mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-03-07 17:28:15 +00:00
nwfilter: Disallow binding creation in session mode
Similar to nwfilterDefineXML, let's be sure the a filter binding creation is not attempted in session mode and generate the proper error message. Failure to open nwfilter in session mode (nwfilterConnectOpen) fails already, but that doesn't stop the free thinker from using a different connection in order to attempt to attempt to create the binding. Although even doing that would result in a failure: $ virsh nwfilter-binding-create QEMUGuest1-binding.xml error: Failed to create network filter from QEMUGuest1-binding.xml error: internal error: Could not get access to ACL tech driver 'ebiptables' $ Signed-off-by: John Ferlan <jferlan@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
parent
04eb7479fc
commit
e773e1cbbc
@ -745,6 +745,12 @@ nwfilterBindingCreateXML(virConnectPtr conn,
|
||||
|
||||
virCheckFlags(0, NULL);
|
||||
|
||||
if (!driver->privileged) {
|
||||
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
|
||||
_("Can't define NWFilter bindings in session mode"));
|
||||
return NULL;
|
||||
}
|
||||
|
||||
def = virNWFilterBindingDefParseString(xml);
|
||||
if (!def)
|
||||
return NULL;
|
||||
|
Loading…
x
Reference in New Issue
Block a user