 in case of an error. The returned
* value is NOT the result of running the commands inside the bash * value is NOT the result of running the commands inside the shell
* script. * script.
* *
* Execute a sequence of commands (held in the given buffer) as a bash * Execute a sequence of commands (held in the given buffer) as a /bin/sh
* script and return the status of the execution. * script and return the status of the execution.
*/ */
static int static int
@ -3657,7 +3660,6 @@ ebiptablesDriverInit(void)
if (virMutexInit(&execCLIMutex)) if (virMutexInit(&execCLIMutex))
return EINVAL; return EINVAL;
bash_cmd_path = virFindFileInPath("bash");
gawk_cmd_path = virFindFileInPath("gawk"); gawk_cmd_path = virFindFileInPath("gawk");
grep_cmd_path = virFindFileInPath("grep"); grep_cmd_path = virFindFileInPath("grep");
@ -3701,9 +3703,9 @@ ebiptablesDriverInit(void)
VIR_FREE(ip6tables_cmd_path); VIR_FREE(ip6tables_cmd_path);
} }
/* ip(6)tables support needs bash, gawk & grep, ebtables doesn't */ /* ip(6)tables support needs gawk & grep, ebtables doesn't */
if ((iptables_cmd_path != NULL || ip6tables_cmd_path != NULL) && if ((iptables_cmd_path != NULL || ip6tables_cmd_path != NULL) &&
(!grep_cmd_path || !bash_cmd_path || !gawk_cmd_path)) { (!grep_cmd_path || !gawk_cmd_path)) {
virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, "%s", virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("essential tools to support ip(6)tables " _("essential tools to support ip(6)tables "
"firewalls could not be located")); "firewalls could not be located"));
@ -3730,7 +3732,6 @@ static void
ebiptablesDriverShutdown() ebiptablesDriverShutdown()
{ {
VIR_FREE(gawk_cmd_path); VIR_FREE(gawk_cmd_path);
VIR_FREE(bash_cmd_path);
VIR_FREE(grep_cmd_path); VIR_FREE(grep_cmd_path);
VIR_FREE(ebtables_cmd_path); VIR_FREE(ebtables_cmd_path);
VIR_FREE(iptables_cmd_path); VIR_FREE(iptables_cmd_path);