External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-07-07 18:35:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

nwfilter: Disallow binding creation in session mode

Browse Source 
Similar to nwfilterDefineXML, let's be sure the a filter binding
creation is not attempted in session mode and generate the proper
error message.

Failure to open nwfilter in session mode (nwfilterConnectOpen)
fails already, but that doesn't stop the free thinker from using
a different connection in order to attempt to attempt to create
the binding. Although even doing that would result in a failure:

$ virsh nwfilter-binding-create QEMUGuest1-binding.xml
error: Failed to create network filter from QEMUGuest1-binding.xml
error: internal error: Could not get access to ACL tech driver 'ebiptables'

$

Signed-off-by: John Ferlan <jferlan@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
John Ferlan 2018-08-27 10:41:35 -04:00
parent 04eb7479fc
commit e773e1cbbc
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/nwfilter/nwfilter_driver.c
View File

@ -745,6 +745,12 @@ nwfilterBindingCreateXML(virConnectPtr conn,
virCheckFlags(0, NULL);
if (!driver->privileged) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
_("Can't define NWFilter bindings in session mode"));
return NULL;
}
def = virNWFilterBindingDefParseString(xml);
if (!def)
return NULL;