From e686ce8aa23d0d43e563c81d73a34631795ba4e1 Mon Sep 17 00:00:00 2001 From: Eric Blake Date: Mon, 10 Mar 2014 15:56:44 -0600 Subject: [PATCH] iptables: don't log command probe failures Commit b9dd878f caused a regression in iptables interaction by logging non-zero status at a higher level than VIR_INFO. Revert that portion of the commit, as well as adding a comment explaining why we check the status ourselves. Reported by Nehal J Wani. * src/util/viriptables.c (virIpTablesOnceInit): Undo log regression. Signed-off-by: Eric Blake --- src/util/viriptables.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/util/viriptables.c b/src/util/viriptables.c index 9e03cc4014..45f7789ace 100644 --- a/src/util/viriptables.c +++ b/src/util/viriptables.c @@ -60,6 +60,7 @@ static int virIpTablesOnceInit(void) { virCommandPtr cmd; + int status; #if HAVE_FIREWALLD firewall_cmd_path = virFindFileInPath("firewall-cmd"); @@ -70,7 +71,8 @@ virIpTablesOnceInit(void) cmd = virCommandNew(firewall_cmd_path); virCommandAddArgList(cmd, "--state", NULL); - if (virCommandRun(cmd, NULL) < 0) { + /* don't log non-zero status */ + if (virCommandRun(cmd, &status) < 0 || status != 0) { VIR_INFO("firewall-cmd found but disabled for iptables"); VIR_FREE(firewall_cmd_path); firewall_cmd_path = NULL; @@ -87,7 +89,8 @@ virIpTablesOnceInit(void) cmd = virCommandNew(IPTABLES_PATH); virCommandAddArgList(cmd, "-w", "-L", "-n", NULL); - if (virCommandRun(cmd, NULL) < 0) { + /* don't log non-zero status */ + if (virCommandRun(cmd, &status) < 0 || status != 0) { VIR_INFO("xtables locking not supported by your iptables"); } else { VIR_INFO("using xtables locking for iptables");