util: remove check for iptables binary during virFirewallInit

It's unclear exactly why this check exists; possibly a parallel to a long-removed check for the firewall-cmd binary (added to viriptables.c with the initial support for firewalld in commit bf156385a0 in 2012, and long since removed), or possibly because virFirewallOnceInit() was intended to be called at daemon startup, and it seemed like a good idea to just log this error once when trying to determine whether to use firewalld, or direct iptables commands, and then not waste time building commands that could never be executed. The odd thing is that it would sometimes result in logging an error when it couldn't find a binary that wasn't needed anyway (e.g., if all the rules were iptables rules, but ebtables and/or ip6tables weren't also installed). If we just remove this check, then virCommandRun() will end up logging an error and failing if the needed binary isn't found when we try to execute it, which seems like it should just as good (or at least good enough, especially since we eventually want to get rid of iptables completely). So let's remove it! Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2024-07-06 09:55:46 +00:00 · 2021-11-16 14:12:05 -05:00 · 2021-11-16 14:12:05 -05:00 · ab238e23b4
commit ab238e23b4
parent d3cd0d19ee
1 changed files with 0 additions and 25 deletions
--- a/src/util/virfirewall.c
+++ b/src/util/virfirewall.c
@ -98,23 +98,6 @@ VIR_ONCE_GLOBAL_INIT(virFirewall);
 static int
 virFirewallValidateBackend(virFirewallBackend backend)
 {
-    const char *commands[] = {
-        IPTABLES, IP6TABLES, EBTABLES
-    };
-    size_t i;
-
-    for (i = 0; i < G_N_ELEMENTS(commands); i++) {
-        g_autofree char *path = virFindFileInPath(commands[i]);
-
-        if (!path) {
-            virReportSystemError(errno,
-                                 _("%s not available, firewall backend will not function"),
-                                 commands[i]);
-            return -1;
-        }
-    }
-    VIR_DEBUG("found iptables/ip6tables/ebtables");
-
    if (backend == VIR_FIREWALL_BACKEND_AUTOMATIC ||
        backend == VIR_FIREWALL_BACKEND_FIREWALLD) {
        int rv = virFirewallDIsRegistered();
@ -694,14 +677,6 @@ virFirewallApply(virFirewall *firewall)

    virMutexLock(&ruleLock);

-    if (currentBackend == VIR_FIREWALL_BACKEND_AUTOMATIC) {
-        /* a specific backend should have been set when the firewall
-         * object was created. If not, it means none was found.
-         */
-        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
-                       _("Failed to initialize a valid firewall backend"));
-        goto cleanup;
-    }
    if (!firewall || firewall->err) {
        int err = EINVAL;